Note
to active Office without crack, just follow https://github.com/WindowsAddict/IDM-Activation-Script,
you wiil only need to run
irm https://massgrave.dev/ias | iex
fr0zenrain
mattifestation
/ ExpandDefenderSig.ps1
Created
March 28, 2019 20:17
Decompresses Windows Defender AV signatures for exploration purposes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Expand-DefenderAVSignatureDB { | |
| <# | |
| .SYNOPSIS | |
| Decompresses a Windows Defender AV signature database (.VDM file). | |
| .DESCRIPTION | |
| Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed. |
zthxxx
/ Activate Office 2019 for macOS VoL.md
Last active
July 22, 2025 10:50
crack activate Office on mac with license file
rain-1
/ Wannacrypt0r-FACTSHEET.md
Last active
May 14, 2025 19:15
— forked from Epivalent/Wannacrypt0r-FACTSHEET.md
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comis up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
simonw
/ recover_source_code.md
Last active
September 28, 2024 08:10
How to recover lost Python source code if it's still resident in-memory
I screwed up using git ("git checkout --" on the wrong file) and managed to delete the code I had just written... but it was still running in a process in a docker container. Here's how I got it back, using https://pypi.python.org/pypi/pyrasite/ and https://pypi.python.org/pypi/uncompyle6
apt-get update && apt-get install gdb
T31M
/ frida_hook_safetynet.py
Last active
January 1, 2023 18:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Hooking SafetyNet stuff for fun (no profit tho :( ) | |
| #Several Functions just uncomment to use or modify :) | |
| #by T31M | |
| import frida | |
| import sys | |
| PACKAGE_NAME = "com.nianticlabs.pokemongo" | |
| process = frida.get_usb_device().attach(PACKAGE_NAME) |
worawit
/ cve-2014-6332_win7_ie11_poc.html
Last active
March 30, 2024 15:03
CVE-2014-6332 PoC to get shell or bypass protected mode
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 PoC to get meterpreter shell or bypass IE protected mode | |
| - Tested on IE11 + Windows 7 64-bit | |
| References: | |
| - original PoC - http://www.exploit-db.com/exploits/35229/ | |
| - http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/ | |
| - http://security.coverity.com/blog/2014/Nov/eric-lippert-dissects-cve-2014-6332-a-19-year-old-microsoft-bug.html |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * reversed SafeArrayRedim() in oldaut32.dll (Windows XP) | |
| * for CVE-2014-6332 | |
| */ | |
| typedef struct tagSAFEARRAY | |
| { | |
| USHORT cDims; // number of dimensions | |
| USHORT fFeatures; // type of elements | |
| ULONG cbElements; // byte size per element |
andreif
/ Simple DNS server (UDP and TCP) in Python using dnslib.py
Last active
April 9, 2024 07:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding=utf-8 | |
| """ | |
| LICENSE http://www.apache.org/licenses/LICENSE-2.0 | |
| """ | |
| import datetime | |
| import sys | |
| import time | |
| import threading | |
| import traceback | |
| import SocketServer |