Persistence using Startup Folder
One of the most simple persistence methods when you have access as a non-administrative user is using the Startup folder. However, it is not so easy to go completely unnoticed by the legitimate user.
DNS Exfiltration
Notes and custom scripts for DNS exfiltration using DigitalOcean and GoDaddy. This project is a complement for SharpCovertTube, it covers how to receive and decode the DNS exfiltrated data.
SharpCovertTube - Using Youtube as covert channel
A program to control Windows systems remotely by uploading videos to Youtube, using C# for the listener and Python to create the videos. The QR codes can be in cleartext or AES-encrypted values.
Playing with process injection in Golang
niiidoru (“ニードル”) is a framework for Process Injection in Windows developed in Go.
Get process handles from process name in Go
Get process(es) from the process name using NtGetNextProcess and GetProcessImageFileName API calls, a stealthier alternative and written in Go this time.
Get process handles from process name in C#
Get process(es) from the process name using NtGetNextProcess and GetProcessImageFileName API calls, a stealthier alternative and written in C#.
CESP-ADCS Course Cheatsheet
Cheatsheet I created while completing the CESP-ADCS course by Altered Security, focused in Active Directory Certificate Services (ADCS) attacks
Calling C# code from Powershell
One of the reasons why I like programming some PoCs using C# is the possibility to later run the code in Powershell. In this post we will see some basic examples and how to prepare your C# code to run it using Powershell.