Генератор тестилки шеллкодов, как shcode2exe, только на баше 👇🏻

#!/usr/bin/env bash

# Usage:
#   bin2compile.sh {32|64} <INPUT_BIN> [OUTPUT_EXE]
# Examples:
#   msfvenom -p windows/x64/exec CMD=calc.exe -f raw -o calc.bin
#   bin2compile.sh 64 calc.bin calc.exe

ARCH="${1}"
SC_PATH=`realpath "${2}"`
SC_NAME=`basename "${SC_PATH}"`
SC_NAME="${SC_NAME%.*}"
[[ "${#}" -gt 2 ]] && EXE_NAME="${3}" || EXE_NAME="${SC_NAME}.exe"

cat << EOT > "/tmp/${SC_NAME}.asm"
    global _start
    section .text
_start:
    incbin "${SC_PATH}"
EOT

if [[ "${ARCH}" == "32" ]]; then
    NASM_ARCH="win32"
    LD_ARCH="i386pe"
elif [[ "${ARCH}" == "64" ]]; then
    NASM_ARCH="win64"
    LD_ARCH="i386pep"
fi

echo "[*] Compile time: `date`"
echo "[*] Compiling x${ARCH}"

nasm -f "${NASM_ARCH}" -o "/tmp/${SC_NAME}.obj" "/tmp/${SC_NAME}.asm"
ld -m "${LD_ARCH}" -o "${EXE_NAME}" "/tmp/${SC_NAME}.obj"

if [[ "$?" -ne 1 ]]; then
    echo "[+] Success"
    echo "[+] Output size: `stat -c %s ${EXE_NAME} | numfmt --to=iec`"
else
    echo "[-] Failed"
fi

rm -f /tmp/${SC_NAME}.{asm,obj}

😈 [ Panagiotis Chartas @t3l3machus ]

For your #redteam enumeration and brute forcing needs, use babelstrike to transliterate and generate usernames from full names in various non-English languages (common issue from scraped employee data) 🌐 Currently, it covers Greek, Hindi, Spanish, French, Polish, and Hungarian:

🔗 https://github.com/t3l3machus/BabelStrike

Combine it with #psudohash, a password list generator that imitates password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers (leet), using char-case variations, adding a common padding before or after the main passphrase and more:

🔗 https://github.com/t3l3machus/psudohash

🐥 [ tweet ]

😈 [ SkelSec @SkelSec ]

Due to a gentle nudge from @michael_eder_ I have uploaded my pysnaffler project to Github and to pyp.
(did you know that you can sponsor me on github?)
Anyways, enjoy!

🔗 https://github.com/skelsec/pysnaffler

🐥 [ tweet ]

😈 [ Diego Capriotti @naksyn ]

Here's Process Stomping injection and how you can use it in a Mockingjay-ish way to load a Beacon on a exe's RWX section using sRDI. Check it out!

Blog:
🔗 https://www.naksyn.com/edr%20evasion/2023/11/18/mockingjay-revisited-process-stomping-srdi-beacon.html

Tool:
🔗 https://github.com/naksyn/ProcessStomping

Thanks to @hasherezade and @monoxgas for their awesome work

🐥 [ tweet ]

😈 [ Arris Huijgen @bitsadmin ]

#LOFLCAB highlight: Ssms.exe

Using SQL Server Management Studio with Kerberos authentication to obtain command execution on the SQL server using the xp_cmdshell stored procedure.

Details:
🔗 https://lofl-project.github.io/loflcab/Binaries/Ssms/

Full quality video:
🔗 https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-3#sql-server

🐥 [ tweet ][ quote ]

😈 [ D4rthMaulCop @D4rthMaulCop ]

@adamsvoboda Awesome! I wrote a quick C# port too!

🔗 https://github.com/D4rthMaulCop/DumpKernel-S1

🐥 [ tweet ]

😈 [ HackerRalf @hacker_ralf ]

Everyone takes a lot from the community... it's time to give something back yourself.

Kerbeus - BOF implementation of Rubeus (not all).

🔗 https://github.com/RalfHacker/Kerbeus-BOF

P. S. PM me about all bugs

#redteam #kerberos #havoc #cobaltstrike #bof

🐥 [ tweet ]

😈 [ hermit @ackmage ]

hi, check out this tool for easy Linux kernel building and debugging - easylkb

worked on it together with @netspooky! 💕

writeup:
🔗 http://tmpout.sh/3/20.html

repo:
🔗 http://github.com/deepseagirl/easylkb

🐥 [ tweet ]

😈 [ Synacktiv @Synacktiv ]

Unlock the Global Admin access 🏆 on Azure with this pentesting mindmap made by @alexisdanizan!

🔗 https://github.com/synacktiv/Mindmaps

🐥 [ tweet ]