Skip to content

Instantly share code, notes, and snippets.

View tr4nc3's full-sized avatar

tr4nc3

23 followers · 69 following
View GitHub Profile
@xpn
xpn / InstallUtil-Shellcode-cs
Created May 11, 2018 01:15 — forked from lithackr/InstallUtil-Shellcode-cs
From https://gist.github.com/subTee/408d980d88515a539672
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@shortjared
shortjared / list.txt
Last active October 22, 2025 13:34
List of AWS Service Principals
a4b.amazonaws.com
access-analyzer.amazonaws.com
account.amazonaws.com
acm-pca.amazonaws.com
acm.amazonaws.com
airflow-env.amazonaws.com
airflow.amazonaws.com
alexa-appkit.amazon.com
alexa-connectedhome.amazon.com
amazonmq.amazonaws.com
@its-a-feature
its-a-feature / Domain Enumeration Commands
Created January 7, 2018 21:03
Common Domain Enumeration commands in Windows, Mac, and LDAP
Domain: TEST.local
User Enumeration:
Windows:
net user
net user /domain
net user [username]
net user [username] /domain
wmic useraccount
Mac:
dscl . ls /Users
@pydevops
pydevops / gcloud-cheat-sheet.md
Last active November 12, 2025 16:34
gcp gcloud cheat sheet
@ropnop
ropnop / lookupadmins.py
Last active February 10, 2025 16:53
Python script using Impacket to enumerate local administrators over SAMR
#!/usr/bin/env python
#
# Title: lookupadmins.py
# Author: @ropnop
# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR
# Similar in function to Get-NetLocalGroup from Powerview
# Won't work against Windows 10 Anniversary Edition unless you already have local admin
# See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016
#
# Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket
@xorrior
xorrior / PELoader.cs
Created July 12, 2017 01:54
Reflective PE Loader - Compressed Mimikatz inside of InstallUtil
using System;
using System.IO;
using System.IO.Compression;
using System.Text;
using System.Collections.Generic;
using System.Configuration.Install;
using System.Runtime.InteropServices;
@markusleh
markusleh / volatility-pool-visualize.py
Last active June 25, 2021 14:14
Python program to visualize Windows bigpool content
import svgwrite
import volatility.conf as conf
import volatility.registry as registry
import volatility.plugins.volshell as shell
registry.PluginImporter()
config = conf.ConfObject()
import volatility.commands as commands
import volatility.addrspace as addrspace
import volatility.utils as utils
registry.register_global_options(config, commands.Command)
@hellman
hellman / rsa_timing_attack_d_Montgomery.py
Created May 1, 2017 12:23
DEF CON 2017 Quals - Godzilla (Reverse/Crypto)
#-*- coding:utf-8 -*-
'''
DEF CON 2017 Quals - Godzilla (Reverse)
Timing attack on RSA decryption.
Based on http://www.cs.jhu.edu/~fabian/courses/CS600.624/Timing-full.pdf
Another solutions:
https://gist.github.com/nneonneo/367240ae2d8e705bb9173a49a7c8b0cd by b2xiao
https://gist.github.com/Riatre/caac24840b176cf843b3f66ad9a5eeaf by riatre
@atifaziz
atifaziz / Unprotect-ProtectedData.ps1
Created March 31, 2017 06:25
Decrypting DPAPI-protected Base64 data from PowerShell
Add-Type -AssemblyName System.Security;
[Text.Encoding]::ASCII.GetString([Security.Cryptography.ProtectedData]::Unprotect([Convert]::FromBase64String((type -raw (Join-Path $env:USERPROFILE foobar))), $null, 'CurrentUser'))
@jaredcatkinson
jaredcatkinson / Get-InjectedThread.ps1
Last active October 14, 2025 02:45
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION