Skip to content

Instantly share code, notes, and snippets.

View anuxraw's full-sized avatar
💭
I may be slow to respond.

s4ya suk4 0rak ar1k anuxraw

💭
I may be slow to respond.
View GitHub Profile
@muff-in
muff-in / resources.md
Last active March 27, 2025 17:11
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources
@anuxraw
anuxraw / anhrmw-april.xml
Created July 18, 2018 14:45
Template April Premium
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html expr:dir='data:blog.languageDirection' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr'>
<head>
<meta content='width=device-width, initial-scale=1, maximum-scale=1' name='viewport'/>
<title>
<b:if cond='data:blog.pageType == &quot;index&quot;'>
<data:blog.pageTitle/>
<b:else/>
<b:if cond='data:blog.pageType != &quot;error_page&quot;'>
@x0rz
x0rz / wordpress_snort.rules
Last active September 29, 2017 05:56
Snort rule replacing sid:26576 to detect more second stage download attempts (may raise false positives - to be tested)
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC possible infected wordpress second stage download attempt"; flow:to_server,established; http_uri; pcre:"/\/wp-(includes|admin|content)\/.*\.(exe|dll|scr|rar|zip|jar|ps1|bat)/iU";metadata:service http; reference:url,medium.com/@x0rz/threat-hunting-on-simple-tricks-27e64e39f2f0; classtype:trojan-activity; sid:31337; rev:1;)
@anuxraw
anuxraw / DmaHvBackdoor.c
Created September 11, 2017 18:44 — forked from Cr4sh/DmaHvBackdoor.c
Hyper-V backdoor for UEFI
/*
*********************************************************************
Part of UEFI DXE driver code that injects Hyper-V VM exit handler
backdoor into the Device Guard enabled Windows 10 Enterprise.
Execution starts from new_ExitBootServices() -- a hook handler
for EFI_BOOT_SERVICES.ExitBootServices() which being called by
winload!OslFwpKernelSetupPhase1(). After DXE phase exit winload.efi
transfers exeution to previously loaded Hyper-V kernel (hvix64.sys)
@anuxraw
anuxraw / AND_OR_NOT
Created August 26, 2017 12:14 — forked from oliverdoetsch/AND_OR_NOT
Blogger: Globally conditional data tags for all page types
#AND
<b:if cond='data:blog.pageType == "index"'>
<b:if cond='data:blog.searchQuery'>
<!--search_page AND index_page-->
</b:if>
</b:if>
#OR
@Cr4sh
Cr4sh / DmaHvBackdoor.c
Last active January 23, 2024 22:31
Hyper-V backdoor for UEFI
/*
*********************************************************************
Part of UEFI DXE driver code that injects Hyper-V VM exit handler
backdoor into the Device Guard enabled Windows 10 Enterprise.
Execution starts from new_ExitBootServices() -- a hook handler
for EFI_BOOT_SERVICES.ExitBootServices() which being called by
winload!OslFwpKernelSetupPhase1(). After DXE phase exit winload.efi
transfers exeution to previously loaded Hyper-V kernel (hvix64.sys)
@hfiref0x
hfiref0x / akagi_41.c
Created August 16, 2017 03:31
UAC bypass using CMSTPLUA COM interface
typedef interface ICMLuaUtil ICMLuaUtil;
typedef struct ICMLuaUtilVtbl {
BEGIN_INTERFACE
HRESULT(STDMETHODCALLTYPE *QueryInterface)(
__RPC__in ICMLuaUtil * This,
__RPC__in REFIID riid,
_COM_Outptr_ void **ppvObject);
@anuxraw
anuxraw / config.json
Created May 1, 2017 06:13 — forked from anonymous/config.json
Bootstrap Customizer Config
{
"vars": {
"@gray-base": "#000",
"@gray-darker": "lighten(@gray-base, 13.5%)",
"@gray-dark": "lighten(@gray-base, 20%)",
"@gray": "lighten(@gray-base, 33.5%)",
"@gray-light": "lighten(@gray-base, 46.7%)",
"@gray-lighter": "lighten(@gray-base, 93.5%)",
"@brand-primary": "darken(#428bca, 6.5%)",
"@brand-success": "#5cb85c",
@lokhman
lokhman / ubuntu-hardening.md
Last active February 24, 2025 09:26
List of things for hardening Ubuntu

WARNING

May contain out of date information. Check the comments below!

The list of actions listed below was taken mostly from Book Of Zeus with minor modifications and did the job well for Ubuntu version, which was available at that moment (May 2016). This gist was created for internal use and was never meant to be discovered by the web, although Google managed to find and index this page, which was a great surprise for me. Please check the original source for the updated information (links are provided in most of the sections), and read the comments below: they provide more details about the usage experience.

System Updates

http://bookofzeus.com/harden-ubuntu/initial-setup/system-updates/

Keeping the system updated is vital before starting anything on your system. This will prevent people to use known vulnerabilities to enter in your system.

@Arnie97
Arnie97 / remove_watermark.py
Last active February 4, 2025 11:47
Removes the annoying watermarks of it-ebooks.info's downloaded eBooks
#!/usr/bin/env python3
import sys
import re
import shutil
import argparse
import binascii
#
# Author: Daxda