Michael Eder edermi
zimnyaa
/ rwxscan.nim
Last active
December 23, 2024 10:51
A simple dynamic RWX allocation scanner. Used to find system libraries that alloc RWX regions on load.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import winim | |
| import std/strutils, os | |
| proc lpwstrc(bytes: array[MAX_PATH, WCHAR]): string = | |
| result = newString(bytes.len) | |
| for i in bytes: | |
| result &= cast[char](i) | |
| result = strip(result, chars = {cast[char](0)}) | |
| var pages = newSeq[int](0) |
aconite33
/ bloodhoundce_import.py
Created
August 15, 2023 23:04
Import large files into BloodHound CE Edition
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import time | |
| import argparse | |
| import getpass | |
| import os | |
| import sys | |
| def main(): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // How to locate the NT Delegate Callback Table in x86 builds of ntdll.dll | |
| // | |
| // @modexpblog | |
| // | |
| #define PHNT_VERSION PHNT_THRESHOLD | |
| #include <phnt_windows.h> | |
| #include <phnt.h> |
OlderNewer