I hereby claim:
- I am darkcodersc on github.
- I am phrozen (https://keybase.io/phrozen) on keybase.
- I have a public key whose fingerprint is EF3C 6EB6 8C53 6324 C9C3 E612 B99D BFFC A25A A3D1
To claim this, I am signing this object:
Jean-Pierre LESUEUR (Microsoft MVP) DarkCoderSc
DarkCoderSc
/ enumerate-remote-process-modules-via-peb.pas
Created
June 13, 2025 09:05
Enumerate Remote Process Modules Via PEB - Malware Gallery
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uses | |
| System.SysUtils, Winapi.Windows, Generics.Collections; | |
| // ... | |
| type | |
| TProcessInformationClass = ( | |
| // ... | |
| ProcessBasicInformation = 0 | |
| // ... |
DarkCoderSc
/ enumerate-local-process-modules-via-peb.pas
Created
June 13, 2025 09:04
Enumerate Local Process Modules Via PEB - Malware Gallery
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uses | |
| System.SysUtils, Winapi.Windows, Generics.Collections; | |
| // ... | |
| type | |
| _LDR_DATA_TABLE_ENTRY = record | |
| InLoadOrderLinks : TListEntry; | |
| InMemoryOrderLinks : TListEntry; | |
| InInitializationOrderLinkes : TListEntry; |
DarkCoderSc
/ dump-process-memory-via-readprocessmemory.pas
Created
June 13, 2025 09:04
Dump Process Memory Via ReadProcessMemory - Malware Gallery
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uses | |
| System.SysUtils, Winapi.Windows, System.Math; | |
| // ... | |
| function DumpProcessMemory(const ATargetProcessId : Cardinal; const AOutputPath : String) : SIZE_T; | |
| begin | |
| result := 0; | |
| /// |
DarkCoderSc
/ dump-process-memory-via-minidumpwritedump.pas
Created
June 13, 2025 09:03
Dump Process Memory Via MiniDumpWriteDump - Malware Gallery
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uses | |
| System.SysUtils, Winapi.Windows; | |
| // ... | |
| const MiniDumpNormal = $00000000; | |
| MiniDumpWithDataSegs = $00000001; | |
| MiniDumpWithFullMemory = $00000002; | |
| MiniDumpWithHandleData = $00000004; | |
| MiniDumpFilterMemory = $00000008; |
DarkCoderSc
/ search-for-registry-keys-values.pas
Created
June 13, 2025 09:02
Search For Registry Keys / Values - Malware Gallery
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ... | |
| uses | |
| System.SysUtils, Winapi.Windows, Generics.Collections, System.RegularExpressions; | |
| // ... | |
| type | |
| TRegistryHive = ( | |
| rhClassesRoot, |
DarkCoderSc
/ IceCold_Reloaded_ServerSim.py
Created
January 17, 2025 16:13
Simulate a portion of the old MSN protocol, focusing specifically on the authentication process, to make IceCold Reloaded believe it is functioning correctly. This script emulates both the essential components of the MSN protocol and the Passport authentication portal. (!) Ensure you update your host file to redirect the relevant domain names t…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Jean-Pierre LESUEUR (@DarkCoderSc) | |
| # | |
| # https://github.com/DarkCoderSc | |
| # https://github.com/PhrozenIO | |
| # https://www.phrozen.io | |
| # | |
| # Description: | |
| # Simulate a portion of the old MSN protocol, focusing specifically on the authentication process, | |
| # to make IceCold Reloaded believe it is functioning correctly. This script emulates both the | |
| # essential components of the MSN protocol and the Passport authentication portal. (!) Ensure you |
DarkCoderSc
/ JavaAppHdpi.sh
Last active
February 15, 2023 08:40
Scale JAVA Application on Linux for HDPi support (Example for Burp Suite)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| `sudo sh -c 'echo "JAVA_TOOL_OPTIONS=-Dsun.java2d.uiScale=2" >> /etc/environment'` | |
| # Reboot machine and voila! |
DarkCoderSc
/ ExtractStrings.py
Last active
November 21, 2022 13:37
Extract ASCII and/or UNICODE strings from files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Jean-Pierre LESUEUR (@DarkCoderSc) | |
| # https://keybase.io/phrozen | |
| import argparse | |
| import mmap | |
| from itertools import chain | |
DarkCoderSc
/ keybase.md
Created
November 19, 2022 09:19
DarkCoderSc
/ Timestomp.cs
Last active
August 9, 2022 14:32
https://unprotect.it/snippet/timestomp/121/ - Author: Jean-Pierre LESUEUR (@DarkCoderSc)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| void timeStomp(String targetFile) | |
| { | |
| targetFile = Path.GetFullPath(targetFile); | |
| if (!File.Exists(targetFile)) | |
| { | |
| throw new FileNotFoundException(String.Format("File \"{0}\" does not exists.", targetFile)); |
NewerOlder