updates

2025-11-04 13:05:26 +01:00 · 2021-10-24 23:11:42 +02:00
parent 2e115fe796
commit 558762a498
78 changed files with 124 additions and 124 deletions
--- a/red-teaming/Bypass-ConstrainedLanguageMode/Bypass-CLM.ps1
+++ b/red-teaming/Bypass-ConstrainedLanguageMode/Bypass-CLM.ps1
@@ -100,7 +100,7 @@ function Bypass-CLM
    Write-Host "`tAppLocker Constrined Language Mode Bypass via COM"
    Write-Host "`t(implementation of: @xpn's technique, as documented in:)"
    Write-Host "`t(https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)"
-    Write-Host "`n`tRe-implemented, enhanced by: Mariusz B., mgeeky"
+    Write-Host "`n`tRe-implemented, enhanced by: Mariusz Banach, mgeeky"
    Write-Host "`t-----`n"

    Write-Host "[.] Step 0. Planted DLL files in:`n`t$dstAssemblyPath`n`t$dstDllPath"
--- a/red-teaming/Bypass-ConstrainedLanguageMode/Bypass-CLM2.ps1
+++ b/red-teaming/Bypass-ConstrainedLanguageMode/Bypass-CLM2.ps1
--- a/red-teaming/Bypass-ConstrainedLanguageMode/ClmDisableDll/main.cpp
+++ b/red-teaming/Bypass-ConstrainedLanguageMode/ClmDisableDll/main.cpp
@@ -2,7 +2,7 @@
 * This DLL hosts CLR4 environment from within a native binary. This way it is possible to
 * call .NET APIs from an unmanaged runtime.
 *
- * Mariusz B., mgeeky, 19'
+ * Mariusz Banach, mgeeky, 19'
 *
 **/

--- a/red-teaming/Bypass-ConstrainedLanguageMode/README.md
+++ b/red-teaming/Bypass-ConstrainedLanguageMode/README.md
@@ -26,7 +26,7 @@ PS > .\Bypass-CLM.ps1
        (implementation of: @xpn's technique, as documented in:)
        (https://www.mdsec.co.uk/2018/09/applocker-clm-bypass-via-com/)

-        Re-implemented, enhanced by: Mariusz B., mgeeky
+        Re-implemented, enhanced by: Mariusz Banach, mgeeky
        -----

 [.] Step 0. Planted DLL files in: