Matt Brooks cmatthewbrooks
Dump-GUY
/ hint_calls.py
Created
March 18, 2024 07:30
Modified version of Willi Ballenthin IDA Plugin hint_calls.py ported to support Python2/3 and IDA>=7.4 (tested IDA 7.7, 8.4)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| IDA plugin to display the calls and strings referenced by a function as hints. | |
| Installation: put this file in your %IDADIR%/plugins/ directory. | |
| Author: Willi Ballenthin <[email protected]> | |
| Licence: Apache 2.0 | |
| ''' | |
| import idc | |
| import idaapi | |
| import idautils |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # by [email protected] | |
| # LLDB custom command to dump OSX/Bundlore Loader python payload | |
| # tested on $lldb --version | |
| # lldb-1100.0.30.6 | |
| # Apple Swift version 5.1.2 (swiftlang-1100.0.278 clang-1100.0.33.9) | |
| # (lldb) script | |
| # Python Interactive Interpreter. To exit, type 'quit()', 'exit()' or Ctrl-D. | |
| # >>> import sys | |
| # >>> print(sys.version) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from __future__ import print_function | |
| import lldb | |
| # This class will single step until the next call assembly instruction | |
| # and then print out all the arguement registers | |
| class Call: | |
| def __init__(self, thread_plan, dict): | |
| self.thread_plan = thread_plan |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef struct tagCREATELINKDATA { | |
| ULONG dwFlags; | |
| WCHAR szLinkName[MAX_PATH]; // + 0x20C | |
| WCHAR szExeName[MAX_PATH]; // + 0x414 | |
| WCHAR szParams[MAX_PATH]; // + 0x61C | |
| WCHAR szWorkingDir[MAX_PATH]; // + 0x824 | |
| WCHAR szOriginalName[MAX_PATH]; // + 0xA2C | |
| WCHAR szExpExeName[MAX_PATH]; // + 0xC34 | |
| WCHAR szProgDesc[MAX_PATH]; // + 0xE3C | |
| WCHAR szFolder[MAX_PATH]; // + 0x1044 |
williballenthin
/ floss-lite.py
Last active
August 16, 2021 13:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| ''' | |
| A simplified FLOSS implementation that only supports stackstrings. | |
| requirements: | |
| - yara-python | |
| - unicorn | |
| author: Willi Ballenthin | |
| email: [email protected] |
securitytube
/ DllMainThread.c
Created
November 1, 2014 11:10
Launch Shellcode as a Thread via DllMain rather than a new process
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Dll Hijacking via Thread Creation | |
| // Author - Vivek Ramachandran | |
| // Learn Pentesting Online -- http://PentesterAcademy.com/topics and http://SecurityTube-Training.com | |
| // Free Infosec Videos -- http://SecurityTube.net | |
| #include <windows.h> | |
| #define SHELLCODELEN 2048 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| # Automatically set the __all__ variable with all | |
| # the available plugins. | |
| plugin_dir = "plugins" | |
| __all__ = [] | |
| for filename in os.listdir(plugin_dir): | |
| filename = plugin_dir + "/" + filename |
lusis
/ python argparse subcommand subparsers.py
Created
October 13, 2010 20:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| from mock import Mock | |
| m = Mock() | |
| parser = argparse.ArgumentParser() | |
| subparsers = parser.add_subparsers() | |
| query_group = subparsers.add_parser('query') | |
| add_group = subparsers.add_parser('add') |