mgeeky
/ spoof.py
Created
August 30, 2025 10:10
— forked from ustayready/spoof.py
Simple unfinished SMTP spoof script for use with Office365 DirectSend SmartHosts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import smtplib | |
| from email.mime.text import MIMEText | |
| from email.mime.multipart import MIMEMultipart | |
| from email.mime.text import MIMEText | |
| from email.mime.base import MIMEBase | |
| from email import encoders | |
| import ssl | |
| import email | |
| import argparse |
mgeeky
/ JasonToddIsTheBestRobin.c
Created
August 23, 2025 08:15
— forked from whokilleddb/JasonToddIsTheBestRobin.c
Unnecessarily complicated way of controlling shellcode execution using InternetStatusCallback()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <wininet.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "wininet.lib") | |
| // notepad.exe shellcode | |
| char shellcode[] = { | |
| 0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51, 0x41, 0x50, 0x52, 0x51, | |
| 0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52, |
mgeeky
/ enclave.c
Created
August 3, 2025 22:36
— forked from whokilleddb/enclave.c
Run shellcode using LdrCallEnclave
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| // Shellcode template from: https://gist.github.com/kkent030315/b508e56a5cb0e3577908484fa4978f12 | |
| // Compile using: x86_64-w64-mingw32-gcc -m64 enclave.c -o enclace.exe -lntdll | |
| EXTERN_C NTSYSAPI | |
| NTSTATUS | |
| NTAPI LdrCallEnclave( | |
| _In_ PENCLAVE_ROUTINE Routine, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Return, but across multiple frames. | |
| // | |
| // This function unwinds the given number of frames, then sets the return value provided, emulating as if this number | |
| // of functions returned, with the last one returning the value provided in RetVal. Can be used to hook a callee when | |
| // you don't have a convenient way to hook it directly and actually just want to stub it out with a return value. | |
| // | |
| // @param FramesToSkip The number of frames to skip, starting from the current frame. | |
| // @param RetVal The value to return from the last frame. | |
| // @param Context Context to start from, in case you want to SuperReturn from somewhere deeper. | |
| DECLSPEC_NOINLINE void SuperReturn( |
mgeeky
/ cortex.txt
Created
June 13, 2025 08:21
— forked from Yeeb1/cortex.txt
XDR Network Requirements
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ||*.xdr.*.paloaltonetworks.com^ | |
| ||*.traps.paloaltonetworks.com^ | |
| ||distributions.traps.paloaltonetworks.com^ | |
| ||*.paloaltonetworks.com^ | |
| ||panw-xdr-installers-prod-us.storage.googleapis.com^ | |
| ||panw-xdr-payloads-prod-us.storage.googleapis.com^ | |
| ||global-content-profiles-policy.storage.googleapis.com^ | |
| ||panw-xdr-evr-prod-*.storage.googleapis.com^ | |
| ||panw-xdr-installers-prod-fr.storage.googleapis.com^ | |
| ||panw-xdr-payloads-prod-fr.storage.googleapis.com^ |
mgeeky
/ azure_client_ids.txt
Created
June 1, 2025 19:57
— forked from dafthack/azure_client_ids.txt
A collection of client IDs that can be used to authenticate a user, and their associated application name that shows up in Azure Sign-In logs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 00b41c95-dab0-4487-9791-b9d2c32c80f2 - Office 365 Management | |
| 04b07795-8ddb-461a-bbee-02f9e1bf7b46 - Microsoft Azure CLI | |
| 0ec893e0-5785-4de6-99da-4ed124e5296c - Office UWP PWA | |
| 18fbca16-2224-45f6-85b0-f7bf2b39b3f3 - Microsoft Docs | |
| 1950a258-227b-4e31-a9cf-717495945fc2 - Microsoft Azure PowerShell | |
| 1b3c667f-cde3-4090-b60b-3d2abd0117f0 - Windows Spotlight | |
| 1b730954-1685-4b74-9bfd-dac224a7b894 - Azure Active Directory PowerShell | |
| 1fec8e78-bce4-4aaf-ab1b-5451cc387264 - Microsoft Teams | |
| 22098786-6e16-43cc-a27d-191a01a1e3b5 - Microsoft To-Do client | |
| 268761a2-03f3-40df-8a8b-c3db24145b6b - Universal Store Native Client |
mgeeky
/ Get-AzureADPSPermissionGrants.ps1
Created
May 5, 2025 16:01
— forked from psignoret/Get-AzureADPSPermissionGrants.ps1
Get all permissions granted to an app in Azure AD
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Lists delegated permission grants (OAuth2PermissionGrants) and application permissions grants (AppRoleAssignments) granted to an app. | |
| .PARAMETER ObjectId | |
| The ObjectId of the ServicePrincipal object for the app in question. | |
| .PARAMETER AppId | |
| The AppId of the ServicePrincipal object for the app in question. |
mgeeky
/ Obsidian Snippets
Created
March 29, 2025 22:08
— forked from Mearman/Obsidian Snippets
Obsidian Snippets
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| A collection of snippets |
mgeeky
/ Program.cs
Created
March 4, 2025 20:22
— forked from wavvs/Program.cs
AMSI bypass via HAMSICONTEXT corruption (Windows 11 supported)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| using System.Runtime.InteropServices; | |
| using System.Reflection; | |
| using System.Diagnostics; | |
| using System.Threading; | |
| using System.IO; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // How to locate the WOW64 Callback Table in ntdll.dll | |
| // | |
| // @modexpblog | |
| // | |
| #define PHNT_VERSION PHNT_VISTA | |
| #include <phnt_windows.h> | |
| #include <phnt.h> |
NewerOlder