In terminal.app, install ffmpeg through homebrew
brew install ffmpeg
Validate the installation:
Michael Eder edermi
witmin
/ ffmpeg-mp4-to-animated-webp.md
Last active
September 3, 2025 06:28
Convert MP4 file to animated WebP in ffmpeg
xpn
/ env_var_spoofing_poc.cpp
Created
June 6, 2020 21:25
A very rough x64 POC for spoofing environment variables (similar to argument spoofing) with a focus on setting the COMPlus_ETWEnabled=0 var used to disable ETW in .NET
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // A very rough x64 POC for spoofing environment variables similar to argument spoofing with a focus on | |
| // setting the COMPlus_ETWEnabled=0 var for disabling ETW in .NET. | |
| // | |
| // Works by launching the target process suspended, reading PEB, updates the ptr used to store environment variables, | |
| // and then resuming the process. | |
| // | |
| // (https://blog.xpnsec.com/hiding-your-dotnet-complus-etwenabled/) | |
| #define INJECT_PARAM L"COMPlus_ETWEnabled=0\0\0\0" | |
| #define INJECT_PARAM_LEN 43 |
ropnop
/ go-sharp-loader.go
Created
August 5, 2020 17:12
Example Go file embedding multiple .NET executables
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Example Go program with multiple .NET Binaries embedded | |
| This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
| $ go get -u github.com/gobuffalo/packr/packr | |
| Place all your EXEs are in a "binaries" folder |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################## | |
| ## PyDefenderCheck - Python implementation of DefenderCheck | |
| ################################################## | |
| ## Author: daddycocoaman | |
| ## Based on: https://github.com/matterpreter/DefenderCheck | |
| ################################################## | |
| import argparse | |
| import enum |
gladiatx0r
/ Workstation-Takeover.md
Last active
August 25, 2025 14:06
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
dmchell
/ SharpApprover.cs
Created
September 21, 2021 13:49
Reset the mspki-enrollment-flag attribute when you possess a write ACE on a vulnerable certificate template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.DirectoryServices; | |
| namespace SharpApprover | |
| { | |
| class Program | |
| { | |
| public static void SetAdInfo(string objectFilter, | |
| int objectValue, string LdapDomain) |
leechristensen
/ CES.py
Last active
July 14, 2025 09:42
Crude example of how to build a CSR and issue an HTTP request a certificate via AD CS's Certificate Enrollment Web Service's SOAP endpoint
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from cryptography.hazmat.backends import default_backend | |
| from cryptography.hazmat.primitives import serialization | |
| from cryptography.hazmat.primitives.asymmetric import rsa | |
| from cryptography import x509 | |
| from cryptography.x509.extensions import ExtensionType | |
| from cryptography.x509.oid import NameOID | |
| from cryptography.hazmat.primitives import hashes | |
| from cryptography.x509.general_name import GeneralName, IPAddress, OtherName | |
| import base64 | |
| import pyasn1 |
GeisericII
/ Get-LoggedOn.py
Last active
May 23, 2025 03:42
Stupid simple script copied and pasted from reg.py/lookupsid and inspired from itm4n's session enum via registry
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| from __future__ import division | |
| from __future__ import print_function | |
| import re | |
| import codecs | |
| import logging | |
| import time | |
| import argparse | |
| import sys | |
| from impacket import version |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import csv | |
| import requests | |
| import argparse | |
| from bs4 import BeautifulSoup | |
| from colorama import Fore, Style, init | |
| init(autoreset=True) | |
| known_security_vendors = [ | |
| 'symantec', 'mcafee', 'trendmicro', 'kaspersky', 'bitdefender', |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "syscall" | |
| "golang.org/x/sys/windows" | |
| "C" | |
| "time" | |
| ) | |
| const ( |