antonioCoco

/*
	TaskManagerSecret

	Author: @splinter_code

	This is a very ugly POC for a very unreliable UAC bypass through some UI hacks.
	The core of this hack is stealing and using a token containing the UIAccess flag set.
	A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html
	From there it uses a task manager "feature" to run a new High IL cmd.exe.
	This has been developed only for fun and shouldn't be used due to its high unreliability.

smourier

#define _AFXDLL
#include <WinSock2.h> // MFC...
#include <windows.h>
#include <afxwin.h> // CBitmap
#include <atlbase.h>
#include <atlcom.h> // CComPtr
#include <d2d1.h>
#include <d2d1_3.h> // ID2D1DeviceContext5
#include <wincodec.h> // Wic

z0rs

Red Teaming tool

• General usefull Powershell Scripts
• AMSI Bypass restriction Bypass
• Payload Hosting
• Network Share Scanner
• Lateral Movement
• Reverse Shellz
• POST Exploitation

DavidBuchanan314

import zlib
import io
import sys

PNG_MAGIC = b"\x89PNG\r\n\x1a\n"

def parse_png_chunk(stream):
	size = int.from_bytes(stream.read(4), "big")
	ctype = stream.read(4)
	body = stream.read(size)

ManDeJan

.cpu cortex-m3
.syntax unified @ this is important, you won't get most of thumb-2 otherwise

.text
@ this file contains a assembly version of a lz decoder for cpse1 at the hogeschool utrecht
@ it's done in 15 instructions / 40 bytes, 20% less then what the best compiler did :)

@ compiler benchmarks
@ clang (trunk)
@ -O0 124 bytes

aaaddress1

// memBruteforce.cpp by [email protected]
// brute search loaded moudules in memory
// rewrite from https://www.exploit-db.com/exploits/45293
#include <Windows.h>
#include <iostream>
#pragma warning(disable:4996)

bool isMemExist(size_t addr) {
    int retv;
    __asm {

wdormann

<script>
    function gc() {
        for (var i = 0; i < 0x80000; ++i) {
            var a = new ArrayBuffer();
        }
    }

let shellcode = [

// Move x18 to x28 (TEB)

mjosaarinen

Markku-Juhani O. Saarinen <[email protected]>
	
Apr 11, 2021, 9:32 PM (2 days ago)
	
to [email protected], [email protected].

Hello Bitmanip and Krypto,

A colleague asked: "Why CMOV is not on the constant-time Zkt list -- the Bitmanip specification says that it is helpful for cryptography?" https://github.com/rvkrypto/riscv-zkt-list

pervognsen

# Hash, displace, and compress: http://cmph.sourceforge.net/papers/esa09.pdf
# This is expected linear time for any seeded hash function that acts like a random hash function (universality isn't enough).
# (Actually, the code as written is O(n log n) when targeting 100% load. It's O(n) when targeting any smaller load factor.)
# You can make keys_per_bucket higher than the default of 4 but construction time will start to increase dramatically.
# The paper this is based on compresses the seeds (so the fact that the algorithm tries seeds in increasing order is important)
# which brings the representation size close to the information-theoretical minimum. I don't do any of that here, but it could
# be done as a postprocess.
def make_perfect_hash(keys, load_factor=1.0, keys_per_bucket=4, rhash=murmurhash, max_seed=1000000):
    m = int(len(keys) / load_factor)
    r = int(len(keys) / keys_per_bucket)

X-C3LL

Private Declare PtrSafe Function GetModuleHandleA Lib "KERNEL32" (ByVal lpModuleName As String) As LongPtr
Private Declare PtrSafe Function GetProcAddress Lib "KERNEL32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr
Private Declare PtrSafe Sub CopyMemory Lib "KERNEL32" Alias "RtlMoveMemory" (ByVal Destination As LongPtr, ByVal Source As LongPtr, ByVal Length As Long)

'VBA Macro that detects hooks made by EDRs
'PoC By Juan Manuel Fernandez (@TheXC3LL) based on a post from SpecterOps (https://posts.specterops.io/adventures-in-dynamic-evasion-1fe0bac57aa)


Public Function checkHook(ByVal target As String, hModule As LongPtr) As Integer
    Dim address As LongPtr