https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package org.mapleir; | |
| import org.mapleir.app.client.SimpleApplicationContext; | |
| import org.mapleir.app.service.ApplicationClassSource; | |
| import org.mapleir.app.service.InstalledRuntimeClassSource; | |
| import org.mapleir.asm.ClassHelper; | |
| import org.mapleir.asm.ClassNode; | |
| import org.mapleir.asm.MethodNode; | |
| import org.mapleir.context.AnalysisContext; | |
| import org.mapleir.context.BasicAnalysisContext; |
LinusHenze
/ iOS_16_Launch_Constraints.txt
Created
June 15, 2022 16:30
Description of the Launch Constraints introduced in iOS 16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| iOS 16 introduced launch constraints, which can be used to constraint the launch of an application. | |
| There are three types of constraints: | |
| Self Constraints, which the launched application itself must meet | |
| Parent Constraints, which the parent process must meet | |
| Responsible Constraints, which the "responsible process" must meet (I assume that the responsible process is the process that asked launchd to launch a service) | |
| Additionally, the TrustCache format was updated (see below) to support assigning each binary a "Constraint Category", which forces Self and Parent Constraints. | |
| Note that Self, Parent and Responsible Constraints can also be set by the process performing the launch and they can be included in the code signature, in the new blob type 0xFADE8181. In both cases, the constraints are DER encoded (just like the DER entitlements). | |
| Constraint Categories (from TrustCache, new in version 2): |
muff-in
/ resources.md
Last active
October 17, 2024 22:10
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources
mattifestation
/ StreamNotes_04212020.md
Created
April 21, 2020 23:25
Twitch Stream Notes 04/21/2020 - Obfuscated Script-based Malware Analysis with the Anti-Malware Scan Interface (AMSI)
Trickbot COVID macro lure via MSFT: ec34b207d503a3c95ee743ee296a08e93a5e960aa4611ea8c39d8e5d4c5f6593
test.js
eval("WScript.CreateObject(\"WScript.Shell\").Run(\"calc.exe\");");
Omar-Ikram
/ EndpointSecurityDemo.m
Last active
October 16, 2024 10:15
A demo of using Apple's EndpointSecurity framework - tested on macOS Monterey 12.2.1 (21D62)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // main.m | |
| // EndpointSecurityDemo | |
| // | |
| // Created by Omar Ikram on 17/06/2019 - macOS Catalina 10.15 Beta 1 (19A471t) | |
| // Updated by Omar Ikram on 15/08/2019 - macOS Catalina 10.15 Beta 5 (19A526h) | |
| // Updated by Omar Ikram on 01/12/2019 - macOS Catalina 10.15 (19A583) | |
| // Updated by Omar Ikram on 31/01/2021 - macOS Big Sur 11.1 (20C69) | |
| // Updated by Omar Ikram on 07/05/2021 - macOS Big Sur 11.3.1 (20E241) | |
| // Updated by Omar Ikram on 04/07/2021 - macOS Monterey 12 Beta 2 (21A5268h) |
mattifestation
/ EnableAMSILogging.ps1
Last active
October 29, 2022 14:28
Enables AMSI logging to the AMSI/Operational event log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $AutoLoggerName = 'MyAMSILogger' | |
| $AutoLoggerGuid = "{$((New-Guid).Guid)}" | |
| New-AutologgerConfig -Name $AutoLoggerName -Guid $AutoLoggerGuid -Start Enabled | |
| Add-EtwTraceProvider -AutologgerName $AutoLoggerName -Guid '{2A576B87-09A7-520E-C21A-4942F0271D67}' -Level 0xff -MatchAnyKeyword ([UInt64] (0x8000000000000001 -band ([UInt64]::MaxValue))) -Property 0x41 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| moved to https://github.com/xerub/reexport |
This concept is very much like .jar or .war archives in Java.
NOTE: The built
.pyzzipapp can run on both Python 2 & 3 but you can only build.pyzzipapps with Python 3.5 or later.
romainthomas
/ libshellx_recover.py
Created
October 29, 2017 17:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import lief | |
| shellx = lief.parse("libshellx-2.10.3.1.so") | |
| # .dynsym | |
| dt_symtab = shellx[lief.ELF.DYNAMIC_TAGS.SYMTAB] | |
| dynsym_section = shellx.get_section(".dynsym") |
williballenthin
/ auto_shellcode_hashes.py
Last active
November 5, 2023 22:12
automatically resolve shellcode hashes into symbolic names using emulation, example: https://asciinema.org/a/EaHLv3yy7nGnh7mfHQ5DVy1LJ
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sys | |
| import logging | |
| import pefile | |
| import ucutils | |
| import unicorn | |
| import capstone | |
| import argparse |
NewerOlder