[AHK] Automatic update 👽

snovvcrash · Jul 28, 2024 · 93b0f69 · 93b0f69
1 parent 49b49bc
commit 93b0f69
Showing 1 changed file with 1 addition and 84 deletions.
diff --git a/redteam/maldev/README.md b/redteam/maldev/README.md
@@ -5,7 +5,7 @@
 - [https://www.mdsec.co.uk/2022/07/part-2-how-i-met-your-beacon-cobalt-strike/](https://www.mdsec.co.uk/2022/07/part-2-how-i-met-your-beacon-cobalt-strike/)
 - [https://www.mdsec.co.uk/2022/08/part-3-how-i-met-your-beacon-brute-ratel/](https://www.mdsec.co.uk/2022/08/part-3-how-i-met-your-beacon-brute-ratel/)
 
-[EIKAR](https://ru.wikipedia.org/wiki/EICAR-Test-File) Test File:
+[EIKAR](https://ru.wikipedia.org/wiki/EICAR-Test-File) test file:
 
 ```
 $ msfvenom -p windows/messagebox TITLE="EICAR" TEXT="X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" -f raw -o eikar.bin
@@ -14,89 +14,6 @@ $ msfvenom -p windows/messagebox TITLE="EICAR" TEXT="X5O!P%@AP[4\PZX54(P^)7CC)7}
 
 
 
-## Code Snippets
-
-
-
-### C++
-
-XOR encryption:
-
-```cpp
-void XOR(char* data, size_t data_len) {
-    const char key[] = "abcdefghjiklmnopqrstuvwxyz";
-
-    int j = 0;
-    for (int i = 0; i < data_len; i++) {
-        if (j == sizeof(key) - 1) j = 0;
-        data[i] = data[i] ^ key[j];
-        j++;
-    }
-}
-```
-
-AES encryption:
-
-```cpp
-// Credit: Sektor7 RTO Malware Essential Course
-int AESDecrypt(char* payload, unsigned int payload_len, char* key, size_t keylen) {
-    HCRYPTPROV hProv;
-    HCRYPTHASH hHash;
-    HCRYPTKEY hKey;
-
-    if (!CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) return -1;
-    if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash)) return -1;
-    if (!CryptHashData(hHash, (BYTE*)key, (DWORD)keylen, 0)) return -1;
-    if (!CryptDeriveKey(hProv, CALG_AES_256, hHash, 0, &hKey)) return -1;
-    if (!CryptDecrypt(hKey, (HCRYPTHASH)NULL, 0, 0, (BYTE*)payload, (DWORD*)&payload_len)) return -1;
-
-    CryptReleaseContext(hProv, 0);
-    CryptDestroyHash(hHash);
-    CryptDestroyKey(hKey);
-
-    return 0;
-}
-```
-
-Invoke the shellcode [from an embed resource](https://www.ired.team/offensive-security/code-injection-process-injection/loading-and-executing-shellcode-from-portable-executable-resources):
-
-```cpp
-HRSRC scResource = FindResource(NULL, MAKEINTRESOURCE(IDR_RESOURCE_BIN1), "RESOURCE_BIN");
-DWORD shellcodeSize = SizeofResource(NULL, scResource);
-HGLOBAL scResourceData = LoadResource(NULL, scResource);
-
-unsigned char* shellcode;
-shellcode = (unsigned char*)malloc(shellcodeSize);
-
-memcpy(shellcode, scResourceData, shellcodeSize);
-```
-
-
-
-### Python
-
-Run OS command:
-
-{% code title="runCmd.py" %}
-```python
-import subprocess, shlex
-
-def run_command(command):
-	process = subprocess.Popen(shlex.split(command), stdout=subprocess.PIPE, stderr=subprocess.STDOUT, shell=False)
-	while True:
-		output = process.stdout.readline().decode()
-		if output == '' and process.poll() is not None:
-			break
-		if output:
-			print(output.strip())
-	res = process.poll()
-	return res
-```
-{% endcode %}
-
-
-
-
 ## Blog Series / Books
 
 - [https://cocomelonc.github.io/](https://cocomelonc.github.io/)