jackson5 jackson5sec
jackson5sec
/ script.ps1
Created
January 24, 2018 06:26
Hooking MessageBox For No-Prompt Trusted Root Certificate Install
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Verify Not Present | |
| ( Get-ChildItem Cert:\CurrentUser\Root | Where-Object {$_.Subject -match "__Interceptor_Trusted_Root" }) | |
| #Import-Certificate | |
| ( Get-ChildItem -Path C:\Test\thing.cer ) | Import-Certificate -CertStoreLocation cert:\CurrentUser\Root | |
| #Prompted | |
| Remove-Item -Path cert:\CurrentUser\Root\5C205339AE9FA846FA99D3FFF0CDEE65EB8D8E99 | |
jackson5sec
/ Injectable.cpp
Created
December 19, 2017 01:47
— forked from anonymous/Injectable.cpp
Simple UserMode Hook Example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| FARPROC fpCreateProcessW; | |
| BYTE bSavedByte; | |
| // Blog Post Here: | |
| // https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108 | |
| // tasklist | findstr explore.exe |
jackson5sec
/ WipePEHeader.cpp
Last active
January 29, 2018 10:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #include <Windows.h> | |
| #include <iostream> | |
| void WipePEHeader(HANDLE GetModuleBase) | |
| { | |
| PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)GetModuleBase; | |
| PIMAGE_NT_HEADERS pNTHeader = (PIMAGE_NT_HEADERS)((PBYTE)pDosHeader + (DWORD)pDosHeader->e_lfanew); | |
| printf("NT Header at : %p\n", pNTHeader); |
NewerOlder