Skip to content

Instantly share code, notes, and snippets.

View 0xcpu's full-sized avatar
💭
I do nothing every day

panda bear 0xcpu

💭
I do nothing every day
273 followers · 86 following
View GitHub Profile
@richinseattle
richinseattle / BTF primes benchmark
Last active August 26, 2019 06:35
#include <Windows.h>
#include <time.h>
#include <string>
using namespace std;
#define BTF_FLAG 0x300
#define TRAP_FLAG 0x100
LONG CALLBACK TraceCallback(LPEXCEPTION_POINTERS ex)
@JamesHagerman
JamesHagerman / DisassembleARMBinaryInR2.md
Last active March 30, 2023 06:43
Some quick notes on disassembling 16bit ARM (STM32F4) code using radare2

Disassembling 1bitsy examples using radare2

Note that because radare2 uses Capstone to disassemble ARM code, there are issues with the disassembly. arm-none-eabi-objdump -d compiledbinary.elf actually does a better job in some cases. For example, msr isn't decompiled correctly...

First, you have to either strip the default ELF binaries the default Makefiles build when you run make OR you need to just compile .bin files using something like:

make binaryname.bin
@williballenthin
williballenthin / auto_shellcode_hashes.py
Last active November 5, 2023 22:12
automatically resolve shellcode hashes into symbolic names using emulation, example: https://asciinema.org/a/EaHLv3yy7nGnh7mfHQ5DVy1LJ
import os
import sys
import logging
import pefile
import ucutils
import unicorn
import capstone
import argparse
@romainthomas
romainthomas / libshellx_recover.py
Created October 29, 2017 17:34
#!/usr/bin/env python
import lief
shellx = lief.parse("libshellx-2.10.3.1.so")
# .dynsym
dt_symtab = shellx[lief.ELF.DYNAMIC_TAGS.SYMTAB]
dynsym_section = shellx.get_section(".dynsym")
@lukassup
lukassup / zipapp.md
Last active September 12, 2023 02:17
Python zipapp

Python zipapp web apps

What's a zipapp?

This concept is very much like .jar or .war archives in Java.

NOTE: The built .pyz zipapp can run on both Python 2 & 3 but you can only build .pyz zipapps with Python 3.5 or later.

Initial setup

@xerub
xerub / reexport-elf.txt
Last active February 12, 2018 12:15
reexport-elf
moved to https://github.com/xerub/reexport
@mattifestation
mattifestation / EnableAMSILogging.ps1
Last active October 29, 2022 14:28
Enables AMSI logging to the AMSI/Operational event log
$AutoLoggerName = 'MyAMSILogger'
$AutoLoggerGuid = "{$((New-Guid).Guid)}"
New-AutologgerConfig -Name $AutoLoggerName -Guid $AutoLoggerGuid -Start Enabled
Add-EtwTraceProvider -AutologgerName $AutoLoggerName -Guid '{2A576B87-09A7-520E-C21A-4942F0271D67}' -Level 0xff -MatchAnyKeyword ([UInt64] (0x8000000000000001 -band ([UInt64]::MaxValue))) -Property 0x41
@Omar-Ikram
Omar-Ikram / EndpointSecurityDemo.m
Last active April 23, 2025 10:10
A demo of using Apple's EndpointSecurity framework - tested on macOS Monterey 12.2.1 (21D62)
//
// main.m
// EndpointSecurityDemo
//
// Created by Omar Ikram on 17/06/2019 - macOS Catalina 10.15 Beta 1 (19A471t)
// Updated by Omar Ikram on 15/08/2019 - macOS Catalina 10.15 Beta 5 (19A526h)
// Updated by Omar Ikram on 01/12/2019 - macOS Catalina 10.15 (19A583)
// Updated by Omar Ikram on 31/01/2021 - macOS Big Sur 11.1 (20C69)
// Updated by Omar Ikram on 07/05/2021 - macOS Big Sur 11.3.1 (20E241)
// Updated by Omar Ikram on 04/07/2021 - macOS Monterey 12 Beta 2 (21A5268h)
@mattifestation
mattifestation / StreamNotes_04212020.md
Created April 21, 2020 23:25
Twitch Stream Notes 04/21/2020 - Obfuscated Script-based Malware Analysis with the Anti-Malware Scan Interface (AMSI)
@muff-in
muff-in / resources.md
Last active April 16, 2025 15:12
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources