testanull

# -*- coding: utf-8 -*-
import hashlib
import base64
import requests, string, struct, uuid, random, re
import sys
from collections import OrderedDict
from sys import version
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
# too lazy to deal with string <-> bytes confusion in python3 so forget it ¯\_(ツ)_/¯

jakobfriedl

#!/usr/bin/env python
# -*- Coding: UTF-8 -*-
# Author: Jakob Friedl
# Created on: Mon, 23. Oct 2023
# Description: Active Directory object enumeration for Havoc

import havocui 
import havoc 
import re

p4p1

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Made by papi
# Created on: Di 10 Okt 2023 01:54:42  CEST
# auto_suite.py
# Description:
#  A havoc extention to search for files inside of infected agents
# Usage:
#  To use this script save it on your machine and add it to the script manager of Havoc
#  inside of: Scripts > Scripts Manager > Load Script

adamsvoboda

%windir%\system32\WerFaultSecure.exe
%windir%\system32\mrt.exe
%windir%\system32\svchost.exe
%windir%\system32\NETSTAT.EXE
%windir%\system32\wbem\WmiPrvSE.exe
%windir%\system32\DriverStore\FileRepository\*\NVWMI\nvWmi64.exe
%programfiles(x86)%\Microsoft Intune Management Extension\ClientHealthEval.exe
%programfiles(x86)%\Microsoft Intune Management Extension\SensorLogonTask.exe
%programfiles(x86)%\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe
%programdata%\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\*\OpenHandleCollector.exe

djhohnstein

#
# Usage:
#    PS> . .\Cleanup-ClickOnce.ps1
#    PS> Cleanup-ClickOnce -Name MyAppName
#
# Other than that you might also try using these commands:
#    PS> rundll32 dfshim.dll,ShArpMaintain C:\Path\To\ClickOnce.application
#    PS> rundll32 dfshim.dll CleanOnlineAppCache
#

mgeeky

#
# Simple Powershell script that removes ClickOnce deployments entirely from file system and registry. 
# Attempts to remove both installed and online-only deployments.
#
# Authored: Mariusz Banach / mgeeky, <mb [at] binary-offensive.com>
#
# Usage:
#    PS> . .\Cleanup-ClickOnce.ps1
#    PS> Cleanup-ClickOnce -Name MyAppName
#

mgeeky

//original runner by @Arno0x: https://github.com/Arno0x/CSharpScripts/blob/master/shellcodeLauncher.cs

using System;
using System.Runtime.InteropServices;
using System.Reflection;
using System.Reflection.Emit;

namespace ShellcodeLoader
{
    class Program

bryanmcnulty

#!/usr/bin/env python3

'''
 *  Written for a CTF :)
 *  ---
 *  Author:  Bryan McNulty
 *  Contact: bryanmcnulty@protonmail.com
 *  GitHub:  https://github.com/bryanmcnulty
 *  ---
 *  Dependencies:

mgeeky

# Pack macro-enabled doc to ISO
py PackMyPayload.py Resume1337.xlsm test11.iso

# Apply MOTW on that ISO
Set-Content -Path test11.iso -Stream Zone.Identifier -Value '[ZoneTransfer]','ZoneId=3'

# Mount it
Mount-DiskImage -ImagePath test11.iso

christian-taillon

((((ParentBaseFileName IN ("*WINWORD.EXE" ,
                           "*EXCEL.EXE" ,
                           "*POWERPNT.EXE" ,
                           "*MSPUB.EXE" ,
                           "*VISIO.EXE" ,
                           "*OUTLOOK.EXE" ,
                           "*MSACCESS.EXE" ,
                           "*MSPROJECT.EXE" ,
                           "*ONENOTE.EXE"))
   AND ((CommandHistory IN ("*msdt.exe*" ,