Skip to content

Instantly share code, notes, and snippets.

View EvanMcBroom's full-sized avatar

Evan McBroom EvanMcBroom

234 followers · 257 following
View GitHub Profile
@arkadiyt
arkadiyt / cryptopals_set_8.md
Last active April 11, 2025 22:48
Cryptopals Set 8

Cryptopals is a set of cryptographic challenges, originally published here: https://cryptopals.com

Set 8 of the challenges was never published publicly, until late March 2018. However the cryptopals website was not updated to include the challenges. This gist compiles the 8th set of the Cryptopals challenges.

title link
57. Diffie-Hellman Revisited: Small Subgroup Confinement https://toadstyle.org/cryptopals/513b590b41d19eff3a0aa028023349fd.txt
58. Pollard's Method for Catching Kangaroos https://toadstyle.org/cryptopals/3e17c7b35fcf491d08c989081ed18c9a.txt
59. Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks https://toadstyle.org/cryptopals/a0833e607878a80fdc0808f889c721b1.txt
@mattifestation
mattifestation / WmiEventConsumerClassDerivation.ps1
Last active November 15, 2023 18:21
function New-ActiveScriptEventConsumerClass {
<#
.SYNOPSIS
Creates an ActiveScriptEventConsumer WMI class in the namespace of your choosing.
.DESCRIPTION
New-ActiveScriptEventConsumerClass creates a clone of the ActiveScriptEventConsumer WMI event consumer class using the class name and namespace name of your choosing.
@lucasg
lucasg / download_pdb_database.py
Created January 16, 2018 10:21
Download pdb and PE files from microsoft symbol store
import os
import re
import sys
import logging
import argparse
import subprocess
import requests
@esoterix
esoterix / callback.c
Last active July 5, 2025 04:55
void InstrumentationCallback(CONTEXT *context)
{
TEB *teb = NtCurrentTeb();
context->Rip = teb->InstrumentationCallbackPreviousPc;
context->Rsp = teb->InstrumentationCallbackPreviousSp;
context->Rcx = context->R10;
// Prevent recursion
if (!teb->InstrumentationCallbackDisabled) {
@danzek
danzek / WindowsNTFS.md
Last active August 28, 2025 20:11
Some important articles on Windows/NTFS

Important articles about Windows/NTFS

This also contains quotes from the articles in case they are moved/deleted/etc.

A file time is a 64-bit value that represents the number of 100-nanosecond intervals that have elapsed since 12:00 A.M. January 1, 1601 Coordinated Universal Time (UTC). The system records file times when applications create, access, and write to files.

The NTFS file system stores time values in UTC format, so they are not affected by changes in time zone or daylight saving time. The FAT file system stores time values based on the local time of the computer. For example, a file that is saved at 3:00pm PST in Washington is seen as 6:00pm EST in New York on an NTFS volume, but it is seen as 3:00pm EST in New York on a FAT volume.

@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active May 19, 2026 05:02
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@danzek
danzek / directcopy.cpp
Created April 13, 2017 21:27
Direct Copy
/* only works on NTFS: does not work for resident files (files within the $MFT)
* from http://www.rohitab.com/discuss/topic/24252-ntfs-directcopy-method-from-napalm/
* retrieved on April 13, 2017
* posted by user Napalm (http://www.rohitab.com/discuss/user/3860-napalm/) 09 April 2007 - 03:13 AM
DirectCopy v2.0 - by Napalm @ NetCore2K
------------------------------------
Please try and read and understand this source code. You will learn something.
Sector = 512 Bytes of disk space
@tknerr
tknerr / README.md
Last active December 17, 2025 15:19
Vagrant with Ansible Provisioner on Windows

Vagrant with Ansible Provisioner on Windows

Long story short, ansible does not work on a Windows control machine, so you basically have to:

  • either run ansible --connection=local ... in the target vm
  • set up a separate control vm where ansible is installed via shell provisioner

Below are Vagrantfile examples for both approaches

Within the Target VM

@myusuf3
myusuf3 / delete_git_submodule.md
Created November 3, 2014 17:36
How effectively delete a git submodule.

To remove a submodule you need to:

  • Delete the relevant section from the .gitmodules file.
  • Stage the .gitmodules changes git add .gitmodules
  • Delete the relevant section from .git/config.
  • Run git rm --cached path_to_submodule (no trailing slash).
  • Run rm -rf .git/modules/path_to_submodule (no trailing slash).
  • Commit git commit -m "Removed submodule "
  • Delete the now untracked submodule files rm -rf path_to_submodule
@meziantou
meziantou / CredentialManager.cs
Last active January 5, 2025 03:16
Using the Windows Credential API (CredRead, CredWrite, CredDelete, CredEnumerate).
// The most up to date version is available
// on GitHub: https://github.com/meziantou/Meziantou.Framework/tree/master/src/Meziantou.Framework.Win32.CredentialManager
// NuGet package: https://www.nuget.org/packages/Meziantou.Framework.Win32.CredentialManager/
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Runtime.InteropServices;
using System.Text;
using Microsoft.Win32.SafeHandles;