Skip to content

Instantly share code, notes, and snippets.

View ewilded's full-sized avatar
🌴
On vacation

Julian Horoszkiewicz ewilded

🌴
On vacation
200 followers · 68 following
View GitHub Profile
@probonopd
probonopd / arewexlibreyet.md
Last active July 3, 2025 22:54

Are we XLibre yet?

X11 has been, and still is, a vital piece of technology at the core of professional Unix-like workstations since decades. It has a proven track record of supporting enterprise-grade applications with long-term protocol stability and platform compatibility. It has matured over decades. XLibre is an actively developed fork of the X.Org X11 server, initiated by the most active X.Org developer and supported by the open source community.

An incompatible alternative, Wayland, is being aggressively pushed by IBM = Red Hat = Gnome = Fedora = freedesktop.org. However, it is not ready to succeed X11 as it its governance model leads to never-ending discussions and prevents even the most essential functionality from existing. Think twice before abandoning Xorg. Wayland breaks everything!

It is time that the open source community reclaims what was ours to begin with. This page lists distrib

@curi0usJack
curi0usJack / Get-Origins.ps1
Created March 27, 2025 20:28
PowerShell code to map CDN (Classic or FrontDoor) to their Origin hostname.
Import-Module Az
Connect-AzAccount
$ipre = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
function Get-ClassicOrigins() {
$profs = Get-AzCDNProfile
$coll = @()
foreach ($prof in $profs) {
@benpturner
benpturner / GetAPICall.cs
Created December 1, 2020 21:13
GetAPICall
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
namespace GetAPICall
{
class Program
{
const uint PROCESS_ALL_ACCESS = 0x000F0000 | 0x00100000 | 0xFFF;
@JohnLaTwC
JohnLaTwC / 38bd9e647609d121621fc817ab2fdb5b58e9a2ac6c2f6640c36bc2164e7d54f1
Created October 1, 2020 01:41
A very interesting DOCX no?
olevba 0.55.1 on Python 3.8.3 - http://decalage.info/python/oletools
===============================================================================
FILE: 38bd9e647609d121621fc817ab2fdb5b58e9a2ac6c2f6640c36bc2164e7d54f1
Type: OpenXML
-------------------------------------------------------------------------------
VBA MACRO ThisDocument.cls
in file: word/vbaProject.bin - OLE stream: 'VBA/ThisDocument'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Private Declare PtrSafe Function ExpandString Lib "kernel32" Alias "ExpandEnvironmentStringsA" (ByVal lpSrc As String, ByVal lpDst As String, ByVal nSize As Long) As Long
@Arno0x
Arno0x / NetLoader.cs
Last active June 28, 2025 16:39
Partial rewrite of @Flangvik NetLoader. Supports proxy with authentication, XOR encrypted binaries, multiple arguments passing to binary.
/*
Author: Arno0x0x, Twitter: @Arno0x0x
Completely based on @Flangvik netloader
This partial rewrite of @Flangvik Netloader includes the following changes:
- Allow loading of an XOR encrypted binary to bypass antiviruses
To encrypt the initial binary you can use my Python transformFile.py script.
Example: ./transformFile.py -e xor -k mightyduck -i Rubeus.bin -o Rubeus.xor
@ophirharpaz
ophirharpaz / get_call_flows_from_exports.py
Created February 22, 2020 15:19
The script generates and prints a graph of all function-call flows that start in exported functions and end in the function being pointed at in IDA. This functionality is useful when you need to trigger a function in a DLL and wish to know which exported function leads to it.
"""
The script generates and prints a graph of all function-call flows that start in exported functions and end
in the function being pointed at in IDA.
This functionality is useful when you need to trigger a function in a DLL and wish to know which exported function
leads to it.
"""
import idaapi
import idautils
import idc
@nullenc0de
nullenc0de / content_discovery_nullenc0de.txt
Last active April 2, 2025 06:37
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0
/0
@mattifestation
mattifestation / ExpandDefenderSig.ps1
Created March 28, 2019 20:17
Decompresses Windows Defender AV signatures for exploration purposes
filter Expand-DefenderAVSignatureDB {
<#
.SYNOPSIS
Decompresses a Windows Defender AV signature database (.VDM file).
.DESCRIPTION
Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed.
@0xhexmex
0xhexmex / Get-KerberosKeytab.ps1
Created February 14, 2019 21:50 — forked from raandree/Get-KerberosKeytab.ps1
Parses Kerberos Keytab files
param(
[Parameter(Mandatory)]
[string]$Path
)
#Created by [email protected]
#
#Got keytab structure from http://www.ioplex.com/utilities/keytab.txt
#
# keytab {
@yannayl
yannayl / populate_ram.py
Last active January 20, 2019 07:23
Populates the RAM and adds references according to a memory dump
import sark
import construct as ct
import ida_xref
## I have dumped the memory content to ram.bin
dump = open("ram.bin", "rb").read()
ram = sark.Segment(name='RAM')
## memoizing can make it more efficient but IDC
def in_segs(ea, segs):