By Branden Clark - https://clark.re
spnow
/ unicode.md
Created
December 2, 2020 16:21
— forked from trietptm/unicode.md
A guide to character encoding aware development
spnow
/ resources.md
Created
December 2, 2020 16:11
— forked from trietptm/resources.md
A curated list of Assembly Language / Reversing / Malware Analysis -resources
spnow
/ SSH tunneling
Created
September 23, 2019 21:15
— forked from Jeket/ssh_tunneling.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssh -L {LOCAL_PORT}:{HOST}:{REMOTE_PORT} {REMOTE_HOST} | |
| Example | |
| ###ssh -L 3001:localhost:3001 username@host | |
spnow
/ manage-bde.wsf.txt
Created
April 4, 2018 22:37
— forked from bohops/manage-bde.wsf.txt
Abusing manage-bde.wsf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I came across an interesting Windows Script File (WSF) that has been around a while called 'manage-bde.wsf'. It may be located in SYSTEM32. | |
| Though not nearly as cool as SyncAppvPublishingServer[.com/.vbs], we can 'tamper' with manage-bde.wsf to run things in unattended ways. | |
| Here are a few examples that you may or may not find useful - | |
| 1) Replace ComSpec Variable | |
| set comspec=c:\windows\system32\calc.exe | |
| cscript manage-bde.wsf |
spnow
/ enable_bottom-up_ASLR.reg
Created
December 31, 2017 11:56
— forked from trietptm/enable_bottom-up_ASLR.reg
Enable both Mandatory ASLR *and* Bottom-up ASLR system-wide
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel] | |
| "MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00 | |
spnow
/ Injectable.cpp
Created
December 31, 2017 11:55
— forked from trietptm/Injectable.cpp
Simple UserMode Hook Example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| FARPROC fpCreateProcessW; | |
| BYTE bSavedByte; | |
| // Blog Post Here: | |
| // https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108 | |
| // tasklist | findstr explore.exe |
spnow
/ Get-Doppelgangers.ps1
Created
December 31, 2017 11:54
— forked from trietptm/Get-Doppelgangers.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-Doppelgangers | |
| { | |
| <# | |
| .SYNOPSIS | |
| Detects use of NTFS transactions for stealth/evasion, aka 'Process Doppelganging' | |
| Author: Joe Desimone (@dez_) | |
| License: BSD 3-Clause | |
spnow
/ Pentest-Tools-Install.sh
Created
December 31, 2017 11:52
— forked from trietptm/Pentest-Tools-Install.sh
Simple script to install the tools I most often use for pentesting.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/bash | |
| # This script sets up two directories. One in ~/tools/ which contains tools that I often use on pentests. | |
| # The other directory is in /var/www/html/ that contains tools/scripts that I often pull down from | |
| # and run on victim machines. | |
| toollist=( | |
| 'https://github.com/ilneill/Py-CiscoT7.git' | |
| 'https://github.com/rsmudge/cortana-scripts.git' | |
| 'https://github.com/CoreSecurity/impacket.git' |
spnow
/ vsA766A4.txt
Created
December 31, 2017 11:52
— forked from trietptm/vsA766A4.txt
https://pastebin.com/vsA766A4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| cd /opt/ | |
| a=`cat <<-EOF | |
| https://github.com/CyberArkLabs/ACLight | |
| https://github.com/EtixLabs/cameradar | |
| https://github.com/UltimateHackers/XSStrike | |
| https://github.com/peterpt/eternal_scanner | |
| https://github.com/kgretzky/evilginx | |
| https://github.com/1N3/Findsploit | |
| https://github.com/fuzzbunch/fuzzbunch |
spnow
/ eternalblue_merge_shellcode.py
Created
August 9, 2017 14:05
— forked from mgeeky/eternalblue_merge_shellcode.py
Windows x64 and x86 kernel shellcode for eternalblue exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file has no update anymore. Please see https://github.com/worawit/MS17-010 | |
| import sys | |
| from struct import pack | |
| if len(sys.argv) < 4: | |
| print('Usage: {} sc_x86 sc_x64 sc_out'.format(sys.argv[0])) | |
| sys.exit() | |
| sc_x86 = open(sys.argv[1], 'rb').read() | |
| sc_x64 = open(sys.argv[2], 'rb').read() |
NewerOlder