Cracked5pider

//===============================================================================================//
// This is a stub for the actuall functionality of the DLL.
//===============================================================================================//
#include "ReflectiveLoader.h"
#include <stdio.h>

// Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are
// defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own 
// DllMain and use the LoadRemoteLibraryR() API to inject this DLL.

0xmachos

• Sarah Edwards (@iamevltwin)

  • mac4n6.com
  • SANS FOR518: Mac and iOS Forensic Analysis and Incident Response
  • Apple Pattern of Life Lazy Output'er

• Unified Log

  • Howard Oakley @howardnoakley
    • Unified log: 1 why, what and how
    • Unified log: 2 content and extraction

• Unified log: 3 finding your way

monoxgas

use DynaLoader;
use Devel::Peek;
use Fcntl;
use 5.008001; # because 5.6 doesn't have B::PV::object_2svref
use Config;
use B (); # for B::PV

sub mmap {
  my ($addr, $size, $protect, $flags) = @_;
  syscall(197, $addr, $size, $protect, $flags, -1, 0);

djhohnstein

import sys

try:
  import re
  import base64
  from hashlib import sha256
  from binascii import hexlify, unhexlify
  from Crypto.Cipher import AES
  from xml.dom import minidom
  from pprint import pprint

CCob

#RC4 encryption implementation using Java Crypto API
#Author: @_EthicalChaos_

import javax.crypto.spec.*;
import java.security.*;
import javax.crypto.*;

# $1 = plaintext, $2 = key
sub encryptRC4{

kmcquade

• chime:CreateApiKey
• codepipeline:PollForJobs
• cognito-identity:GetOpenIdToken
• cognito-identity:GetOpenIdTokenForDeveloperIdentity
• cognito-identity:GetCredentialsForIdentity
• connect:GetFederationToken
• connect:GetFederationTokens
• ecr:GetAuthorizationToken
• [gamelift:RequestUploadCredentials](ht

Neo23x0

Base64 Patterns - Learning Aid

Base64 Code	Mnemonic Aid	Decoded*	Description
JAB	🗣 Jabber	$.	Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env:
TVq	📺 Television	MZ	MZ header
SUVY	🚙 SUV	IEX	PowerShell Invoke Expression
SQBFAF	🐣 Squab favorite	I.E.	PowerShell Invoke Expression (UTF-16)
SQBuAH	🐣 Squab uahhh	I.n.	PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz
PAA	💪 "Pah!"	<.	Often used by Emotet (UTF-16)

curi0usJack

	# 
	# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
	#
	# Note this version requires Apache 2.4+
	#
	# Save this file into something like /etc/apache2/redirect.rules.
	# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
	# 
	# Include /etc/apache2/redirect.rules
	#

mgeeky

This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.

All of the below examples had been generated for using as a remote address: 192.168.56.101.

List:

0. Page substiution macro for luring user to click Enable Content
1. The Unicorn Powershell based payload

EvanYellow

/** This is a fairly well optimized object which alows
  * access to binary files from JScript on a Windows
  * operating system.
  *
  * A the end of the file is small set of tests to show how it
  * is used. You will require ADODB 2.5 or higher installed.
  * this will be so on most 2000 machines and all XP or higher
  * machines.
  *
  * CopyRight: Dr Alexander J Turner - all rights reserved.