HarmJ0y
/ CIPolicyParser.ps1
Created
July 12, 2022 21:36
— forked from mattifestation/CIPolicyParser.ps1
Functions to recover information from binary Windows Defender Application Control (WDAC) Code Integrity policies.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ensure System.Security assembly is loaded. | |
| Add-Type -AssemblyName System.Security | |
| function ConvertTo-CIPolicy { | |
| <# | |
| .SYNOPSIS | |
| Converts a binary file that contains a Code Integrity policy into XML format. | |
| Author: Matthew Graeber (@mattifestation) |
HarmJ0y
/ patchless_amsi.h
Created
May 13, 2022 19:14
— forked from CCob/patchless_amsi.h
In-Process Patchless AMSI Bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ifndef PATCHLESS_AMSI_H | |
| #define PATCHLESS_AMSI_H | |
| #include <windows.h> | |
| static const int AMSI_RESULT_CLEAN = 0; | |
| PVOID g_amsiScanBufferPtr = nullptr; | |
| unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) { |
HarmJ0y
/ Invoke-DCSync.ps1
Last active
February 2, 2021 10:46
— forked from monoxgas/Invoke-DCSync.ps1
What more could you want?
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-DCSync | |
| { | |
| <# | |
| .SYNOPSIS | |
| Uses dcsync from mimikatz to collect NTLM hashes from the domain. | |
| Author: @monoxgas | |
| Invoke-ReflectivePEInjection |