Skip to content

Instantly share code, notes, and snippets.

@Neo23x0
Neo23x0 / iddqd.yar
Last active August 1, 2024 09:08
IDDQD - Godmode YARA Rule
/*
WARNING:
the newest version of this rule is now hosted here:
https://github.com/Neo23x0/god-mode-rules/blob/master/godmode.yar
*/
/*
_____ __ __ ___ __
@j00ru
j00ru / WCTF_2018_searchme_exploit.cpp
Created July 18, 2018 14:09
WCTF 2018 "searchme" exploit by Mateusz "j00ru" Jurczyk
// WCTF 2018 "searchme" task exploit
//
// Author: Mateusz "j00ru" Jurczyk
// Date: 6 July 2018
// Tested on: Windows 10 1803 (10.0.17134.165)
//
// See also: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
#include <Windows.h>
#include <winternl.h>
#include <ntstatus.h>
@makelariss
makelariss / uacbypasstokenmanipulation.py
Last active February 29, 2024 19:21
Fileless AlwaysNotify UAC Bypass using CIA Vault7's Token Manipulation
# -*- coding: utf-8 -*-
# All credits go to CIA: https://gist.github.com/hfiref0x/59c689a14f1fc2302d858ae0aa3f6b86 (please don't hack me <3 :))
# This is trully a Always Notify UAC Bypass,cause it uses process enumeration to find elevated processes. Since you need administrative privileges to get TOKEN_ELEVATION,we look for processes with manifests that have <autoElevate></autoElevate> set to True.
from ctypes.wintypes import *
from ctypes import *
from enum import IntEnum
kernel32 = WinDLL('kernel32', use_last_error=True)
advapi32 = WinDLL('advapi32', use_last_error=True)
shell32 = WinDLL('shell32' , use_last_error=True)
@moshekaplan
moshekaplan / pdf_decrypt.py
Created November 16, 2016 17:54
PyPDF2 attempt at decryption
PyPDF2 attempt at decryption
Modifications to file: pdf.py
References:
http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/pdfs/pdf_reference_1-7.pdf
https://github.com/qpdf/qpdf/blob/master/libqpdf/QPDF_encryption.cc#L400
http://security.stackexchange.com/questions/95781/what-security-scheme-is-used-by-pdf-password-encryption-and-why-is-it-so-weak
def decode_permissions(self, permissions_code):
@moshekaplan
moshekaplan / PatchExtract125.ps1
Created November 15, 2016 23:27 — forked from anonymous/PatchExtract125.ps1
Patch Extract v1.25 by Greg Linares (@Laughing_Mantis)
<#
================
PATCHEXTRACT.PS1
=================
Version 1.25 Microsoft MSU Patch Extraction and Patch Organization Utility by Greg Linares (@Laughing_Mantis)
This Powershell script will extract a Microsoft MSU update file and then organize the output of extracted files and folders.
Organization of the output files is based on the patch's files and will organize them based on their archicture (x86, x64, or wow64)
as well as their content-type, ie: resource and catalog files will be moved to a JUNK subfolder and patch binaries and index files will
@moshekaplan
moshekaplan / plink_socks_proxy.bat
Last active March 22, 2024 08:12
plink SOCKS proxy short guide
@kevin-smets
kevin-smets / iterm2-solarized.md
Last active November 14, 2024 15:40
iTerm2 + Oh My Zsh + Solarized color scheme + Source Code Pro Powerline + Font Awesome + [Powerlevel10k] - (macOS)

Default

Default

Powerlevel10k

Powerlevel10k

@jirutka
jirutka / rules-both.iptables
Created September 18, 2012 12:42
Basic iptables template for ordinary servers (both IPv4 and IPv6)
###############################################################################
# The MIT License
#
# Copyright 2012-2014 Jakub Jirutka <[email protected]>.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is