jakobfriedl
/ PrepareMacroStrings.ps1
Created
September 13, 2024 08:06
Obfuscate VBA strings for evasion
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function ObfuscateString($inputString, $rotKey) { | |
| [string]$output = "" | |
| $inputString.ToString().ToCharArray() | %{ | |
| [string]$thischar = [byte][char]$_ + $rotKey | |
| if($thischar.Length -eq 1) { | |
| $thischar = [string]"00" + $thischar | |
| $output += $thischar | |
| } | |
| elseif($thischar.Length -eq 2) { | |
| $thischar = [string]"0" + $thischar |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import rdpcap, IP, TCP, DNS, DNSQR | |
| from collections import defaultdict | |
| import argparse | |
| def banner(): | |
| print(""" | |
| ββββββββββββ ββββββββββ¬ β¬ β¬βββββββ¬ββ | |
| β βββ βββ€βββ β ββ£ββββββ€β ββ¬ββββββ€ ββ¬β | |
| β© ββββ΄ β΄β΄ β© β©ββββ΄ β΄β΄βββ΄ βββββββ΄ββ | |
| """) |
jakobfriedl
/ generator.py
Last active
August 5, 2024 07:03
Generate payloads (reverse shell, macro, shellcode, ...)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Author: Jakob Friedl | |
| # Description: Generate payloads | |
| import sys | |
| import argparse | |
| import base64 | |
| parser = argparse.ArgumentParser(description="Payload generator v1") | |
| # parser.add_argument('type', help='Type of payload to use.', choices=['revshell', 'shellcode']) |
jakobfriedl
/ mitre_parser.py
Last active
October 30, 2023 15:19
Parses MITRE ATT&CK enterprise tactics, techniques and sub-techniques to python list format
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- Coding: UTF-8 -*- | |
| # Author: Jakob Friedl | |
| # Created on: Mon, 30. Oct. 2023 | |
| # Description: Parses MITRE ATT&CK enterprise tactics, techniques and sub-techniques | |
| from bs4 import BeautifulSoup | |
| import requests | |
| import re | |
| import urllib3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- Coding: UTF-8 -*- | |
| # Author: Jakob Friedl | |
| # Created on: Mon, 23. Oct 2023 | |
| # Description: Active Directory object enumeration for Havoc | |
| import havocui | |
| import havoc | |
| import re |
jakobfriedl
/ stager.nim
Created
October 24, 2023 10:43
Shellcode stager that loads remote shellcode directly into memory of specified process.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import winim | |
| import os | |
| import httpclient, streams | |
| import sequtils, strutils, strformat | |
| # Status indicators | |
| template success(s: varargs[untyped]): untyped = | |
| when DEBUG: | |
| echo "[+] ", s | |
| template fail(s: varargs[untyped]): untyped = |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- Coding: UTF-8 -*- | |
| # Author: Jakob Friedl | |
| # Created on: Mon, 16. Oct 2023 | |
| # Description: Shhhloader support for Havoc C2 framework | |
| # Usage: Load this script into Havoc: Scripts -> Scripts Manager -> Load to create Shhhloader Tab | |
| import os, sys, subprocess | |
| import threading | |
| import havoc |