Skip to content

Instantly share code, notes, and snippets.

View 0xcpu's full-sized avatar
💭
I do nothing every day

panda bear 0xcpu

💭
I do nothing every day
273 followers · 86 following
View GitHub Profile
@williballenthin
williballenthin / auto_shellcode_hashes.py
Last active November 5, 2023 22:12
automatically resolve shellcode hashes into symbolic names using emulation, example: https://asciinema.org/a/EaHLv3yy7nGnh7mfHQ5DVy1LJ
import os
import sys
import logging
import pefile
import ucutils
import unicorn
import capstone
import argparse
@JamesHagerman
JamesHagerman / DisassembleARMBinaryInR2.md
Last active March 30, 2023 06:43
Some quick notes on disassembling 16bit ARM (STM32F4) code using radare2

Disassembling 1bitsy examples using radare2

Note that because radare2 uses Capstone to disassemble ARM code, there are issues with the disassembly. arm-none-eabi-objdump -d compiledbinary.elf actually does a better job in some cases. For example, msr isn't decompiled correctly...

First, you have to either strip the default ELF binaries the default Makefiles build when you run make OR you need to just compile .bin files using something like:

make binaryname.bin
@richinseattle
richinseattle / BTF primes benchmark
Last active August 26, 2019 06:35
#include <Windows.h>
#include <time.h>
#include <string>
using namespace std;
#define BTF_FLAG 0x300
#define TRAP_FLAG 0x100
LONG CALLBACK TraceCallback(LPEXCEPTION_POINTERS ex)
@jaredcatkinson
jaredcatkinson / Get-InjectedThread.ps1
Last active April 24, 2025 15:06
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION
@CMCDragonkai
CMCDragonkai / memory_layout.md
Last active April 7, 2025 13:55
Linux: Understanding the Memory Layout of Linux Executables

Understanding the Memory Layout of Linux Executables

Required tools for playing around with memory:

  • hexdump
  • objdump
  • readelf
  • xxd
  • gcore
@exp0se
exp0se / logparser.ps1
Created March 13, 2016 09:22
Logparser log parsing
# Logparser
###############
# Security Log
###############
# Find Event id
& 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'"
@strazzere
strazzere / decrypt.py
Last active July 21, 2023 14:11
Dump encoded compress powershell stream
#!/usr/bin/python
#
#
# Decompling something being loaded in through powershell
#
#
# diff <[email protected]>
#
#
@vqhuy
vqhuy / rol-ror.py
Created August 13, 2015 06:15
python rol, ror operation implement
###########################################################################
# Rotating bits (tested with Python 2.7)
from __future__ import print_function # PEP 3105
# max bits > 0 == width of the value in bits (e.g., int_16 -> 16)
# Rotate left: 0b1001 --> 0b0011
rol = lambda val, r_bits, max_bits: \
(val << r_bits%max_bits) & (2**max_bits-1) | \
@denji
denji / golang-tls.md
Last active April 26, 2025 07:32 — forked from spikebike/client.go
Simple Golang HTTPS/TLS Examples

Moved to git repository: https://github.com/denji/golang-tls

Generate private key (.key)
# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048

# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)
@tangrs
tangrs / bin2elf.sh
Last active January 14, 2025 20:03
Convert a memory dump/raw binary image into an ELF file
#!/bin/sh
# Convert a raw binary image into an ELF file suitable for loading into a disassembler
cat > raw$$.ld <<EOF
SECTIONS
{
EOF
echo " . = $3;" >> raw$$.ld