Michael Eder edermi
edermi
/ shellcode_to_hex_array.py
Last active
November 12, 2021 12:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| def main(): | |
| with open(sys.argv[1], 'rb') as f: | |
| shellcode = f.read() | |
| hexlified = ['0x{:02X}'.format(b) for b in shellcode] | |
| with open(sys.argv[2], 'w') as f: | |
| f.write(','.join(hexlified)) | |
| sys.stderr.write("Shellcode length: {}".format(len(shellcode))) |
edermi
/ CIPolicyParser.ps1
Created
April 18, 2023 08:31
— forked from mattifestation/CIPolicyParser.ps1
Functions to recover information from binary Windows Defender Application Control (WDAC) Code Integrity policies.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ensure System.Security assembly is loaded. | |
| Add-Type -AssemblyName System.Security | |
| function ConvertTo-CIPolicy { | |
| <# | |
| .SYNOPSIS | |
| Converts a binary file that contains a Code Integrity policy into XML format. | |
| Author: Matthew Graeber (@mattifestation) |
edermi
/ bloodhoundce_import.py
Created
January 31, 2024 15:33
— forked from aconite33/bloodhoundce_import.py
Import large files into BloodHound CE Edition
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import time | |
| import argparse | |
| import getpass | |
| import os | |
| import sys | |
| def main(): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| with open("collected_hashes_ntlmv2.txt", 'r') as hashfile: | |
| hashes=hashfile.read().splitlines() | |
| hash_dict = {} | |
| for line in hashes: | |
| name, _ = line.split("::") | |
| hash_dict[name] = line | |
| with open("uniq_collected_hashes_ntlmv2.txt", 'w') as hashfile: |
edermi
/ esc1.ps1
Created
January 31, 2025 15:36
— forked from b4cktr4ck2/esc1.ps1
PowerShell script to exploit ESC1/retrieve your own NTLM password hash.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Thank you @NotMedic for troubleshooting/validating stuff! | |
| $password = Read-Host -Prompt "Enter Password" | |
| #^^ Feel free to hardcode this for running in a beacon/not retyping it all the time! | |
| $server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now. | |
| $CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored? | |
| $CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box. | |
| $CASERVER = "alexlab-dc01-ca" #CA name. | |
| $CA = $CAFQDN + "\" + $CASERVER |
OlderNewer