byt3bl33d3r

See http://stackoverflow.com/questions/2947990/using-ikvm-to-convert-a-jar-flying-saucer-xhtmlrenderer

I wanted to use the Flying Saucer Java API in .NET so I tried to use IKVM to convert the Flying Saucer library:

ikvmc core-renderer.jar
For some reason, IKVMC gave me an exe core-renderer.exe so I renamed it to core-renderer.dll, added to my assemblies and hacked away

using java.io;
using java.lang;
using com.lowagie.text;

byt3bl33d3r

#include <Windows.h>

LONG SingleStepEncryptDecrypt(EXCEPTION_POINTERS* ExceptionInfo);
typedef VOID(__stdcall* Shellcode)();

LPBYTE ShellcodeBuffer;
ULONG_PTR PreviousOffset;
ULONG_PTR CurrentOffset;
ULONGLONG InstructionCount;
DWORD dwOld;

byt3bl33d3r

Links describing the leaked EQ Group tools for Windows

Repositories and ports

• Lost in Translation - A repository of the leaked tools

• MS17-010 - Port of some of the exploits to Windows 10

Installation and usage guides

byt3bl33d3r

// Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;)
// Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work.

using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;

namespace SCCMDecryptPOC
{
    internal class Program

byt3bl33d3r

#!/usr/bin/env python

'''
It has been tested with either py2 or py3.
Beware ancient versions of Linux kernel which may not support SOCK_NONBLOCK
or the memory mapped ring buffer.

BPF filter listed below is compiled form of "not port 22"
if you want to change it, do something like 

byt3bl33d3r

from __future__ import print_function
import pickle
import os.path
from googleapiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
from apiclient import errors
import re
from bs4 import BeautifulSoup as Soup