Standard escape codes are prefixed with Escape:
- Ctrl-Key:
^[ - Octal:
\033 - Unicode:
\u001b - Hexadecimal:
\x1B - Decimal:
27
View GitHub Profile
mgeeky
/ AddVectoredExceptionHandler.cpp
Created
October 22, 2024 22:16
Rebuilt RtlAddVectoredExceptionHandler so that it doesn't use the ntdll imported function. This way it would be more difficult than just putting a breakpoint on RtlAddVectoredExceptionHandler to log your function. To make it a little better you could inline EncodePointer which would only a few extra lines. Structs might be documented somewhere h…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <winternl.h> | |
| // Types | |
| using LdrProtectMrdata_t = void(__stdcall*)(int); | |
| using LdrProtectMrdataHeap_t = void(__thiscall*)(int); | |
| struct ExceptionRecord_t { | |
| LIST_ENTRY entry; | |
| int* unknown_intptr; |
mgeeky
/ ldrloaddll_hook.c
Created
October 20, 2024 10:39
— forked from bats3c/ldrloaddll_hook.c
Hook LdrLoadDll to whitelist DLLs being loaded into a process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <winternl.h> | |
| #define dwAllowDllCount 1 | |
| CHAR cAllowDlls[dwAllowDllCount][MAX_PATH] = { | |
| "W:\\allowed.dll" | |
| }; | |
| VOID HookLoadDll(LPVOID lpAddr); |
mgeeky
/ jscript.ps1
Created
October 12, 2024 19:35
— forked from gabemarshall/jscript.ps1
Executing JScript from Powershell via .NET reflection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Reflection.Assembly]::LoadWithPartialName('Microsoft.JScript'); | |
| $js = 'var js = new ActiveXObject("WScript.Shell");js.Run("calc");' | |
| [Microsoft.JScript.Eval]::JScriptEvaluate($js,[Microsoft.JScript.Vsa.VsaEngine]::CreateEngine()); |
mgeeky
/ shellcode.js
Created
October 11, 2024 08:44
— forked from Ridter/shellcode.js
Execute ShellCode Via Jscript.NET
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import System; | |
| import System.Runtime.InteropServices; | |
| import System.Reflection; | |
| import System.Reflection.Emit; | |
| import System.Runtime; | |
| import System.Text; | |
| //C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe Shellcode.js | |
| //C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe Shellcode.js | |
mgeeky
/ Program.cs
Created
August 24, 2024 12:34
— forked from susMdT/Program.cs
haha funny jit go brrrr
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.CompilerServices; | |
| using System.Reflection; | |
| using System.Reflection.Emit; | |
| namespace FunkyJit | |
| { | |
| class Program | |
| { | |
| public static void Nothing() { Console.WriteLine(); } | |
| static void Main(string[] args) |
mgeeky
/ vdm_lua_extract.py
Created
March 25, 2024 18:54
— forked from HackingLZ/vdm_lua_extract.py
VDM Lua Extractor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Original script and research by commial | |
| ### https://github.com/commial/experiments/tree/master/windows-defender | |
| ### Set LUADec_Path to binary | |
| ### https://github.com/viruscamp/luadec | |
| import struct | |
| import argparse | |
| import sys | |
| import os | |
| import io | |
| import subprocess |
mgeeky
/ DInjectQueuerAPC.cs
Created
June 27, 2023 22:40
— forked from jfmaes/DInjectQueuerAPC.cs
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| namespace DinjectorWithQUserAPC | |
| { | |
| public class Program |
mgeeky
/ Dynamic_PInvoke_Shellcode.cs
Created
June 22, 2023 19:19
— forked from bohops/Dynamic_PInvoke_Shellcode.cs
Dynamic_PInvoke_Shellcode.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //original runner by @Arno0x: https://github.com/Arno0x/CSharpScripts/blob/master/shellcodeLauncher.cs | |
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.Reflection; | |
| using System.Reflection.Emit; | |
| namespace ShellcodeLoader | |
| { | |
| class Program |
mgeeky
/ Application_Guard_WDAC_Policy.xml
Created
June 22, 2023 19:18
— forked from bohops/Application_Guard_WDAC_Policy.xml
Microsoft Defender Application Guard WDAC policy (for Edge). Converted using @mattifestation's ConvertTo-CIPolicy PowerShell Script [https://gist.github.com/mattifestation/92e545bf1ee5b68eeb71d254cec2f78e]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <SiPolicy xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:schemas-microsoft-com:sipolicy"> | |
| <VersionEx>10.0.3.14</VersionEx> | |
| <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> | |
| <PolicyID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyID> | |
| <BasePolicyID>{A244370E-44C9-4C06-B551-F6016E563076}</BasePolicyID> | |
| <Rules> | |
| <Rule> | |
| <Option>Enabled:UMCI</Option> | |
| </Rule> |