Rich Warren rxwx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iostream> | |
| #include <fstream> | |
| #include <amsi.h> | |
| #define NtCurrentProcess() ( (HANDLE)(LONG_PTR) -1 ) | |
| #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) | |
| // https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet/ | |
| typedef struct tagHAMSICONTEXT { |
rxwx
/ AmsiContextHook.cpp
Created
November 30, 2023 17:04
Bypass AMSI on Windows 11 by hooking the AMSI context VTable on the heap with a ROP gadget. Look ma, no code patches!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <Psapi.h> | |
| #include <metahost.h> | |
| #include <comutil.h> | |
| #include <mscoree.h> | |
| #include "patch_info.h" | |
| #include "base\helpers.h" | |
| /** | |
| * For the debug build we want: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include "VEH.h" | |
| #include "ntos.h" | |
| #include "ntrtl.h" | |
| //#include "peb.h" | |
| #include "ntldr.h" | |
| #include "hwbp.h" | |
| #include "base\helpers.h" |
rxwx
/ encrypt_dpapi_blob.py
Created
August 29, 2024 10:46
Encrypt a DPAPI blob with arbitrary master key (using Python)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from Crypto.Cipher import AES, DES3 | |
| from Crypto.Hash import HMAC, SHA1, SHA512, SHA256 | |
| from Crypto.Util.Padding import pad | |
| from io import BytesIO | |
| import argparse | |
| import string | |
| import base64 | |
| import uuid | |
| import os |
rxwx
/ winget-fix-alt.ps1
Last active
February 19, 2025 14:38
Install winget in Windows Sandbox (fix)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # fix wmi | |
| winmgmt /resetrepository | |
| Restart-Service Winmgmt | |
| Get-CimInstance -Namespace root/cimv2 -ClassName Win32_PingStatus -Filter "Address='www.microsoft.com'" | |
| # alternative method: set high bandwidth limit for Delivery Optimization | |
| reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings" /v "DownloadMode" /t REG_DWORD /d 0 /f | |
| reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings" /v "DownloadModeProvider" /t REG_DWORD /d 8 /f | |
| reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings" /v "DownloadRateBackgroundBps" /t REG_DWORD /d 4294967295 /f | |
| reg add "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings" /v "DownloadRateBackgroundBpsProvider" /t REG_DWORD /d 8 /f |
OlderNewer