Skip to content

Instantly share code, notes, and snippets.

View EvanMcBroom's full-sized avatar

Evan McBroom EvanMcBroom

193 followers · 206 following
View GitHub Profile
@glombard
glombard / ClipboardNotification.cs
Created December 16, 2013 12:34
Monitor Clipboard changes in C# using AddClipboardFormatListener / WM_CLIPBOARDUPDATE. See Clipboard class: http://msdn.microsoft.com/en-us/library/system.windows.clipboard(v=vs.110).aspx
// from: http://stackoverflow.com/questions/2226920/how-to-monitor-clipboard-content-changes-in-c
/// <summary>
/// Provides notifications when the contents of the clipboard is updated.
/// </summary>
public sealed class ClipboardNotification
{
/// <summary>
/// Occurs when the contents of the clipboard is updated.
/// </summary>
@richard-to
richard-to / x11_screen_grab.cpp
Created April 7, 2014 10:30
X11 Example code for grabbing screenshots of window and sending key events
#include <iostream>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <opencv2/imgproc/imgproc.hpp>
#include <opencv2/highgui/highgui.hpp>
#include <X11/Xlib.h>
@meziantou
meziantou / CredentialManager.cs
Last active January 5, 2025 03:16
Using the Windows Credential API (CredRead, CredWrite, CredDelete, CredEnumerate).
// The most up to date version is available
// on GitHub: https://github.com/meziantou/Meziantou.Framework/tree/master/src/Meziantou.Framework.Win32.CredentialManager
// NuGet package: https://www.nuget.org/packages/Meziantou.Framework.Win32.CredentialManager/
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Runtime.InteropServices;
using System.Text;
using Microsoft.Win32.SafeHandles;
@myusuf3
myusuf3 / delete_git_submodule.md
Created November 3, 2014 17:36
How effectively delete a git submodule.

To remove a submodule you need to:

  • Delete the relevant section from the .gitmodules file.
  • Stage the .gitmodules changes git add .gitmodules
  • Delete the relevant section from .git/config.
  • Run git rm --cached path_to_submodule (no trailing slash).
  • Run rm -rf .git/modules/path_to_submodule (no trailing slash).
  • Commit git commit -m "Removed submodule "
  • Delete the now untracked submodule files rm -rf path_to_submodule
@tknerr
tknerr / README.md
Last active August 2, 2025 19:12
Vagrant with Ansible Provisioner on Windows

Vagrant with Ansible Provisioner on Windows

Long story short, ansible does not work on a Windows control machine, so you basically have to:

  • either run ansible --connection=local ... in the target vm
  • set up a separate control vm where ansible is installed via shell provisioner

Below are Vagrantfile examples for both approaches

Within the Target VM

@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active August 21, 2025 16:06
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@danzek
danzek / WindowsNTFS.md
Last active September 7, 2024 13:52
Some important articles on Windows/NTFS

Important articles about Windows/NTFS

This also contains quotes from the articles in case they are moved/deleted/etc.

A file time is a 64-bit value that represents the number of 100-nanosecond intervals that have elapsed since 12:00 A.M. January 1, 1601 Coordinated Universal Time (UTC). The system records file times when applications create, access, and write to files.

The NTFS file system stores time values in UTC format, so they are not affected by changes in time zone or daylight saving time. The FAT file system stores time values based on the local time of the computer. For example, a file that is saved at 3:00pm PST in Washington is seen as 6:00pm EST in New York on an NTFS volume, but it is seen as 3:00pm EST in New York on a FAT volume.

@esoterix
esoterix / callback.c
Last active July 5, 2025 04:55
void InstrumentationCallback(CONTEXT *context)
{
TEB *teb = NtCurrentTeb();
context->Rip = teb->InstrumentationCallbackPreviousPc;
context->Rsp = teb->InstrumentationCallbackPreviousSp;
context->Rcx = context->R10;
// Prevent recursion
if (!teb->InstrumentationCallbackDisabled) {
@lucasg
lucasg / download_pdb_database.py
Created January 16, 2018 10:21
Download pdb and PE files from microsoft symbol store
import os
import re
import sys
import logging
import argparse
import subprocess
import requests
@mattifestation
mattifestation / WmiEventConsumerClassDerivation.ps1
Last active November 15, 2023 18:21
function New-ActiveScriptEventConsumerClass {
<#
.SYNOPSIS
Creates an ActiveScriptEventConsumer WMI class in the namespace of your choosing.
.DESCRIPTION
New-ActiveScriptEventConsumerClass creates a clone of the ActiveScriptEventConsumer WMI event consumer class using the class name and namespace name of your choosing.