Skip to content

Instantly share code, notes, and snippets.

thesubtlety /
Created Apr 25, 2022 — forked from djhohnstein/
AppDomainManager Injection

Let's turn Any .NET Application into an LOL Bin

We can do this by experimenting with .config files.

Many defenders catch/detect files that are renamed, they do this by matching Original Filename to Process Name

In this example, we don't have to rename anything. We simple coerce a trusted signed app to load our Assembly.

We do this by directing the application to read a config file we provide.

thesubtlety /
Created Oct 14, 2021
Rundeck Takeover Reference

Rundeck Compromise

Reference notes to run commands on nodes controlled by Rundeck given a valid API token.


# Identify projects
curl -H $TOKEN $RUNDECK/api/16/projects/ -H accept:application/json | jq  .
thesubtlety / stalebacon.cna
Created Mar 26, 2021
Stale beacon slacker, only messages once
View stalebacon.cna
# CNA script to alert on dead beacons. Doesn't repeat messages.
# author: noah @thesubtlety
# credit - bluescreenofjeff
$webhook_url = "";
$slack_channel = "#crackers";
%beacon_status = %();
# default stale value of 5 minutes (300000ms)
$stale_value = 300000;
thesubtlety /
Last active Aug 13, 2020
tl;dr natlas/docker install
thesubtlety / Get-Exports.ps1
Created Feb 12, 2020
DLL Hijack with exports
View Get-Exports.ps1
function Get-Exports {
Get-Exports, fetches DLL exports and optionally provides
C++ wrapper output (idential to ExportsToC++ but without
needing VS and a compiled binary). To do this it reads DLL
bytes into memory and then parses them (no LoadLibraryEx).
Because of this you can parse x32/x64 DLL's regardless of
the bitness of PowerShell.
thesubtlety / golang-windows-dll.go
Created Feb 5, 2020
Calling Windows DLLs from Go
View golang-windows-dll.go
package main
import (
thesubtlety / gist:5d30bc04f087807d817cf4479a481c23
Last active Jun 27, 2022
Download compile and encrypt the latest mimikatz
View gist:5d30bc04f087807d817cf4479a481c23
#requires -version 2
Author: Noah
@subTee's reflexive loader
Required Dependencies: msbuild, csc
Execute: Run-UpdateKatz -Verbose
thesubtlety / dllmain.cpp
Last active Jul 17, 2021
Basic dll to execute commands
View dllmain.cpp
// Configuration Type: DLL
// Runtime Library: /MT
// Use of MFC: Use MFC in Static Library
// Architecture must match target _process_
// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include <windows.h>
#include <sstream>
thesubtlety /
Last active Dec 3, 2021
Parse Shodan data file and extract CVE details by host, writing to CSV file
#!/usr/bin/env python3
import os
import re
import sys
import json
import gzip
import csv
import datetime
import shodan
thesubtlety /
Created Dec 11, 2019
Submit IPs/CIDRs to Shodan for scanning and download results
#!/usr/bin/env python3
import os
import sys
import time
import shodan
import netaddr
import ipaddress