Skip to content

Instantly share code, notes, and snippets.

View nasbench's full-sized avatar
📚

Nasreddine Bencherchali nasbench

📚
369 followers · 84 following
View GitHub Profile
@nasbench
nasbench / debug-script.txt
Created November 8, 2022 19:44
Debug script example that can be used to trigger cdb.exe LOLBIN as described in https://twitter.com/nas_bench/status/1534957360032120833
as AdpDumpDir C:\logs\20220609_183403_Crash_Mode
.logopen /t "${AdpDumpDir}\ADPlus_log.log"
as AdpOutputDir C:\logs
as AdpDumpDirEsc C:\\logs\\20220609_183403_Crash_Mode
as AdpTimeStamp 20220609_183403
*
*----- OS and Time Information ----
vertarget
*
*
@nasbench
nasbench / config-adplus.xml
Created November 8, 2022 19:39
Adplus LOLBIN Config Sample
<ADPlus Version='2'>
<Settings>
<Option> FullOnFirst </Option>
<Runmode> Hang </Runmode>
<!--
If you want to run the binary and not dump anything.
Then this can be any process as long as it's running
-->
<ProcessName> notepad.exe </ProcessName>
<OutputDir>C:\temp\</OutputDir>
@nasbench
nasbench / fiddlerPOC.cs
Created June 16, 2022 18:13
A simple fiddler classic extension persistence POC
using System.Diagnostics;
using Fiddler;
[assembly: Fiddler.RequiredVersion("2.3.5.0")]
namespace POCFiddlerDotNet
{
public class PersistencePOC : IFiddlerExtension
{
public PersistencePOC() { }
@nasbench
nasbench / keybase.md
Created February 7, 2022 12:42

Keybase proof

I hereby claim:

  • I am nasbench on github.
  • I am nasbench (https://keybase.io/nasbench) on keybase.
  • I have a public key ASCERZHjJ7mUyROvWgr41hlUXh_byMkTO918VVCAtXhxbgo

To claim this, I am signing this object: