Skip to content

Instantly share code, notes, and snippets.

View decay88's full-sized avatar

decay88

151 followers · 387 following
View GitHub Profile
@HarmJ0y
HarmJ0y / LNKBackdoor.ps1
Created July 4, 2016 20:49
Functions to 'backdoor' .LNK files with additional functionality and enumerate all 'backdoored' .LNKs on a system.
function Set-LNKBackdoor {
<#
.SYNOPSIS
Backdoors an existing .LNK shortcut to trigger the original binary and a payload specified by
-ScriptBlock or -Command.
Author: @harmj0y
License: BSD 3-Clause
Required Dependencies: None
@NaxAlpha
NaxAlpha / ProcessExtensions.cs
Last active July 24, 2022 05:13
Remote Process Hacking with C# - Part 2
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
public static class ProcessExtensions {
private static IntPtr kernel32;
private static IntPtr loadlibrary;
@Konctantin
Konctantin / ProcessMemory.cs
Created July 19, 2016 13:56
Process memory class for x64
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
namespace CallFsEB
{
@GuRuHaX
GuRuHaX / StringCipher
Created October 25, 2016 18:02
using System;
using System.Text;
using System.Security.Cryptography;
using System.IO;
using System.Linq;
using System.Windows;
namespace Encryption
{
public static class StringCipher
@GuRuHaX
GuRuHaX / TripleDes_File.cs
Created October 25, 2016 18:16
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
using System.Windows;
using System.Windows.Controls;
namespace iCrypt_WPF.Classes
{
@hasherezade
hasherezade / syscall_extractor.cpp
Last active August 30, 2023 21:47
Extracts syscalls list from NTDLL.DLL
#include <stdio.h>
#include <Windows.h>
// based on: https://www.evilsocket.net/2014/02/11/on-windows-syscall-mechanism-and-syscall-numbers-extraction-methods/
// author: @evilsocket
// modified by: @hasherezade
#define IS_ADDRESS_BETWEEN( left, right, address ) ( (address) >= (left) && (address) < (right) )
PIMAGE_SECTION_HEADER SectionByRVA( PIMAGE_SECTION_HEADER pSections, DWORD dwSections, DWORD rva )
{
@MuteG
MuteG / FileSecurity.cs
Last active October 21, 2018 18:59
Encrypt or Decrypt file.
using System.IO;
using System.Security.Cryptography;
namespace FileSecurity
{
public static class FileSecurity
{
private static readonly byte[] IV = new byte[16] {
36, 179, 238, 200, 42, 8, 226, 55,
4, 29, 230, 91, 213, 121, 62, 134
@enigma0x3
enigma0x3 / Create-LNK.ps1
Created January 5, 2017 15:04
function Create-LNKPayload{
<#
.SYNOPSIS
Generates a malicous LNK file
.PARAMETER LNKName
Name of the LNK file you want to create.
@ioncodes
ioncodes / ExecuteMethod.cs
Created January 27, 2017 08:37
Loads an assembly and executes the method with the specified arguments. Has support for BindingFlags.
public static object ExecuteMethod(string asm, string stype, string smethod, BindingFlags flags, object[] arguments)
{
Assembly assembly = Assembly.LoadFile(asm);
Type type = assembly.GetType(stype);
MethodInfo method = type.GetMethod(smethod, flags);
return method.Invoke(null, arguments);
// Usage: (int)ExecuteMethod("test.dll", "Namespace.Class", "CalculateTwoInts", BindingFlags.Static | BindingFlags.Public, new object[] {1,2});
}
@rvrsh3ll
rvrsh3ll / ConvertShellcode.py
Last active February 18, 2024 20:22
import binascii
import sys
file_name = sys.argv[1]
with open (file_name) as f:
hexdata = binascii.hexlify(f.read())
hexlist = map(''.join, zip(hexdata[::2], hexdata[1::2]))
shellcode = ''
for i in hexlist:
shellcode += "0x{},".format(i)