eversinc33

// dllmain.cpp : Defines the entry point for the DLL application.

#include "pch.h"
#include <stdio.h>
#include <stdlib.h>

#define _CRT_SECURE_NO_DEPRECATE
#pragma warning (disable : 4996)

// generated with sharpdllproxy.

davidfowl

using System.Data.Common;
using System.Runtime.CompilerServices;
using System.Text;
using Npgsql;

GetCatalogItemsSql(null, null, null, 10);

void GetCatalogItemsSql(int? catalogBrandId, int? before, int? after, int pageSize)
{
    // This looks like it would be susceptible to SQL injection, but it's not.

usualsuspect

#!/usr/bin/env python3
#
# String decryption for unknown malware
#
# Author: @jaydinbas (2023-05-02)
#
# Reference sample:
#
# https://www.virustotal.com/gui/file/88c10674bb6a53791bfe08497948699bf57ea9980a878a3a5fc1afb160d1d234
#

X-Junior

'''
Author: Mohamed Ashraf (@X__Junior)

tested samples:
0be6f1e927f973df35dad6fc661048236d46879ad59f824233d757ec6e722bde
3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79

usage:
python3 lockbit_macos_string_decryption.py sample.bin
'''

leesh3288

Sandbox Escape in vm2@3.9.15

Summary

There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException() and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.

Proof of Concept

b4cktr4ck2

#Thank you @NotMedic for troubleshooting/validating stuff!

$password = Read-Host -Prompt "Enter Password"
#^^ Feel free to hardcode this for running in a beacon/not retyping it all the time!

$server = "admin" #This will just decide the name of the cert request files that are created. I didn't want to change the var name so it's server for now. 
$CERTPATH = "C:\Users\lowpriv\Desktop\" #Where do you want the cert requests to be stored?
$CAFQDN = "dc01.alexlab.local" #hostname of underlying CA box.
$CASERVER = "alexlab-dc01-ca" #CA name.
$CA = $CAFQDN + "\" + $CASERVER

olliewuk

@echo off
REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²°
REM °² Enumerates all files extensions                     ²°
REM °² and what opens them on Windows 10/11 in batch/cmd   ²°
REM °² twitter: @ollieatnowhere                            ²°
REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²°


REM ------------------------------------------------------
REM

Dump-GUY

import dnfile, sys, os

def Main():
    if(len(sys.argv) != 2 or sys.argv[1] == '-h' or sys.argv[1] == '--help'):
        print("Description: Creates x64dbg script for setting breakpoints on defined ImplMap (PInvoke) methods of .NET executable")
        print(f"Usage: {os.path.basename(sys.argv[0])} <filepath>\n")
        sys.exit()

    file_path = sys.argv[1]
    script_path = file_path + "_x64dbg.txt"

antonioCoco

// TcbElevation - Authors: @splinter_code and @decoder_it

#define SECURITY_WIN32
#include <windows.h>
#include <sspi.h>
#include <stdio.h>

#pragma comment(lib, "Secur32.lib")

void EnableTcbPrivilege(BOOL enforceCheck);

mgeeky

# Pack macro-enabled doc to ISO
py PackMyPayload.py Resume1337.xlsm test11.iso

# Apply MOTW on that ISO
Set-Content -Path test11.iso -Stream Zone.Identifier -Value '[ZoneTransfer]','ZoneId=3'

# Mount it
Mount-DiskImage -ImagePath test11.iso