Skip to content

Instantly share code, notes, and snippets.

View subat0mik's full-sized avatar
👻

Duane Michael subat0mik

👻
195 followers · 19 following
View GitHub Profile
@EvanMcBroom
EvanMcBroom / sms-crypto-unobfuscate-string.c
Last active January 24, 2024 23:48
SCCM Credential Recovery for Network Access Accounts
/*
* Research by Evan McBroom and Chris Thompson (@_Mayyhem)
* Roger Zander made security recommendations for SCCM based on the claim that NAA credentials could be recovered.
* Source: https://rzander.azurewebsites.net/network-access-accounts-are-evil/
* Roger stated that recover was "possible with a few lines of code" but did not provide any code. Here is working code.
*/
#include <Windows.h>
#include <stdio.h>
@EvanMcBroom
EvanMcBroom / encrypting-strings-at-compile-time.md
Last active January 2, 2026 19:45
Encrypting Strings at Compile Time

Encrypting Strings at Compile Time

Thank you to SpecterOps for supporting this research and to Duane and Matt for proofreading and editing! Crossposted on the SpecterOps Blog.

TLDR: You may use this header file for reliable compile time string encryption without needing any additional dependencies.

Programmers of DRM software, security products, or other sensitive code bases are commonly required to minimize the amount of human readable strings in binary output files. The goal of the minimization is to hinder others from reverse engineering their proprietary technology.

Common approaches that are taken to meet this requirement often add an additional maintenance burden to the developer and are prone to error. These approaches will be presented along with t

@xpn
xpn / sccmdecryptpoc.cs
Last active March 7, 2026 19:33
SCCM Account Password Decryption POC
// Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;)
// Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work.
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
namespace SCCMDecryptPOC
{
internal class Program
@dirkjanm
dirkjanm / schemaquery.py
Created July 11, 2022 15:55
Query property sets from the AD schema
#!/usr/bin/env python
####################
#
# Copyright (c) 2022 Dirk-jan Mollema (@_dirkjan)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
@t94j0
t94j0 / Get-Hashes.ps1
Created July 26, 2024 22:07
You need it every once in a while
Get-ChildItem -Recurse -File | Select-Object @{Name="FileName";Expression={$_.Name}}, @{Name="MD5";Expression={(Get-FileHash $_.FullName -Algorithm MD5).Hash}}, @{Name="SHA256";Expression={(Get-FileHash $_.FullName -Algorithm SHA256).Hash}} | Export-Csv -Path "FileHashes.csv" -NoTypeInformation; Import-Csv "FileHashes.csv" | Format-Table -AutoSize