decay88
decay88
/ ProcessArmor.cs
Created
September 2, 2018 18:14
Process Armor - Prevent users from killing your service or process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.ComponentModel; | |
| using System.Security.AccessControl; | |
| using System.Security.Principal; | |
| using System.Runtime.InteropServices; | |
| using System.Configuration.Install; | |
decay88
/ skullkatz.cs
Created
September 2, 2018 18:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; |
decay88
/ netkatz.cs
Created
September 2, 2018 18:16
Downloads and Executes Mimikatz In Memory From GitHub
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; |
decay88
/ LoadInMemoryModule.ps1
Created
September 2, 2018 18:20
— forked from mattifestation/LoadInMemoryModule.ps1
A stealthier method of loading a .NET PE in memory - via the Assembly.LoadModule method
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Domain = [AppDomain]::CurrentDomain | |
| $DynAssembly = New-Object System.Reflection.AssemblyName('TempAssembly') | |
| $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run) | |
| $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('TempModule') | |
| # Create a stub module that the in-memory module (i.e. this mimics the loading of a netmodule at runtime) will be loaded into. | |
| $ModuleBuilder2 = $AssemblyBuilder.DefineDynamicModule('hello.dll') | |
| $TypeBuilder = $ModuleBuilder.DefineType('TempClass', [Reflection.TypeAttributes]::Public) | |
| $TypeBuilder.CreateType() | |
| $HelloDllBytes = [Convert]::FromBase64String('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJNPvloAAAAAAAAAAOAAAiELAQsAAAQAAAAGAAAAAAAAPiMAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOQiAABXAAAAAEAAAJgCAAAAAAAAAAAAAAAAAAA |
decay88
/ ByteArrayExtensions.vb
Created
September 2, 2018 19:07
— forked from TheBarret/ByteArrayExtensions.vb
Useful Byte Array Extensions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Imports System.IO | |
| Imports System.IO.Compression | |
| Imports System.Security.Cryptography | |
| Imports System.Runtime.InteropServices | |
| Public Module TypeExt | |
| <System.Runtime.CompilerServices.Extension> | |
| Public Function QuickCast(Of T)(src As Byte()) As Object | |
| Dim dataPtr As IntPtr = IntPtr.Zero | |
| Try | |
| If src.Length <> 0 Then |
decay88
/ ProcessArmor.cs
Created
September 8, 2018 00:36
— forked from nicholasmckinney/ProcessArmor.cs
Process Armor - Prevent users from killing your service or process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.ComponentModel; | |
| using System.Security.AccessControl; | |
| using System.Security.Principal; | |
| using System.Runtime.InteropServices; | |
| using System.Configuration.Install; | |
decay88
/ RegRunner.cs
Created
September 8, 2018 00:41
— forked from nicholasmckinney/RegRunner.cs
Executes Encrypted File From Registry
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Text; | |
| using Microsoft.Win32; | |
| using System.IO.Compression; | |
| using System.EnterpriseServices; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| using System.Security.Cryptography; |
decay88
/ PELoader.cs
Created
September 8, 2018 00:41
— forked from nicholasmckinney/PELoader.cs
Reflective PE Loader - Compressed Mimikatz inside of InstallUtil
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.IO.Compression; | |
| using System.Text; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
decay88
/ Anti-Anti-Decompile.cs
Created
September 8, 2018 16:21
— forked from 20chan/Anti-Anti-Decompile.cs
anti decompile patch for .net executable file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private void AntiReflector(string path) | |
| { | |
| FileStream stream = new FileStream(path, FileMode.Open, FileAccess.Write); | |
| stream.Seek(0xf4, SeekOrigin.Begin); | |
| stream.WriteByte(11); | |
| stream.Flush(); | |
| stream.Close(); | |
| MessageBox.Show("적용 완료!", "Anti-Reflector", MessageBoxButtons.OK, MessageBoxIcon.Information); | |
| } | |
| private void AntiAntiReflector(string path) |
decay88
/ expression.cs
Created
September 8, 2018 16:23
— forked from 20chan/expression.cs
Execute expression using JIT, compiled expression, lambda in C#
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Linq.Expressions; | |
| using System.Runtime.InteropServices; | |
| namespace AssemblySharp | |
| { | |
| public static class Program | |
| { | |
| [DllImport("kernel32.dll", SetLastError = true)] | |
| static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, AllocationType flAllocationType, MemoryProtection flProtect); |