QZ q-a-z
RistBS
/ shellcode_exec_workerfactory.c
Last active
April 23, 2025 19:32
Just another shellcode execution technique :)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #define PRINTDEBUG(fmt, ...) printf(fmt "\n", ##__VA_ARGS__) | |
| #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0) | |
| #define WORKER_FACTORY_FULL_ACCESS 0xf00ff | |
| typedef struct _UNICODE_STRING { |
X-C3LL
/ FreshyCalls-VBA.vba
Created
September 4, 2022 23:51
Retrieving SSN for syscalling in VBA following FreshyCalls technique
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' Proof of Concept: retrieving SSN for syscalling in VBA | |
| ' Author: Juan Manuel Fernandez (@TheXC3LL) | |
| 'Based on: | |
| 'https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/ | |
| 'https://www.crummie5.club/freshycalls/ | |
| Private Type LARGE_INTEGER |