wizardy0ga
/ dll_block_apc_inject.c
Last active
July 15, 2024 20:12
Spawns a process with mitigations enabled to prevent non microsoft dlls from being loaded into the process. Executes shellcode via APC injection in process.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: | |
| wizardy0ga | |
| Date: | |
| July 2024 | |
| Arch: | |
| x64 | |
| Tested on: | |
| Windows 10 19045.4529 | |
| Compiler: |
wizardy0ga
/ hellshall.c
Last active
July 15, 2024 20:15
Classic remote process injection using syscalls via hells hall & tartarus gate. Encrypted shellcode is decrypted by encrypted self-bruteforcing encryption key & injected into explorer using the classic remote process injection method.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "hellshall.h" | |
| VOID Xor(PBYTE pData, SIZE_T SizeOfData, PBYTE pKey, SIZE_T SizeOfKey) { | |
| for (int i = 0, j = 0; i < SizeOfData; i++, j++) { | |
| if (j >= SizeOfKey) { | |
| j = 0; | |
| } | |
| pData[i] = pData[i] ^ pKey[j]; | |
| } | |
| } |
wizardy0ga
/ hellshall.c
Created
July 8, 2024 04:21
Local shellcode execution using a combination of hells hall (Indirect syscalls) and tartarus gate (SSN retrieval) techniques.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "hellshall.h" | |
| unsigned int CRC32(char* string) { | |
| int i, | |
| crc; | |
| unsigned int byte, c; | |
| const unsigned int g0 = SEED, | |
| g1 = g0 >> 1, | |
| g2 = g0 >> 2, | |
| g3 = g0 >> 3, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: | |
| wizardy0ga | |
| Date: | |
| July 2024 | |
| Arch: | |
| x64 | |
| Tested on: | |
| Windows 10 19045.4529 | |
| Compiler: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: | |
| wizardy0ga | |
| Date: | |
| July 2024 | |
| Arch: | |
| x64 | |
| Tested on: | |
| Windows 10 19045.4529 | |
| Compiler: |
wizardy0ga
/ UnhookFromWebserver.c
Last active
June 30, 2024 05:59
Unhooking ntdll using a copy sourced from the microsoft internet symbol server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: | |
| wizardy0ga | |
| Date: | |
| June 2024 | |
| Arch: | |
| x64 | |
| Tested on: | |
| Windows 10 19045.4529 | |
| Compiler: |
wizardy0ga
/ main.c
Last active
June 23, 2024 21:16
Unhooking NTDLL using an unhooked text section from a suspended process, syswhispers3 style (indirect syscalls)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: | |
| wizardy0ga | |
| Date: | |
| June 2024 | |
| Arch: | |
| x64 | |
| Tested on: | |
| Windows 10 19045.4529 | |
| Compiler: |
wizardy0ga
/ UnhookNtdllFromSuspendedProcess.c
Last active
June 23, 2024 16:39
Unhooking ntdll using a copy from a suspended process
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: | |
| wizardy0ga | |
| Date: | |
| June 2024 | |
| Arch: | |
| x64 | |
| Compiler: | |
| MSVC | |
| Description: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [font] | |
| size = 12 | |
| [font.normal] | |
| family = "Fira Code" | |
| style = "Regular" | |
| [font.bold] | |
| family = "Fira Code" | |
| style = "Bold" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Picom Configuration, courtesy of Xubuntu Developers | |
| # https://raw.githubusercontent.com/Xubuntu/xubuntu-default-settings/master/etc/xdg/xdg-xubuntu/picom.conf | |
| # | |
| # About Picom: https://github.com/yshui/picom | |
| # Heavily based on: https://bit.ly/1l5OrzL | |
| # Sample settings: https://github.com/chjj/compton/blob/master/compton.sample.conf | |
| # --- Backend (OpenGL used by default) | |
| # Related Links | |
| # https://github.com/chjj/compton/wiki/perf-guide |
NewerOlder