paranoidrookie
🎯
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
mattifestation
/ LoadMethodScanner.ps1
Last active
April 8, 2025 14:47
A crude Load(byte[]) method scanner for UMCI bypass research
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: Matthew Graeber (@mattifestation) | |
| # Load dnlib with Add-Type first | |
| # dnlib can be obtained here: https://github.com/0xd4d/dnlib | |
| # Example: ls C:\ -Recurse | Get-AssemblyLoadReference | |
| filter Get-AssemblyLoadReference { | |
| param ( | |
| [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] | |
| [Alias('FullName')] | |
| [String] | |
| [ValidateNotNullOrEmpty()] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo strUrl = WScript.Arguments.Item(0) > wget.vbs | |
| echo StrFile = WScript.Arguments.Item(1) >> wget.vbs | |
| echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs | |
| echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs | |
| echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs | |
| echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs | |
| echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs | |
| echo Err.Clear >> wget.vbs | |
| echo Set http = Nothing >> wget.vbs | |
| echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs |
NewerOlder