| Base64 Code | Mnemonic Aid | Decoded* | Description |
|---|---|---|---|
JAB |
π£ Jabber | $. |
Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env: |
TVq |
πΊ Television | MZ |
MZ header |
SUVY |
π SUV | IEX |
PowerShell Invoke Expression |
SQBFAF |
π£ Squab favorite | I.E. |
PowerShell Invoke Expression (UTF-16) |
SQBuAH |
π£ Squab uahhh | I.n. |
PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz |
PAA |
πͺ "Pah!" | <. |
Often used by Emotet (UTF-16) |
Neo23x0
/ Base64_CheatSheet.md
Last active
March 31, 2025 08:27
Learning Aid - Top Base64 Encodings Table
rasta-mouse
/ PPID Spoof & BlockDLLs
Last active
April 1, 2025 22:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace BlockDllTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
MircoBabin
/ ReadingPortableExecutable_PE_header.cs
Last active
June 3, 2021 13:02
— forked from augustoproiete/ReadingPortableExecutable_PE_header.cs
Reading the Portable Executable (PE) header in C# - reading Import Directory Table to e.g. determine Microsoft VC Runtime version
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| using System.Text; | |
| namespace peheader | |
| { | |
| //https://gist.github.com/caioproiete/b51f29f74f5f5b2c59c39e47a8afc3a3 |
We can make this file beautiful and searchable if this error is corrected: It looks like row 9 should actually have 4 columns, instead of 2 in line 8.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SHA256,Name,Signer,Description | |
| 04A85E359525D662338CAE86C1E59B1D7AA9BD12B920E8067503723DC1E03162,ADV64DRV.sys,"""FUJITSU LIMITED """, | |
| 05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows | |
| 4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows | |
| 6948480954137987A0BE626C24CF594390960242CD75F094CD6AAA5C2E7A54FA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows | |
| 8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F,Agent64.sys,"""eSupport.com, Inc""",DriverAgent Direct I/O for 64-bit Windows | |
| B1D96233235A62DBB21B8DBE2D1AE333199669F67664B107BFF1AD49B41D9414,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows | |
| 7196187FB1EF8D108B380D37B2AF8EFDEB3CA1F6EEFD37B5DC114C609147216D,ALSysIO64.sys,Artur Liberman,ALSysIO | |
| 7F375639A0DF7FE51E5518CF87C3F513C55BC117DB47D28DA8C615642EB18BFA,ALSys |
OlderNewer