The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:
- APT33
- APT34
- APT39
- Charming Kitten
sasqwatch
/ TestAssembly.cs
Created
November 4, 2019 18:37
— forked from Arno0x/TestAssembly.cs
This code shows how to load a CLR in an unmanaged process, then load an assembly from memory (not from a file) and execute a method
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| ================================ Compile as a .Net DLL ============================== | |
| C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs | |
| */ | |
| using System.Windows.Forms; | |
| namespace TestNamespace |
sasqwatch
/ shellcode.xlsm
Created
November 4, 2019 18:40
— forked from Arno0x/shellcode.xlsm
XLM (Excel 4.0 macro) to execute a shellcode into Excel (32 bits) - French Macro code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BEWARE: THIS WILL ONLY WORK IN A FRENCH VERSION OF MS-OFFICE/EXCEL | |
| 1. Open Excel | |
| 2. Click on the active tab | |
| 3. Select "Insérer" | |
| 4. Click on "Macro MS Excel 4.0". | |
| 5. This will create a new worksheet called "Macro1" | |
| ================================================================================ | |
| In the Macro1 worksheet, paste the following block in cells in column A, starting in cell A1: |
sasqwatch
/ VbaProject.OTM
Created
November 13, 2019 01:18
— forked from JohnLaTwC/VbaProject.OTM
Malicious OTM file 7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4 related to a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## uploaded by @JohnLaTwC | |
| ## thx @MalwareRE | |
| ## see https://www.virustotal.com/gui/file/7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4/detection | |
| olevba 0.54.2 on Python 3.7.2 - http://decalage.info/python/oletools | |
| =============================================================================== | |
| 7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4\7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4 | |
| Type: OLE | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO ThisOutlookSession.cls |
sasqwatch
/ AV2019.txt
Created
November 25, 2019 19:04
— forked from v-p-b/AV2019.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://seclists.org/fulldisclosure/2019/Aug/1 | |
| https://medium.com/tenable-techblog/comodo-from-sandbox-to-system-cve-2019-3969-b6a34cc85e67 | |
| https://blog.silentsignal.eu/2019/06/24/self-defenseless-exploring-kasperskys-local-attack-surface/ | |
| https://safebreach.com/Post/BitDefender-Antivirus-Free-2020-Privilege-Escalation-to-SYSTEM | |
| https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM | |
| https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM | |
| http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html | |
| https://medium.com/bugbountywriteup/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968 | |
| https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6 | |
| https://nafiez.github.io/security/poc/2019/11/22/POC-conference-present.html |
sasqwatch
/ circllu.py
Created
November 25, 2019 23:17
— forked from 7h3rAm/circllu.py
Query circl.lu API for CVE information.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pprint import pprint | |
| import requests | |
| import json | |
| def circllu_cveinfo(cve="cve-2015-1234"): | |
| customheaders = { | |
| "User-Agent": "Some script trying to be nice :)" | |
| } | |
| try: | |
| res = requests.get("http://cve.circl.lu/api/cve/%s" % (cve.upper()), headers=customheaders, verify=False) |
sasqwatch
/ 79115bb09fb8f17d9182d8b5f6f7a617ad3cd3d5eafb75b652a71d987cbb783e
Created
December 11, 2019 19:13
— forked from JohnLaTwC/79115bb09fb8f17d9182d8b5f6f7a617ad3cd3d5eafb75b652a71d987cbb783e
Python email backdoor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## uploaded by @JohnLaTwC | |
| ## passwords removed. original sample: https://www.virustotal.com/gui/file/79115bb09fb8f17d9182d8b5f6f7a617ad3cd3d5eafb75b652a71d987cbb783e/details | |
| # -*- coding: utf-8 -*- | |
| from __future__ import unicode_literals | |
| import urllib | |
| from mss import mss | |
| import smtplib | |
| import datetime |
sasqwatch
/ 26f5d965bd75023f0582303e76b513da87eca4f62279d6c7b7f8f7f37b97391f
Created
December 11, 2019 19:14
— forked from JohnLaTwC/26f5d965bd75023f0582303e76b513da87eca4f62279d6c7b7f8f7f37b97391f
Python exploit script found on VT
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## uploaded by @JohnLaTwC | |
| ## Sample hash: 26f5d965bd75023f0582303e76b513da87eca4f62279d6c7b7f8f7f37b97391f | |
| import subprocess | |
| import re | |
| import binascii | |
| import socket | |
| import struct | |
| import threading | |
| import os |
sasqwatch
/ iranian_apit_groups_possible_commands.md
Created
January 10, 2020 00:33
— forked from MSAdministrator/iranian_apit_groups_possible_commands.md
Iranian APT Groups & Possible Commands Used By These Groups
sasqwatch
/ web-servers.md
Created
February 5, 2020 18:43
— forked from willurd/web-servers.md
Big list of http static server one-liners
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
sasqwatch
/ Sosemanuk.cs
Created
July 23, 2020 18:38
— forked from Demonslay335/Sosemanuk.cs
Sosemanuk cryptographic algorithm in C#.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Adapted from https://www.seanet.com/~bugbee/crypto/sosemanuk/ | |
| public class Sosemanuk | |
| { | |
| public Sosemanuk(byte[] key, byte[] iv) | |
| { | |
| BuildAlphas(); | |
| SetKey(key); | |
| SetIV(iv); | |
| } |