rsmudge

# search for and reproduce output that matches a specific regex.
alias search {
	local('$regex $regex2 $entry $event $bid $out $when');

	# take all of the args, without processing/parsing as normal.
	if (strlen($0) > 7) {
		$regex = substr($0, 7);
	}
	else {
		berror($1, "search [regex]");

matterpreter

import frida
import sys

def on_message(message, data):
    if message['type'] == 'send':
        print(message['payload'])
    elif message['type'] == 'error':
        print(message['stack'])
    else:
     print(message)

X-C3LL

Private Declare PtrSafe Function GetModuleHandleA Lib "KERNEL32" (ByVal lpModuleName As String) As LongPtr
Private Declare PtrSafe Function GetProcAddress Lib "KERNEL32" (ByVal hModule As LongPtr, ByVal lpProcName As String) As LongPtr
Private Declare PtrSafe Sub CopyMemory Lib "KERNEL32" Alias "RtlMoveMemory" (ByVal Destination As LongPtr, ByVal Source As LongPtr, ByVal Length As Long)

'VBA Macro that detects hooks made by EDRs
'PoC By Juan Manuel Fernandez (@TheXC3LL) based on a post from SpecterOps (https://posts.specterops.io/adventures-in-dynamic-evasion-1fe0bac57aa)


Public Function checkHook(ByVal target As String, hModule As LongPtr) As Integer
    Dim address As LongPtr

monoxgas

// ref: https://opensource.apple.com/source/dyld/[VERSION]/launch-cache/dsc_extractor.cpp.auto.html

// > SDKROOT=`xcrun --sdk macosx --show-sdk-path`
// > clang++ -o extract extract.cpp
// > mkdir libraries
// > ./extract /System/Library/dyld/dyld_shared_cache_x86_64 `pwd`/libraries/

#include <stdio.h>
#include <stddef.h>
#include <dlfcn.h>

hasherezade

PE Injection/Impersonation:

• Process Hollowing (a.k.a. RunPE)
• Process Doppelgänging
• Transacted Hollowing
• Process Ghosting
• Module Overloading & DLL Hollowing
• Chimera PE (variant of a manual PE loader)
• Process Overwriting

monoxgas

use DynaLoader;
use Devel::Peek;
use Fcntl;
use 5.008001; # because 5.6 doesn't have B::PV::object_2svref
use Config;
use B (); # for B::PV

sub mmap {
  my ($addr, $size, $protect, $flags) = @_;
  syscall(197, $addr, $size, $protect, $flags, -1, 0);

ozuma

#  NETCRAFT IP RANGES

194.52.68.0-194.52.68.255
194.72.238.0-194.72.238.255
83.138.182.72-83.138.182.79
83.138.189.96-83.138.189.103
81.91.240.0-81.91.255.255
89.36.24.0-89.36.31.255
83.222.232.216-83.222.232.218
184.172.0.0-184.173.255.255

joepie91

Normies just don't care about privacy

If you're a privacy enthusiast, you probably clicked a link to this post thinking it's going to vindicate you; that it's going to prove how you've been right all along, and "normies just don't care about privacy", despite your best efforts to make them care. That it's going to show how you're smarter, because you understand the threats to privacy and how to fight them.

Unfortunately, you're not right. You never were. Let's talk about why, and what you should do next.

So, first of all, let's dispense with the "normie" term. It's a pejorative term, a name to call someone when they don't have your exact set of skills and interests, a term to use when you want to imply that someone is clueless or otherwise below you. There's no good reason to use it, and it suggests that you're looking down on them. Just call them "people", like everybody else and like yourself - you don't need to turn them into a group of "others" to begin with.

Why does that matter? Well, would *y

hasherezade

#include <windows.h>
#include <iostream>

#include "ntddk.h"

bool enum_processes()
{
    ULONG retLen = 0;

    // check length:

mattfysh

PROXY_URL=<your_proxy_url>

echo "HTTP"
time (
  curl --proxy $PROXY_URL -s -o /dev/null http://example.com
  curl --proxy $PROXY_URL -s -o /dev/null http://example.com
  curl --proxy $PROXY_URL -s -o /dev/null http://example.com
  curl --proxy $PROXY_URL -s -o /dev/null http://example.com
  curl --proxy $PROXY_URL -s -o /dev/null http://example.com
)