I hereby claim:
- I am monoxgas on github.
- I am monoxgas (https://keybase.io/monoxgas) on keybase.
- I have a public key whose fingerprint is 8138 ABBC 8C08 62A4 1E16 A697 5856 495B 4691 8AB1
To claim this, I am signing this object:
Nick Landers monoxgas
monoxgas
/ starter.ipynb
Created
March 28, 2024 22:40
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
monoxgas
/ CIPolicyParser.ps1
Created
March 13, 2024 19:48
— forked from mattifestation/CIPolicyParser.ps1
Functions to recover information from binary Windows Defender Application Control (WDAC) Code Integrity policies.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ensure System.Security assembly is loaded. | |
| Add-Type -AssemblyName System.Security | |
| function ConvertTo-CIPolicy { | |
| <# | |
| .SYNOPSIS | |
| Converts a binary file that contains a Code Integrity policy into XML format. | |
| Author: Matthew Graeber (@mattifestation) |
monoxgas
/ urbandoor.cs
Created
April 10, 2023 22:58
Minimal PoC code for Kerberos Unlock LPE (CVE-2023-21817)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using NtApiDotNet; | |
| using NtApiDotNet.Ndr.Marshal; | |
| using NtApiDotNet.Win32; | |
| using NtApiDotNet.Win32.Rpc.Transport; | |
| using NtApiDotNet.Win32.Security.Authentication; | |
| using NtApiDotNet.Win32.Security.Authentication.Kerberos; | |
| using NtApiDotNet.Win32.Security.Authentication.Kerberos.Client; | |
| using NtApiDotNet.Win32.Security.Authentication.Kerberos.Server; | |
| using NtApiDotNet.Win32.Security.Authentication.Logon; | |
| using System; |
monoxgas
/ EraseTextBoxes.bas
Last active
March 14, 2023 16:23
— forked from githubyouser/EraseTextBoxes.bas
Word VBA: Convert text boxes to plain text
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'https://answers.microsoft.com/en-us/msoffice/forum/all/removing-text-box-from-word-document-without/a4d02b2f-d168-48dc-960b-4a45cbe79d86 | |
| Sub ReplaceTextBoxes() | |
| Dim RngDoc As Range, RngShp As Range, i As Long, boundary As String | |
| With ActiveDocument | |
| For i = .Shapes.Count To 1 Step -1 | |
| With .Shapes(i) | |
| 'If .Type = msoTextBox Then | |
| 'https://eileenslounge.com/viewtopic.php?p=28255#p28255 | |
| If .TextFrame.HasText = True Then | |
monoxgas
/ keybase.md
Created
September 6, 2022 19:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use DynaLoader; | |
| use Devel::Peek; | |
| use Fcntl; | |
| use 5.008001; # because 5.6 doesn't have B::PV::object_2svref | |
| use Config; | |
| use B (); # for B::PV | |
| sub mmap { | |
| my ($addr, $size, $protect, $flags) = @_; | |
| syscall(197, $addr, $size, $protect, $flags, -1, 0); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ref: https://opensource.apple.com/source/dyld/[VERSION]/launch-cache/dsc_extractor.cpp.auto.html | |
| // > SDKROOT=`xcrun --sdk macosx --show-sdk-path` | |
| // > clang++ -o extract extract.cpp | |
| // > mkdir libraries | |
| // > ./extract /System/Library/dyld/dyld_shared_cache_x86_64 `pwd`/libraries/ | |
| #include <stdio.h> | |
| #include <stddef.h> | |
| #include <dlfcn.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import struct | |
| import binascii | |
| from itertools import cycle, zip_longest | |
| from operator import itemgetter, xor | |
| from collections import Counter | |
| import re | |
| # Some root key constants from the binary |
monoxgas
/ keybase.md
Created
August 11, 2020 19:03
I hereby claim:
- I am monoxgas on github.
- I am monoxgas (https://keybase.io/monoxgas) on keybase.
- I have a public key ASCY7hWSUiJvdx6-976NCpVJx_ePWPOc6E3cuJz5PA8dygo
To claim this, I am signing this object:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <intrin.h> | |
| #include <string> | |
| #include <TlHelp32.h> | |
| #include <psapi.h> | |
| BOOL PatchTheRet(HMODULE realModule) { | |
| // Get primary module info |
NewerOlder