Skip to content

Instantly share code, notes, and snippets.

James Forshaw tyranid

Block or report user

Report or block tyranid

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@tyranid
tyranid / kill_file_locker.ps1
Created Sep 26, 2017
View kill_file_locker.ps1
Import-Module NtObjectManager
<#
Function to kill all processes which are using a locked file.
#>
function Kill-FileLocker {
param(
[Parameter(Mandatory)]
[string]$Path
)
@tyranid
tyranid / bypass_uac.ps1
Last active Apr 26, 2019
View bypass_uac.ps1
# Powershell script to bypass UAC on Vista+ assuming
# there exists one elevated process on the same desktop.
# Technical details in:
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html
# You need to Install-Module NtObjectManager for this to run.
Import-Module NtObjectManager
@tyranid
tyranid / ntfs_testcase.cpp
Created Jun 2, 2014
Test Case for Illegal NTFS Names
View ntfs_testcase.cpp
#include <stdio.h>
#include <tchar.h>
#include <Windows.h>
#include <string>
int _tmain(int argc, _TCHAR* argv[])
{
for (int i = 1; i < 128; ++i)
{
std::wstring name = L".\a";
@tyranid
tyranid / cmdfile registration
Created May 22, 2014
A registry file for cmdfile registration
View cmdfile registration
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Classes\cmdfile\shell\open\command]
@="c:\\windows\\system32\\calc.exe"
@tyranid
tyranid / Test for MS14-027
Created May 22, 2014
View Test for MS14-027
#include <stdio.h>
#include <tchar.h>
#include <Windows.h>
int wmain(int argc, WCHAR* argv[])
{
if (argc < 2)
{
printf("Usage: ImpersonateSHExec filename [sessionid]\n");
return 1;
You can’t perform that action at this time.