Skip to content

Instantly share code, notes, and snippets.

View Dliv3's full-sized avatar
🤣
hacking

Dliv3

🤣
hacking
1.1k followers · 251 following
View GitHub Profile
@Dliv3
Dliv3 / Get-MachineAccountQuotaUsers.ps1
Created April 27, 2020 03:38 — forked from dstreefkerk/Get-MachineAccountQuotaUsers.ps1
Gets a list of AD computers that were created by regular users exercising their default right to create up to 10 computer accounts in an AD domain
$machineAccountQuotaComputers = Get-ADComputer -filter {ms-DS-CreatorSID -ne "$null"} -Properties ms-DS-CreatorSID,Created
foreach ($machine in $machineAccountQuotaComputers) {
$creator = $null
try {
$creator = [System.Security.Principal.SecurityIdentifier]::new($machine.'ms-DS-CreatorSID').Translate([System.Security.Principal.NTAccount]).Value
}
catch {
$creator = $machine.'ms-DS-CreatorSID'
}
@Dliv3
Dliv3 / example.js
Created May 16, 2020 04:12 — forked from iflody/example.js
var details = {
displayItems: [
{
label: "Original donation amount",
amount: { currency: "USD", value : "65.00" },
},
{
label: "Friends and family discount",
amount: { currency: "USD", value : "-10.00" },
pending: true
@Dliv3
Dliv3 / 2020-05-11-automatedmalwareunpacking.md
Created May 24, 2020 03:44
layout title date categories permalink
post
Thoughts about automated malware unpacking
2020-05-08 17:00:00 -0700
reverse-engineering malware-analysis
/posts/automated-malware-unpacking

Probably most of the malwares out there use some sort of packer to evade detection and classification or to make the post-analysis more difficult. So in this blog post, I will talk about one of the most-used packing techniques and how to SOMETHING_ELSE(defeat packers/ should edit) that with the power of binary emulation. Also, I'll drop a PoC of the new project that I'm working on.

Background

@Dliv3
Dliv3 / defs.h
Created June 29, 2020 08:19
IDA plugins/defs.h
/*
This file contains definitions used by the Hex-Rays decompiler output.
It has type definitions and convenience macros to make the
output more readable.
Copyright (c) 2007-2017 Hex-Rays
*/
@Dliv3
Dliv3 / dliveDebug.py
Last active November 19, 2020 15:20
dlive python debugging decorator
def dliveDebugStr(string):
print('\033[32m[DLIVE DEBUG] >>> {}\033[0m'.format(string))
def dliveDebugFunc(func):
def wrapper(*args, **kw):
dliveDebugStr('{}.{}'.format(args[0].__class__.__name__, func.__name__))
# for each in args:
# dliveDebugStr('| -- {}'.format(each))
# for i in kw:
# dliveDebugStr('| -- {} => {}'.format(i, kw[i]))
@Dliv3
Dliv3 / cve-2019-1040-scanner.py
Created October 9, 2020 03:41
#!/usr/bin/env python
####################
#
# Copyright (c) 2019 Dirk-jan Mollema / Fox-IT (@_dirkjan)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
@Dliv3
Dliv3 / bindshell.c
Created January 29, 2021 09:12
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#define SERVER_PORT 9999
int main() {
@Dliv3
Dliv3 / Simple DNS server (UDP and TCP) in Python using dnslib.py
Created May 22, 2021 03:22 — forked from andreif/Simple DNS server (UDP and TCP) in Python using dnslib.py
# coding=utf-8
"""
LICENSE http://www.apache.org/licenses/LICENSE-2.0
"""
import datetime
import sys
import time
import threading
import traceback
import SocketServer
@Dliv3
Dliv3 / main.go
Created May 22, 2021 03:23 — forked from walm/main.go
Simple Golang DNS Server
package main
import (
"fmt"
"log"
"strconv"
"github.com/miekg/dns"
)
@Dliv3
Dliv3 / 2022_04_22_gist.txt
Created April 22, 2022 06:46
md5 cd253e822337a58c6f4f65c08a789e0c
sha256 efb0e6065bd9ab440b959553eca5389c2073e5da1f006f6d9aaa1af424a66303