Skip to content

Instantly share code, notes, and snippets.

View secdev02's full-sized avatar

Casey secdev02

9 followers · 0 following
View GitHub Profile
@secdev02
secdev02 / FakeFiles.cs
Created November 14, 2025 23:36
Minimalist Fake Folders
using System;
using System.IO;
using System.Text;
namespace FakeCloudFolder
{
class Program
{
static string CloudRoot = @"C:\FakeCloudRoot";
@secdev02
secdev02 / basic.xml
Last active November 15, 2025 13:57
MSBuild - PropertyGroup Functions
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" >
<Target Name="Hello" >
<!-- Call ANY .NET API -->
<!--
Author: Casey Smith, Twitter: @_subTee
License: BSD 3-Clause
@secdev02
secdev02 / simple.xml
Created November 14, 2025 17:48
Set-Spike
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" >
<Target Name="Hello" >
<!-- Call ANY .NET API -->
<!--
Author: Casey Smith, Twitter: @_subTee
License: BSD 3-Clause
@secdev02
secdev02 / compipe.js
Created November 14, 2025 17:41
Diffusion - Example dispatch commands across process locally.
// listener.js - Monitors a file for commands
var fso = new ActiveXObject("Scripting.FileSystemObject");
var shell = new ActiveXObject("WScript.Shell");
var cmdFile = shell.ExpandEnvironmentStrings("%TEMP%") + "\\jscmd.txt";
WScript.Echo("Listening for commands at: " + cmdFile);
WScript.Echo("Send commands using: echo YOUR_CODE > " + cmdFile);
while (true) {
if (fso.FileExists(cmdFile)) {
@secdev02
secdev02 / evil.cs
Created November 13, 2025 20:01
InstallUtil HelpMe
using System;
using System.Collections.ObjectModel;
using System.Diagnostics;
/*
Author: Casey Smith, Twitter: @_subTee
License: BSD 3-Clause
@secdev02
secdev02 / Numbers.Xml
Created August 29, 2025 20:57 — forked from rvrsh3ll/Numbers.Xml
XSLT C# Examples
<?xml version='1.0'?>
<data>
<circle>
<radius>12</radius>
</circle>
<circle>
<radius>37.5</radius>
</circle>
</data>
@secdev02
secdev02 / game.py
Created June 12, 2025 04:26
SHALL WE PLAY A GAME?
#!/usr/bin/env python3
"""
Script to compute a public key on secp256k1 using a custom generator point.
"""
import hashlib
import base58
# secp256k1 curve parameters
P = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F # Field prime
@secdev02
secdev02 / Explainit.md
Created June 7, 2025 16:32
Mathematical Curiousity -

Shared Bits in secp###k1 Curves: A Cryptographic Vulnerability

This appears to be highlighting a significant cryptographic vulnerability in the secp256k1 and related elliptic curve implementations.

The Core Issue

The shared bit pattern 48ce563f89a0ed9414f5aa28ad0d96d6795f9c62 appears across multiple secp curves (160k1, 192k1, 224k1, 256k1), and as you noted, this looks suspiciously like a SHA-1 hash output.

Why This Is Problematic

@secdev02
secdev02 / Inject.cs
Created May 15, 2025 04:27 — forked from infosecn1nja/Inject.cs
DotNetToJScript Build Walkthrough
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
public class TestClass
{
public TestClass()
{}
@secdev02
secdev02 / Update_Notes.md
Created April 24, 2025 22:19 — forked from mgeeky/Update_Notes.md
You have found THE coolest gist :) Come to DerbyCon to learn more. Loading .NET Assemblies into Script Hosts - Abusing System32||SysWow64\Tasks writable property

Using Hard Links to point back to attacker controlled location.

mklink /h C:\Windows\System32\Tasks\tasks.dll C:\Tools\Tasks.dll
Hardlink created for C:\Windows\System32\Tasks\tasks.dll <<===>> C:\Tools\Tasks.dll

This can redirect the search to an arbitrary location and evade tools that are looking for filemods in a particular location.

xref: https://googleprojectzero.blogspot.com/2015/12/between-rock-and-hard-link.html