Jean-Pierre LESUEUR (Microsoft MVP) DarkCoderSc

Security & Malware Researcher at PHROZEN

1.7k followers · 3 following

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

DarkCoderSc / SharpRunAsAttached.cs

Created December 3, 2021 10:07

A ported version of PowerRunAsAttached to C#

	/*-------------------------------------------------------------------------------
	.Developer
	Jean - Pierre LESUEUR(@DarkCoderSc)
	https://www.twitter.com/darkcodersc
	https://github.com/DarkCoderSc
	www.phrozen.io
	[email protected]
	PHROZEN
	.License
	Apache License

DarkCoderSc / CursorStateMonitorPoC.ps1

Created January 15, 2022 18:45

Proof of Concept I made to monitor the state of global Windows mouse cursor. I will implement this code in PowerRemoteDesktop_Server to synchronize mouse state with Viewer.

	<#-------------------------------------------------------------------------------

	.Developer
	Jean-Pierre LESUEUR (@DarkCoderSc)
	https://www.twitter.com/darkcodersc
	https://github.com/DarkCoderSc
	www.phrozen.io
	[email protected]
	PHROZEN

DarkCoderSc / unprotect_macaddr_vm_detect.cs

Last active June 17, 2022 13:09

https://unprotect.it/technique/detecting-mac-address/ - (Author: Jean-Pierre LESUEUR (@DarkCoderSc)

	using System.Net.NetworkInformation;

	/*
	String[] vmMacAddresses =
	{
	"08:00:27",
	"00:0C:29",
	"00:1C:14",
	"00:50:56",
	"00:05:69",

DarkCoderSc / file_melt_unprotect.pas

Last active June 17, 2022 13:09

https://unprotect.it/technique/file-melt/ - (Author: Jean-Pierre LESUEUR (@DarkCoderSc)

	{
	32Bit Example of File Melting
	}

	program Melt;

	{$APPTYPE CONSOLE}

	{$R *.res}

DarkCoderSc / Unprotect_NtQueryInformation_ProcessDebugPort.pas

Last active June 17, 2022 13:09

https://unprotect.it/technique/file-melt/ - (Author: Jean-Pierre LESUEUR (@DarkCoderSc)

	program NtQueryProcessInformation;

	{$APPTYPE CONSOLE}

	{$R *.res}

	uses
	Winapi.Windows,
	System.SysUtils;

DarkCoderSc / Unprotect_NtQueryInformation_ProcessDebugPort.cs

Last active June 17, 2022 13:09

https://unprotect.it/technique/ntqueryinformationprocess/ - (Author: Jean-Pierre LESUEUR (@DarkCoderSc)

	using System;
	using System.Runtime.InteropServices;

	[DllImport("ntdll.dll", SetLastError = true)]
	static extern int NtQueryInformationProcess(
	IntPtr processHandle,
	int processInformationClass,
	ref IntPtr processInformation,
	uint processInformationLength,
	ref IntPtr returnLength

DarkCoderSc / Unprotect_ProcEnvInjection_DLLInjection.pas

Created June 17, 2022 13:09

https://unprotect.it/technique/procenvinjection-remote-code-injection-by-abusing-process-environment-strings/ - (Author: Jean-Pierre LESUEUR (@DarkCoderSc)

	(*
	Example of DLL Code to test DLL Injection:
	------------------------------------------

	BOF>>

	library UnprotectTestDLL;

	uses
	WinApi.Windows,

DarkCoderSc / Unprotect_DLLInjection_CreateRemoteThread_LoadLibrary.pas

Created June 17, 2022 13:59

https://unprotect.it/technique/dll-injection-via-createremotethread-and-loadlibrary/ - (Author: Jean-Pierre LESUEUR (@DarkCoderSc)

	(*
	Example of DLL Code to test DLL Injection:
	------------------------------------------

	BOF>>

	library UnprotectTestDLL;

	uses
	WinApi.Windows,

DarkCoderSc / Unprotect_RunPE.pas

Created June 23, 2022 18:45

https://unprotect.it/technique/process-hollowing-runpe/ - Author: Jean-Pierre LESUEUR (@DarkCoderSc)

	// Support both x86-32 and x86-64

	program Unprotect_RunPE;

	{$APPTYPE CONSOLE}

	{$R *.res}

	uses
	System.Classes,

DarkCoderSc / Timestomp.cs

Last active August 9, 2022 14:32

https://unprotect.it/snippet/timestomp/121/ - Author: Jean-Pierre LESUEUR (@DarkCoderSc)

	using System;
	using System.IO;

	void timeStomp(String targetFile)
	{
	targetFile = Path.GetFullPath(targetFile);

	if (!File.Exists(targetFile))
	{
	throw new FileNotFoundException(String.Format("File \"{0}\" does not exists.", targetFile));

Older Newer