z-elaine z-elaine
z-elaine
/ refl.cpp
Created
March 2, 2026 03:19
— forked from GeneralTesler/refl.cpp
PoC using RtlCreateProcessReflection + MiniDumpWriteDump to dump lsass.exe process memory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iostream> | |
| #include <DbgHelp.h> | |
| #include <processsnapshot.h> | |
| #include <TlHelp32.h> | |
| #include <processthreadsapi.h> | |
| //process reflection stuff copied from: https://github.com/hasherezade/pe-sieve/blob/master/utils/process_reflection.cpp | |
| //minidump/process searching copied from: https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass | |
| //compile using: cl.exe refl.cpp /DUNICODE |
z-elaine
/ inject.c
Created
February 8, 2026 13:29
— forked from ipenywis/inject.c
Process Doppelgänging
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Ref = src | |
| // https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf | |
| // | |
| // Credits: | |
| // Vyacheslav Rusakov @swwwolf | |
| // Tom Bonner @thomas_bonner | |
| // | |
| #include <Windows.h> |
z-elaine
/ enclave.c
Created
September 22, 2025 16:00
— forked from whokilleddb/enclave.c
Run shellcode using LdrCallEnclave
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| // Shellcode template from: https://gist.github.com/kkent030315/b508e56a5cb0e3577908484fa4978f12 | |
| // Compile using: x86_64-w64-mingw32-gcc -m64 enclave.c -o enclace.exe -lntdll | |
| EXTERN_C NTSYSAPI | |
| NTSTATUS | |
| NTAPI LdrCallEnclave( | |
| _In_ PENCLAVE_ROUTINE Routine, |
z-elaine
/ main.c
Created
September 22, 2025 16:00
— forked from hfiref0x/main.c
NtLoadEnclaveData Windows 10 RS3 DSE bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Original source link https://twitter.com/hFireF0X/status/887930221466443776 | |
| // If you are here from any other link - do know that they just steal original info without giving any credit to source | |
| // This bug has been fixed in 16273 public build. | |
| #include "global.h" | |
| HINSTANCE g_hInstance; | |
| HANDLE g_ConOut = NULL; | |
| BOOL g_ConsoleOutput = FALSE; | |
| WCHAR g_BE = 0xFEFF; |
z-elaine
/ gist:10c41ed19a5f8ee3dcdd0e5d13b9a294
Created
September 14, 2025 16:59
— forked from 0xFA15E5EC/gist:4ae6338d6fc24fa0e80a07b429790ddf
Install latest Hyperion crypter on debian based distros
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sudo apt-get install mingw-64 g++-mingw-w64 g++-mingw-w64-i686 g++-mingw-w64-x86-64 wine-stable wine1.6 wine1.6-i386 libwine wine32 wine64 fonts-wine | |
| wget -c https://github.com/nullsecuritynet/tools/raw/master/binary/hyperion/release/Hyperion-1.2.zip | |
| unzip Hyperion-1.2.zip -d /tmp | |
| cd /tmp/Hyperion-1.2 | |
| i686-w64-mingw32-g++ -static-libgcc -static-libstdc++ -L . Src/Crypter/*.cpp -o crypter.exe |
z-elaine
/ ldrloaddll_hook.c
Created
September 12, 2025 03:06
— forked from bats3c/ldrloaddll_hook.c
Hook LdrLoadDll to whitelist DLLs being loaded into a process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <winternl.h> | |
| #define dwAllowDllCount 1 | |
| CHAR cAllowDlls[dwAllowDllCount][MAX_PATH] = { | |
| "W:\\allowed.dll" | |
| }; | |
| VOID HookLoadDll(LPVOID lpAddr); |
z-elaine
/ runpe64.cpp
Created
August 28, 2025 17:00
— forked from valinet/runpe64.cpp
RunPE for x64
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| RunPE for x64 - classic RunPE for 64-bit executables | |
| Copyright (C) 2020 Valentin-Gabriel Radu | |
| This program is free software; you can redistribute it and/or modify | |
| it under the terms of the GNU General Public License as published by | |
| the Free Software Foundation; either version 2 of the License, or | |
| (at your option) any later version. | |
| This program is distributed in the hope that it will be useful, |
z-elaine
/ main.cpp
Last active
January 14, 2026 06:16
— forked from monoxgas/main.cpp
Adapative DLL Hijacking - Stability Hooking
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <intrin.h> | |
| #include <string> | |
| #include <TlHelp32.h> | |
| #include <psapi.h> | |
| DWORD WINAPI Thread(LPVOID lpParam) { | |
| // Insert evil stuff | |
| ExitProcess(0); |