2S1one

$max_depth = 6
$rp_exe_path = "C:\tools\rp-win-x86.exe"
$out_dir = Join-Path (Get-Location) "rp_output"
$all_prefix = "all_"

$target_files = $args

# Ensure the output directory exists
New-Item -ItemType Directory -Path $out_dir -Force -ErrorAction SilentlyContinue | Out-Null

yosignals

import base64
import smtplib
import time
import argparse
import dns.resolver
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart

# Configuration
CHUNK_SIZE = 63  # Size of each data chunk in bytes

fr0gger

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Markmap</title>
<style>
* {
  margin: 0;

hxlxmj

⏳🔺33 Million Subdomain Wordlist🔻🧱🔨👀

https://mega.nz/file/UsJXzITR#TMIFTXnW1zABHfZUIKMPMvA-c8UvzGWeAd4mg4gGCtQ

cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
 33927885 33m-subdomain-wordlist.txt

---

🚨🔺15 Million Subdomain Wordlist🔻 🧱🔨👀

https://mega.nz/file/BtIh2KaZ#zI1aZgAdHYdBfvKC5G8bwXwfFG11Gx0CW1zLhc0weC8

antonioCoco

/*
	TaskManagerSecret

	Author: @splinter_code

	This is a very ugly POC for a very unreliable UAC bypass through some UI hacks.
	The core of this hack is stealing and using a token containing the UIAccess flag set.
	A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html
	From there it uses a task manager "feature" to run a new High IL cmd.exe.
	This has been developed only for fun and shouldn't be used due to its high unreliability.

gladiatx0r

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

• Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
• Relaying that machine authentication to LDAPS for configuring RBCD
• RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

mgeeky

#!/usr/bin/python3
# Based on https://gist.github.com/deltronzero/7c23bacf97b4b61c7a2f2950ef6f35d8
# pip install simplejson
import simplejson
import sys

def splitfile(file_name, object_limit):
    print(f"[*] Loading {file_name}")
    with open(file_name) as f:
        data = simplejson.load(f)

mhaskar

#!/usr/bin/python

import requests
import json
import time
import paramiko
from Crypto.PublicKey import RSA
from os import chmod

public_key_name = "test1.key"

mgraeber-rc

Step 1) Start an AMSI ETW trace from an elevated command prompt

logman start trace AMSITrace -p Microsoft-Antimalware-Scan-Interface (Event1) -o amsi.etl -ets

Step 2) Run your evil maldoc or script. Note: AMSI can capture runtime context of VBA, Excel4, JScript, VBScript, PowerShell, WMI, and .NET (4.8+) in-mem assembly loads

Step 3) Stop the AMSI trace

nikitastupin

(() => {
  let gadgets = [];

  if (typeof _satellite !== 'undefined') {
    gadgets.push('Adobe Dynamic Tag Management');
  }

  if (typeof BOOMR !== 'undefined') {
    gadgets.push('Akamai Boomerang');
  }