puppis42
/ ProtectProcess.cpp
Created
May 28, 2023 13:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include "aclapi.h" | |
| #include <chrono> | |
| #include <thread> | |
| DWORD ProtectProcess(void) | |
| { | |
| HANDLE hProcess = GetCurrentProcess(); | |
| PACL pEmptyDacl; | |
| DWORD dwErr; |
puppis42
/ getIntegrityLevelSelf.cpp
Created
May 28, 2023 10:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <windows.h> | |
| DWORD GetProcessIntegrityLevel() | |
| { | |
| DWORD dwIntegrityLevel = 0; | |
| DWORD dwError = ERROR_SUCCESS; | |
| HANDLE hToken = NULL; | |
| DWORD cbTokenIL = 0; | |
| PTOKEN_MANDATORY_LABEL pTokenIL = NULL; |
puppis42
/ Hide_HWND_Object.cpp
Created
May 28, 2023 10:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <tchar.h> | |
| #include <iostream> | |
| using namespace std; | |
| int main() | |
| { | |
| HWND hWnd = FindWindow(_T("Shell_TrayWnd"), NULL); | |
| if (hWnd != NULL) |
puppis42
/ killdefender.cpp
Created
May 28, 2023 10:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
| // A small POC to make Defender Useless by removing Token privileges and lowering Token Integrity | |
| ////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
| //Credits - https://elastic.github.io/security-research/whitepapers/2022/02/02.sandboxing-antimalware-products-for-fun-and-profit/article/ | |
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include <iostream> |
puppis42
/ trustedinstaller.cpp
Created
May 28, 2023 10:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <codecvt> | |
| #include <Windows.h> | |
| #include <TlHelp32.h> | |
| using namespace std; | |
| void EnablePrivilege(wstring privilegeName) | |
| { | |
| HANDLE hToken; |
puppis42
/ GetCommandLine_InDLL.cpp
Created
May 28, 2023 10:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // dllmain.cpp : Defines the entry point for the DLL application. | |
| #include "pch.h" | |
| #include <shellapi.h> | |
| void Test() { | |
| LPWSTR pwszCommandLine = GetCommandLine(); | |
| LPWSTR* argv = NULL; | |
| LPWSTR g_pwszGuid = NULL; | |
| HANDLE hEvent = NULL; |
puppis42
/ SetProcessCriticalWithDLL.cpp
Created
May 28, 2023 10:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "pch.h" | |
| #include <windows.h> | |
| #include <stdio.h> | |
| typedef VOID(_stdcall* RtlSetProcessIsCritical) ( | |
| IN BOOLEAN NewValue, | |
| OUT PBOOLEAN OldValue, // (optional) | |
| IN BOOLEAN IsWinlogon); | |
| BOOL EnablePriv(LPCSTR lpszPriv) |
puppis42
/ InjectDLL.cpp
Created
May 28, 2023 10:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| BOOL InjectDLL(DWORD procID, const char* dllPath) | |
| { | |
| BOOL WPM = 0; | |
| HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID); | |
| if (hProc == INVALID_HANDLE_VALUE) | |
| { | |
| return -1; | |
| } |
puppis42
/ ETD_Driver_bsod_trigger.cpp
Created
May 28, 2023 10:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <Windows.h> | |
| int main() | |
| { | |
| //std::cout << "Hello World!\n"; | |
| //0x222084 IOCTL can also be used to trigger BSOD | |
| HANDLE deviceHandle = CreateFile(L"\\\\.\\GLOBALROOT\\DEVICE\\ETD", | |
| GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL); |
puppis42
/ ChangeProcessPriv.cpp
Created
May 28, 2023 10:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| bool EnableDebugPrivilege() | |
| { | |
| HANDLE hToken; | |
| LUID sedebugnameValue; | |
| TOKEN_PRIVILEGES tkp; | |
| if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) | |
| { | |
| return FALSE; |
NewerOlder