- RunDll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,0
- RunDll32.exe msrating.dll,RatingSetupUI
. NoThrowForwardIt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| FARPROC fpCreateProcessW; | |
| BYTE bSavedByte; | |
| // Blog Post Here: | |
| // https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108 | |
| // tasklist | findstr explore.exe |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from idaapi import * | |
| # with code taken from | |
| # - http://hexblog.com/idapro/vmware_modules.py | |
| # - HexRays forum | |
| # - https://gist.github.com/nmulasmajic/f90661489f858237bcd68fbde5516abd#file-find_nt_imagebase_x64-py | |
| class LoadedModulesList(Choose2): | |
| def __init__(self, title, modlistEA=BADADDR, flags=0, width=None, height=None, embedded=False, modal=False): |
herrcore
/ HexCopy.py
Last active
August 23, 2024 08:41
IDA Plugin for quickly copying disassembly as encoded hex bytes (updated for IDA 7xx) - moved https://github.com/OALabs/hexcopy-ida
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Moved: https://github.com/OALabs/hexcopy-ida |
scotgabriel
/ Windows command line gui access.md
Last active
January 28, 2026 06:50
Common windows functions via rundll user32 and control panel
struppigel
/ dedosfuscator.py
Created
July 26, 2018 16:41
Deobfuscates Batch script in https://www.gdatasoftware.com/blog/2018/07/30924-g-data-analysis-discovers-dosfuscation-in-the-wild
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import re | |
| if len(sys.argv) <= 1: exit() | |
| scriptpath = sys.argv[1] | |
| with open(scriptpath, 'r') as scriptfile: | |
| script = scriptfile.read().replace('^', '') | |
| p = re.compile('\([Ss][Ee][Tt][^=]+=([^&]+)&&') | |
| s = p.search(script) |
- https://medium.com/@coolx28/security-oriented-open-source-continuous-fuzzing-101-from-start-to-finish-637eaceb9acb
- https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/
- https://research.aurainfosec.io/hunting-for-bugs-101/
- https://labsblog.f-secure.com/2017/06/22/super-awesome-fuzzing-part-one/
- https://thecyberrecce.net/2017/03/20/software-exploit-development-fuzzing-with-afl/
- https://www.sec-consult.com/wp-content/uploads/files/vulnlab/the_art_of_fuzzing_slides.pdf
- https://hackernoon.com/afl-unicorn-fuzzing-arbitrary-binary-code-563ca28936bf
JohnLaTwC
/ 80610bb3a5be887e9eaa7f6883725b24c358862b39b52c4766634554f02bc9d2
Created
September 23, 2018 16:56
Pentest VBA VBS sample
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Uploaded by @JohnLaTwC | |
| ## Sample Hash: 80610bb3a5be887e9eaa7f6883725b24c358862b39b52c4766634554f02bc9d2 | |
| olevba3 0.53.1 - http://decalage.info/python/oletools | |
| Flags Filename | |
| ----------- ----------------------------------------------------------------- | |
| OpX:M-S-HB-- 9eaa7f6883725b24c358862b39b52c4766634554f02bc9d2 | |
| =============================================================================== | |
| FILE: 9eaa7f6883725b24c358862b39b52c4766634554f02bc9d2 | |
| Type: OpenXML | |
| ------------------------------------------------------------------------------- |
ulexec
/ flareon5_ch12_subleq_processor.py
Last active
October 6, 2018 03:27
Small and dirty subleq IDA processor module for flareon5 challenge 12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Subleq Processor module for Flareon5 challenge 12. Tested in IDA 7 | |
| # by @ulexec | |
| import sys | |
| import idc | |
| import idaapi | |
| import idautils | |
| from idc import * | |
| from idaapi import * |
| IDA Plugins | Preferred | Neutral | Unreviewed |
|---|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam' | |
| default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes' | |
| default['sshd']['sshd_config']['PasswordAuthentication'] = 'no' |