tr4nc3
xpn
/ InstallUtil-Shellcode-cs
Created
May 11, 2018 01:15
— forked from lithackr/InstallUtil-Shellcode-cs
From https://gist.github.com/subTee/408d980d88515a539672
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| a4b.amazonaws.com | |
| access-analyzer.amazonaws.com | |
| account.amazonaws.com | |
| acm-pca.amazonaws.com | |
| acm.amazonaws.com | |
| airflow-env.amazonaws.com | |
| airflow.amazonaws.com | |
| alexa-appkit.amazon.com | |
| alexa-connectedhome.amazon.com | |
| amazonmq.amazonaws.com |
its-a-feature
/ Domain Enumeration Commands
Created
January 7, 2018 21:03
Common Domain Enumeration commands in Windows, Mac, and LDAP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Domain: TEST.local | |
| User Enumeration: | |
| Windows: | |
| net user | |
| net user /domain | |
| net user [username] | |
| net user [username] /domain | |
| wmic useraccount | |
| Mac: | |
| dscl . ls /Users |
ropnop
/ lookupadmins.py
Last active
December 4, 2021 16:00
Python script using Impacket to enumerate local administrators over SAMR
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # Title: lookupadmins.py | |
| # Author: @ropnop | |
| # Description: Python script using Impacket to query members of the builtin Administrators group through SAMR | |
| # Similar in function to Get-NetLocalGroup from Powerview | |
| # Won't work against Windows 10 Anniversary Edition unless you already have local admin | |
| # See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016 | |
| # | |
| # Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket |
xorrior
/ PELoader.cs
Created
July 12, 2017 01:54
Reflective PE Loader - Compressed Mimikatz inside of InstallUtil
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.IO.Compression; | |
| using System.Text; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
markusleh
/ volatility-pool-visualize.py
Last active
June 25, 2021 14:14
Python program to visualize Windows bigpool content
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import svgwrite | |
| import volatility.conf as conf | |
| import volatility.registry as registry | |
| import volatility.plugins.volshell as shell | |
| registry.PluginImporter() | |
| config = conf.ConfObject() | |
| import volatility.commands as commands | |
| import volatility.addrspace as addrspace | |
| import volatility.utils as utils | |
| registry.register_global_options(config, commands.Command) |
hellman
/ rsa_timing_attack_d_Montgomery.py
Created
May 1, 2017 12:23
DEF CON 2017 Quals - Godzilla (Reverse/Crypto)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| ''' | |
| DEF CON 2017 Quals - Godzilla (Reverse) | |
| Timing attack on RSA decryption. | |
| Based on http://www.cs.jhu.edu/~fabian/courses/CS600.624/Timing-full.pdf | |
| Another solutions: | |
| https://gist.github.com/nneonneo/367240ae2d8e705bb9173a49a7c8b0cd by b2xiao | |
| https://gist.github.com/Riatre/caac24840b176cf843b3f66ad9a5eeaf by riatre |
atifaziz
/ Unprotect-ProtectedData.ps1
Created
March 31, 2017 06:25
Decrypting DPAPI-protected Base64 data from PowerShell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Add-Type -AssemblyName System.Security; | |
| [Text.Encoding]::ASCII.GetString([Security.Cryptography.ProtectedData]::Unprotect([Convert]::FromBase64String((type -raw (Join-Path $env:USERPROFILE foobar))), $null, 'CurrentUser')) |
jaredcatkinson
/ Get-InjectedThread.ps1
Last active
April 22, 2024 19:09
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |