Skip to content

Instantly share code, notes, and snippets.

View thinkst-cs's full-sized avatar

thinkst-cs

3 followers · 0 following
View GitHub Profile
@thinkst-cs
thinkst-cs / modsqrt.py
Created January 8, 2024 22:47 — forked from nakov/modsqrt.py
mod_sqrt - Python 3 implementation
def modular_sqrt(a, p):
def legendre_symbol(a, p):
""" Compute the Legendre symbol a|p using
Euler's criterion. p is a prime, a is
relatively prime to p (if p divides
a, then a|p = 0)
Returns 1 if a has a square root modulo
p, -1 otherwise.
@thinkst-cs
thinkst-cs / primes.py
Created January 8, 2024 22:35 — forked from B45i/primes.py
Python list containing first 10,000 prime numbers
primes = [ 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
73, 79, 83, 89, 97, 101, 103, 107, 109, 113,
127, 131, 137, 139, 149, 151, 157, 163, 167, 173,
179, 181, 191, 193, 197, 199, 211, 223, 227, 229,
233, 239, 241, 251, 257, 263, 269, 271, 277, 281,
283, 293, 307, 311, 313, 317, 331, 337, 347, 349,
353, 359, 367, 373, 379, 383, 389, 397, 401, 409,
419, 421, 431, 433, 439, 443, 449, 457, 461, 463,
467, 479, 487, 491, 499, 503, 509, 521, 523, 541,
@thinkst-cs
thinkst-cs / CertificateCloning.ps1
Created December 14, 2023 21:34 — forked from mattifestation/CertificateCloning.ps1
The steps required to clone a legitimate certificate chain and sign code with it.
# We'll just store the cloned certificates in current user "Personal" store for now.
$CertStoreLocation = @{ CertStoreLocation = 'Cert:\CurrentUser\My' }
$MS_Root_Cert = Get-PfxCertificate -FilePath C:\Test\MSKernel32Root.cer
$Cloned_MS_Root_Cert = New-SelfSignedCertificate -CloneCert $MS_Root_Cert @CertStoreLocation
$MS_PCA_Cert = Get-PfxCertificate -FilePath C:\Test\MSKernel32PCA.cer
$Cloned_MS_PCA_Cert = New-SelfSignedCertificate -CloneCert $MS_PCA_Cert -Signer $Cloned_MS_Root_Cert @CertStoreLocation
$MS_Leaf_Cert = Get-PfxCertificate -FilePath C:\Test\MSKernel32Leaf.cer
@thinkst-cs
thinkst-cs / Get-LoggedOn.py
Created November 2, 2023 16:52 — forked from GeisericII/Get-LoggedOn.py
Stupid simple script copied and pasted from reg.py/lookupsid and inspired from itm4n's session enum via registry
#!/usr/bin/python3
from __future__ import division
from __future__ import print_function
import re
import codecs
import logging
import time
import argparse
import sys
from impacket import version
@thinkst-cs
thinkst-cs / tasks.cs
Created October 4, 2023 23:10 — forked from xpn/tasks.cs
Create a .NET Type Dynamically at Runtime, Execute in Script. Prototype DynamicWrapperX , but not posting that publicly
using System;
using System.EnterpriseServices;
using System.Runtime.InteropServices;
using System.Reflection;
using System.Reflection.Emit;
using System.Collections;
using System.Collections.Generic;
@thinkst-cs
thinkst-cs / _notes.md
Created October 4, 2023 22:48 — forked from djhohnstein/_notes.md
AppDomainManager Injection

Let's turn Any .NET Application into an LOL Bin

We can do this by experimenting with .config files.

Many defenders catch/detect files that are renamed, they do this by matching Original Filename to Process Name

In this example, we don't have to rename anything. We simple coerce a trusted signed app to load our Assembly.

We do this by directing the application to read a config file we provide.

@thinkst-cs
thinkst-cs / Install to default location where folder container is VHD(x)
Created September 29, 2023 14:39 — forked from skyhoshi/Install to default location where folder container is VHD(x)
This is a Gist to describe the VHDX Install folder project
Public: Github Project.
https://github.com/skyhoshi/VHDXToFolders
## Story
Project Story: (Use Case/ User Story/ My Experience)
History of the Project:
This project was one of necessity. After 20+ years of collecting, developing and loosing/misplacing projects and source files, When Windows 7 ( + Windows Server 2008) presented the ability to create Virtual Machines. Virtual Hard drives became a standard in storing a lot of “Shared” data. I had virtual hard drives that I would attach and detach from virtual machines to do maintenance and installations.
A few years ago with the introduction of Windows 10, Hyper-V and Hyper-V PowerShell Module I was able to script out the creation of Virtual Hard Drives and took the concept of sharing one step further by attaching these drives to folders (Folder Mounting).
Theories and Practice:
With this I could in theory, install games onto to my SSD drive but when I wasn’t playing the game but needed additional space on the then limited space of my SSD I could dismount a
@thinkst-cs
thinkst-cs / install_evilginx3.sh
Created August 28, 2023 19:28 — forked from dunderhay/install_evilginx3.sh
bash script to install evilginx3 on a ubuntu linux host
#!/bin/bash
set -e
GO_VERSION="1.20.6"
GO_URL="https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz"
EXPECTED_CHECKSUM="b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb"
# Log output of script
exec > >(tee -i /home/ubuntu/install.log)
exec 2>&1
@thinkst-cs
thinkst-cs / rpc.ps1
Created June 13, 2023 17:20 — forked from enigma0x3/rpc.ps1
$rpc = ls C:\Windows\System32\*.exe, C:\Windows\System32\*.dll |Get-RpcServer -DbgHelpPath "C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbghelp.dll"
foreach ($rpc1 in $rpc)
{
$ourObject = New-Object -TypeName psobject
$ourObject | Add-Member -MemberType NoteProperty -Name InterfaceID -Value $rpc1.InterfaceID
$ourObject | Add-Member -MemberType NoteProperty -Name FileName -Value $rpc1.Name
$ourObject | Add-Member -MemberType NoteProperty -Name IsRunning -Value $rpc1.IsServiceRunning
$ourObject | Add-Member -MemberType NoteProperty -Name EndpointCount -Value $rpc1.EndpointCount
$procs = $rpc1.Procedures.Name | Out-String
@thinkst-cs
thinkst-cs / nccgroupcanaryhttps.py
Created May 1, 2023 00:59 — forked from olliencc/nccgroupcanaryhttps.py
A Thinkst canary user module which listens on HTTPS
INCIDENT_NAME = "NCCGROUPHTTPS"
VERSION = "0.1"
MODULE_DESCRIPTION = "NCCGROUPHTTPS"
AUTHOR = "Ollie Whitehouse"
AUTHOR_EMAIL = "[email protected]"
CERT_FILE = "/tmp/selfsigned.crt"
KEY_FILE = "/tmp/private.key"
from opencanary.modules import CanaryService