This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright: (c) 2024, Jordan Borean (@jborean93) <jborean93@gmail.com> | |
# MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
Function New-ScheduledTaskSession { | |
<# | |
.SYNOPSIS | |
Creates a PSSession for a process running as a scheduled task. | |
.DESCRIPTION | |
Creates a PSSession that can be used to run code inside a scheduled task |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chroot /data/local/nhsystem/kalifs no such file or directory | |
type this in androidsu terminal "ln -s /data/local/nhsystem/kali-arm64 /data/local/nhsystem/kalifs" | |
Terminal says it doesnt have needed permissions | |
uninstall it with any root uninstaller and install again |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# ./ld_path_exploit.sh /usr/lib/libgpg-error.so.0 top | |
TARGET_LIB=$1 | |
MISSING_SYMBOLS="$(readelf -s --wide ${TARGET_LIB} \ | |
| grep 'FUNC\|OBJECT' \ | |
| grep -v 'UND\|ABS' \ | |
| awk '{print $8}' \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <string> | |
#include <vector> | |
#include <algorithm> | |
// White Knight Labs - Offensive Development Course | |
// DLL Guardrails Example | |
// This function extracts the file name from a given path | |
// It is used later to determine the executable name loading the DLL. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
Compression using undocumented API in rdpbase.dll | |
RDPCompressEx supports four algorithms : MPPC-8K, MPPC-64K, NCRUSH and XCRUSH. | |
This code supports all except NCRUSH. | |
The MPPC compression ratio is very similar to LZSS, so this could be quite useful for shellcode trying to evade detection. | |
NCRUSH compression appears to work but fails for decompression. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from requests.adapters import HTTPAdapter, Retry | |
from requests import Session | |
retries = Retry( | |
total=5, backoff_factor=1, status_forcelist=[502, 503, 504] | |
) | |
session = Session() # reuse tcp connection | |
session.mount("http://", HTTPAdapter(max_retries=retries)) | |
session.mount("https://", HTTPAdapter(max_retries=retries)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Author: Brandon Dalton (Red Canary Threat Research) | |
Date: 2023-12-07 | |
Summary: This script attempts to instrument the `sendEvent:event:` method of the ESCoreAnalytics class. | |
- Download this script | |
- Target: You're targeting `endpointsecurityd`, so grab its PID: `sudo launchctl list | grep endpointsecurityd` | |
- To run: `sudo frida -p $PID -l es_coreanalytics_event_subs.js` | |
*/ | |
const eventTypeMapping = { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Install-DbgHelp { | |
param ( | |
[Parameter(Mandatory=$true, Position=0)] | |
[string] $DbgHelpBaseDir, | |
[Parameter()] | |
[string[]] $DbgHelpFiles = @('dbghelp.dll','symsrv.dll','srcsrv.dll'), | |
[Parameter()] | |
[switch] $Cleanup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Security.Principal; | |
using System.Text.RegularExpressions; | |
/* | |
PoC To enumerate logged on users on a remote system using the winreg named pipe. | |
Based on the work of Rohan Vazarkar (@cptjesus) and Antonio Cocomazzi (@splinter_code). | |
RemoteRegistry service must be enabled (default) for this to work. |
NewerOlder