Alexander Hanel alexander-hanel
😶
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id = add_enum(-1, "neutrino_cmds", idaapi.decflag()) | |
| idc.add_enum_member(id, "CMD_LOADER", 0X69CDCD5D, -1) | |
| idc.add_enum_member(id, "CMD_CMD", 0x796cd5b4, -1) | |
| idc.add_enum_member(id, "CMD_RATE", 0xae839a18, -1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import struct | |
| def ipconver(addr_long): | |
| return socket.inet_ntoa(struct.pack("<L", addr_long)) |
alexander-hanel
/ yolo.py
Last active
January 17, 2020 03:40
old and new names in idc.py (in progress)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| import sys | |
| import os | |
| def load_apis(): | |
| new_old_apis = [ | |
| # start of changes for idc.py | |
| ("hasValue", "has_value"), | |
| ("byteValue", "byte_value"), | |
| ("isLoaded", "is_loaded"), |
alexander-hanel
/ nuclear_bot_decoder.py
Created
November 20, 2017 15:52
IDAPython string decrytor for variants of Nuclear Bot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idautils | |
| from cStringIO import StringIO | |
| from collections import Counter | |
| from itertools import cycle | |
| from itertools import product | |
| MAX_INSTR = 8 | |
| """ | |
| Example |
alexander-hanel
/ seclznt1.py
Created
November 16, 2017 23:23
extract pe sections and attempts to decompress them with lznt1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # extract PE sections using pefile by name and decompress them using lznt1 via Rekall | |
| # author: alexander hanel | |
| # Rekall Memory Forensics | |
| # Copyright 2014 Google Inc. All Rights Reserved. | |
| # | |
| # Author: Michael Cohen [email protected]. | |
| # | |
| # This program is free software; you can redistribute it and/or modify | |
| # it under the terms of the GNU General Public License as published by |
NewerOlder