jfmaes’s gists

jfmaes / functionextract.py

Created April 26, 2023 07:35

MSDN function definition scraper. requires chromium driver.

	import argparse
	import selenium as se
	from selenium import webdriver
	from bs4 import BeautifulSoup
	import time
	def main():
	parser = argparse.ArgumentParser(description = 'extract function definitions from MSDN')
	parser.add_argument('--methods', help='list of methods',required=True)
	args = parser.parse_args()
	#methods_list = []

jfmaes / jumps.txt

Created October 19, 2022 14:35

dont even ask.

	ntdll.dll
	DbgQueryDebugFilterState from ntdll.dll
	DbgQueryDebugFilterState from ntdll.dll
	DbgQueryDebugFilterState from ntdll.dll
	DbgSetDebugFilterState from ntdll.dll
	EtwpGetCpuSpeed from ntdll.dll
	LdrAccessResource from ntdll.dll
	LdrCallEnclave from ntdll.dll
	LdrProcessRelocationBlockEx from ntdll.dll
	NtQuerySystemTime from ntdll.dll

jfmaes / Invoke-SyncMeUp.ps1

Created February 26, 2022 10:28

Invoke-SyncMeUp.ps1

	function Invoke-SyncMeUp{
	[CmdletBinding()]
	Param (
	[Parameter(Mandatory=$True)]
	[string]$AccountName
	)
	$dse = [ADSI]"LDAP://Rootdse"
	$namingcontext = $dse.defaultNamingContext
	echo "Giving $AccountName DCSync rights"
	dsacls.exe $namingcontext /G $AccountName":CA;Replicating Directory Changes All" $AccountName":CA;Replicating Directory Changes"

jfmaes / ipexploder.py

Created January 27, 2022 11:41

explode ips

	import argparse
	from ipaddress import IPv4Network
	import os


	def banner():
	print(r"""
	c=====e
	H
	____________ _,,_H____

jfmaes / SANSReflection.txt

Created October 4, 2021 11:59

Register for the SEC699 ;-)

	Hi SANS Workshop Attendees! Reflection is super fun!

	amsi.dll
	AmsiScanBuffer
	uFcAB4DD

jfmaes / ssl-scraper.py

Last active September 10, 2021 16:52

extract hostnames based on SSL certificates

	#!/usr/bin/python
	import requests
	from socket import *
	from requests.packages.urllib3.contrib import pyopenssl as reqs
	from requests.packages.urllib3.exceptions import InsecureRequestWarning
	requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
	import argparse
	import ipaddress
	#import asyncio

jfmaes / .htaccess

Created March 23, 2021 12:19 — forked from curi0usJack/.htaccess

FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.

	#
	# TO-DO: set \|DESTINATIONURL\| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
	#
	# Note this version requires Apache 2.4+
	#
	# Save this file into something like /etc/apache2/redirect.rules.
	# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
	#
	# Include /etc/apache2/redirect.rules
	#

jfmaes / AppDomainResolveTest.cs

Created December 21, 2020 09:53

example ingestor of NvisoLib for the blogpost

	using System;
	using NvisoLib;
	using System.Reflection;

	namespace AppDomainResolveTest
	{
	class Program
	{
	static void Main(string[] args)
	{

jfmaes / reflectiondemo.ps1

Created December 21, 2020 09:09

Sample Reflection of the HelloFromDotNetFramework assembly for the blogpost

	clear
	$bytes=[System.IO.File]::ReadAllBytes("C:\Users\jeanm\source\repos\HelloFromDotNetFramework\bin\Release\HelloFromDotNetFramework.exe")
	$asm = [System.Reflection.Assembly]::Load($bytes)
	$params = {null}
	[HelloFromDotNetFramework.Program]::Main($params)

jfmaes / HelloFromDotNetFramework.cs

Last active December 20, 2020 21:53

Sample Hello World for blogpost

	using System;
	using System.Reflection;

	namespace HelloFromDotNetFramework
	{
	public class Program
	{
	public static void Main(string[] args)
	{
	Console.WriteLine("Hi from {0}", Assembly.GetExecutingAssembly());

Jean-François Maes jfmaes