Skip to content

Instantly share code, notes, and snippets.

@ChoiSG
ChoiSG / rsrcDecryptAssembly.nim
Last active September 19, 2022 17:31
embed .net, decrypt, load and execute in nim poc
import nimcrypto
import winim/clr except `[]` # https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/ <-- thank you so much, 2 hours googling I almost went crazy
#[
All credit goes to @byt3bl33d3r (OffensiveNim) and @s3cur3th1ssh1t
nimble install winim nimcrypto zippy
nim c -d:danger -d:strip --opt:size rsrcDecryptAssembly.nim
slurp = "staticRead" will read the file and store it in the variable (.rdata) on compile time.
@jfmaes
jfmaes / DInjectQueuerAPC.cs
Created November 13, 2020 19:00
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
namespace DinjectorWithQUserAPC
{
public class Program
@jeffmcjunkin
jeffmcjunkin / gist:d5fb8dbf15cbd5d37a77fafccda4d969
Created October 6, 2020 14:53
Retrieving SSSD plain text passwords (krb5_store_password_if_offline)
for who ever this interest, if you enable krb5_store_password_if_offline in the SSSD configuration, the AD password for accounts is stored in plaintext in the kernel keyring
to dump the clear text password you can do :
```
gdb -p <PID_OF_SSSD>
call system("keyctl show > /tmp/output")
```
From the /tmp/output locate the key_id for the user you want
Example of an output is :
@alejandrosaenz117
alejandrosaenz117 / clone_bot.py
Last active June 13, 2025 15:28
A python script to clone multiple repositories into a single directory.
# The MIT License (MIT)
# Copyright (c) 2020 Alejandro Saenz
# Copyright (c) 2020 Jonn Callahan
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the Software
# is furnished to do so, subject to the following conditions:
@jhaddix
jhaddix / content_discovery_all.txt
Created May 26, 2018 11:51
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
`
~/
~
ים
___
__
_
---
@jaradc
jaradc / entropy_calculation_in_python.py
Last active November 18, 2024 16:15
Four different ways to calculate entropy in Python
import numpy as np
from scipy.stats import entropy
from math import log, e
import pandas as pd
import timeit
def entropy1(labels, base=None):
value,counts = np.unique(labels, return_counts=True)
return entropy(counts, base=base)
function Create-LNKPayload{
<#
.SYNOPSIS
Generates a malicous LNK file
.PARAMETER LNKName
Name of the LNK file you want to create.
@mattifestation
mattifestation / Example_WMI_Detection_EventLogAlert.ps1
Created January 14, 2016 21:53
An example of how to use permanent WMI event subscriptions to log a malicious action to the event log
# Define the signature - i.e. __EventFilter
$EventFilterArgs = @{
EventNamespace = 'root/cimv2'
Name = 'LateralMovementEvent'
Query = 'SELECT * FROM MSFT_WmiProvider_ExecMethodAsyncEvent_Pre WHERE ObjectPath="Win32_Process" AND MethodName="Create"'
QueryLanguage = 'WQL'
}
$InstanceArgs = @{
Namespace = 'root/subscription'