SYMBOL INDEX (129 symbols across 18 files) FILE: 01 - Process Games/DLL/shellcodeHollower.cs class ProcessHollowing (line 6) | public class ProcessHollowing type STARTUPINFO (line 9) | [StructLayout(LayoutKind.Sequential)] type PROCESS_INFORMATION (line 32) | [StructLayout(LayoutKind.Sequential)] type PROCESS_BASIC_INFORMATION (line 41) | [StructLayout(LayoutKind.Sequential)] method CreateProcess (line 57) | [DllImport("kernel32.dll", SetLastError = true)] method NtQueryInformationProcess (line 71) | [DllImport("ntdll.dll")] method NtReadVirtualMemory (line 80) | [DllImport("ntdll.dll")] method WriteProcessMemory (line 89) | [DllImport("kernel32.dll")] method NtResumeThread (line 98) | [DllImport("ntdll.dll", SetLastError = true)] method PerformProcessHollowing (line 102) | public static void PerformProcessHollowing() FILE: 01 - Process Games/DLL/shellcodeInject.cs class Injector (line 9) | public class Injector type CLIENT_ID (line 15) | [StructLayout(LayoutKind.Sequential)] type OBJECT_ATTRIBUTES (line 22) | [StructLayout(LayoutKind.Sequential, Pack = 0)] method NtOpenProcess (line 33) | [DllImport("ntdll.dll", SetLastError = true)] method NtAllocateVirtualMemory (line 36) | [DllImport("ntdll.dll")] method NtWriteVirtualMemory (line 39) | [DllImport("ntdll.dll")] method NtCreateThreadEx (line 42) | [DllImport("ntdll.dll", SetLastError = true)] method InjectShellcode (line 46) | public static void InjectShellcode() FILE: 01 - Process Games/EXE/NativeProcInjection.cs class Program (line 10) | class Program type CLIENT_ID (line 16) | [StructLayout(LayoutKind.Sequential)] type OBJECT_ATTRIBUTES (line 23) | [StructLayout(LayoutKind.Sequential, Pack = 0)] method NtOpenProcess (line 35) | [DllImport("ntdll.dll", SetLastError = true)] method NtAllocateVirtualMemory (line 38) | [DllImport("ntdll.dll")] method NtWriteVirtualMemory (line 41) | [DllImport("ntdll.dll")] method NtCreateThreadEx (line 44) | [DllImport("ntdll.dll", SetLastError = true)] method Main (line 47) | static void Main(string[] args) FILE: 01 - Process Games/EXE/NtMapInjection.cs class Program (line 9) | class Program method NtCreateSection (line 19) | [DllImport("ntdll.dll", SetLastError = true, ExactSpelling = true)] method NtMapViewOfSection (line 22) | [DllImport("ntdll.dll", SetLastError = true)] method NtUnmapViewOfSection (line 25) | [DllImport("ntdll.dll", SetLastError = true)] method NtClose (line 28) | [DllImport("ntdll.dll", ExactSpelling = true, SetLastError = false)] method NtCreateThreadEx (line 31) | [DllImport("ntdll.dll", SetLastError = true)] method OpenProcess (line 34) | [DllImport("kernel32.dll", SetLastError = true)] method Main (line 38) | static void Main(string[] args) method NtOpenProcess (line 124) | private static IntPtr NtOpenProcess(int id, int v, object value) FILE: 01 - Process Games/EXE/NtQueueApc.cs class Program (line 7) | class Program type STARTUPINFO (line 18) | [StructLayout(LayoutKind.Sequential)] type PROCESS_INFORMATION (line 41) | [StructLayout(LayoutKind.Sequential)] type CLIENT_ID (line 50) | [StructLayout(LayoutKind.Sequential)] type OBJECT_ATTRIBUTES (line 57) | [StructLayout(LayoutKind.Sequential)] method CreateProcess (line 69) | [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] method NtAllocateVirtualMemory (line 82) | [DllImport("ntdll.dll")] method NtWriteVirtualMemory (line 91) | [DllImport("ntdll.dll")] method NtQueueApcThread (line 99) | [DllImport("ntdll.dll")] method NtResumeThread (line 107) | [DllImport("ntdll.dll")] method Main (line 112) | static void Main(string[] args) method CreateSuspendedProcess (line 158) | static PROCESS_INFORMATION CreateSuspendedProcess(string processPath) method AllocateMemory (line 181) | static IntPtr AllocateMemory(IntPtr hProcess, int size) method WriteMemory (line 199) | static void WriteMemory(IntPtr hProcess, IntPtr address, byte[] data) method QueueAPC (line 212) | static void QueueAPC(IntPtr hThread, IntPtr shellcodeAddr) method ResumeThread (line 225) | static void ResumeThread(IntPtr hThread) FILE: 01 - Process Games/EXE/TryHarder.cs class Program (line 8) | class Program type STARTUPINFO (line 10) | [StructLayout(LayoutKind.Sequential)] type PROCESS_INFORMATION (line 33) | [StructLayout(LayoutKind.Sequential)] method ResumeThread (line 42) | [DllImport("kernel32.dll")] method CreateRemoteThread (line 45) | [DllImport("kernel32.dll")] method DecryptString (line 48) | private static string DecryptString(byte[] encryptedData) method GetProcAddress (line 66) | [DllImport("kernel32.dll")] method GetModuleHandle (line 69) | [DllImport("kernel32.dll")] method Main (line 72) | static void Main() FILE: 01 - Process Games/EXE/procHollow.cs class Program (line 3) | class Program type STARTUPINFO (line 6) | [StructLayout(LayoutKind.Sequential)] type PROCESS_INFORMATION (line 29) | [StructLayout(LayoutKind.Sequential)] type CLIENT_ID (line 38) | [StructLayout(LayoutKind.Sequential)] type PROCESS_BASIC_INFORMATION (line 45) | [StructLayout(LayoutKind.Sequential)] method CreateProcess (line 61) | [DllImport("kernel32.dll", SetLastError = true)] method NtQueryInformationProcess (line 75) | [DllImport("ntdll.dll")] method NtReadVirtualMemory (line 84) | [DllImport("ntdll.dll")] method WriteProcessMemory (line 93) | [DllImport("kernel32.dll")] method NtResumeProcess (line 102) | [DllImport("ntdll.dll", SetLastError = true)] method Main (line 105) | static void Main() FILE: 03 - CLM & Applocker Bypass/1 - Source/InvokePowershell.cs class Program (line 12) | public class Program method Main (line 14) | public static void Main() class Loader (line 32) | [System.ComponentModel.RunInstaller(true)] method Uninstall (line 36) | public override void Uninstall(System.Collections.IDictionary savedState) FILE: 03 - CLM & Applocker Bypass/1 - Source/ShellcodeRunner.cs class Program (line 14) | public class Program method Main (line 16) | public static void Main() class Loader (line 32) | [System.ComponentModel.RunInstaller(true)] method Uninstall (line 36) | public override void Uninstall(System.Collections.IDictionary savedState) FILE: 03 - CLM & Applocker Bypass/4 - Binaries/CLMBypass.cs class MainClass (line 9) | public class MainClass method GetStdHandle (line 11) | [DllImport("kernel32.dll", SetLastError = true)] method VirtualProtect (line 13) | [DllImport("kernel32")] method GetProcAddress (line 15) | [DllImport("kernel32")] method LoadLibrary (line 17) | [DllImport("kernel32")] method Main (line 20) | public static void Main(string[] args) method go (line 25) | public static void go() class Loader (line 69) | [System.ComponentModel.RunInstaller(true)] method Uninstall (line 73) | public override void Uninstall(System.Collections.IDictionary savedState) FILE: 05 - Lateral Movement/Fileless Lateral Movement/EXE/PsExecLat.cs class Program (line 10) | public class Program method OpenSCManager (line 12) | [DllImport("advapi32.dll", EntryPoint = "OpenSCManagerW", ExactSpellin... method OpenService (line 15) | [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)] method ChangeServiceConfigA (line 18) | [DllImport("advapi32.dll", EntryPoint = "ChangeServiceConfig")] method StartService (line 22) | [DllImport("advapi32", SetLastError = true)] method Main (line 26) | public static void Main(string[] args) FILE: 05 - Lateral Movement/MSSQL/CustomAssembly/cmd_exec.cs class StoredProcedures (line 10) | public partial class StoredProcedures method cmd_exec (line 12) | [Microsoft.SqlServer.Server.SqlProcedure] FILE: 06 - Privilege Escalation/SeImpersonate/SharpPrintSpoofer.cs class Program (line 8) | class Program type SECURITY_ATTRIBUTES (line 10) | public struct SECURITY_ATTRIBUTES type PROCESS_INFORMATION (line 17) | [StructLayout(LayoutKind.Sequential)] type STARTUPINFO (line 26) | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] type TOKEN_USER (line 49) | public struct TOKEN_USER type SID_AND_ATTRIBUTES (line 54) | [StructLayout(LayoutKind.Sequential)] method ConvertStringSecurityDescriptorToSecurityDescriptor (line 61) | [DllImport("advapi32.dll")] method CreateNamedPipe (line 64) | [DllImport("kernel32.dll", SetLastError = true)] method ConnectNamedPipe (line 67) | [DllImport("kernel32.dll")] method ImpersonateNamedPipeClient (line 70) | [DllImport("advapi32.dll")] method GetCurrentThread (line 73) | [DllImport("kernel32.dll")] method OpenThreadToken (line 76) | [DllImport("advapi32.dll", SetLastError = true)] method GetTokenInformation (line 79) | [DllImport("advapi32.dll", SetLastError = true)] method ConvertSidToStringSid (line 82) | [DllImport("advapi32", CharSet = CharSet.Auto, SetLastError = true)] method DuplicateTokenEx (line 85) | [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] method CreateEnvironmentBlock (line 88) | [DllImport("userenv.dll", SetLastError = true)] method RevertToSelf (line 91) | [DllImport("advapi32.dll", SetLastError = true)] method GetSystemDirectory (line 94) | [DllImport("kernel32.dll")] method CreateProcessWithTokenW (line 97) | [DllImport("advapi32", SetLastError = true, CharSet = CharSet.Unicode)] method Main (line 100) | static void Main(string[] args) FILE: 11 - KISS Payloads/DLL/newadmin.c function DWORD (line 15) | DWORD CreateAdminUserInternal(void) function BOOL (line 96) | BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID... function CreateAdminUser (line 115) | __declspec(dllexport) void __stdcall CreateAdminUser(HWND hwnd, HINSTANC... function main (line 125) | int main() FILE: 11 - KISS Payloads/DLL/newadmin.cpp function BOOL (line 4) | BOOL APIENTRY DllMain( FILE: 11 - KISS Payloads/EXE/newadmin.c function DWORD (line 15) | DWORD CreateAdminUserInternal(void) function BOOL (line 106) | BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID... function CreateAdminUser (line 129) | __declspec(dllexport) void __stdcall CreateAdminUser(HWND hwnd, HINSTANC... function main (line 142) | int main() FILE: 11 - KISS Payloads/EXE/revshell.cpp function DWORD (line 9) | DWORD WINAPI ReverseShell(LPVOID lpParam) { function main (line 37) | int main() { FILE: 11 - KISS Payloads/EXE/revshell2.cpp function DWORD (line 9) | DWORD WINAPI ReverseShell(LPVOID lpParam) { function main (line 43) | int main(int argc, char* argv[]) {