exoosh
/ ksec_ioctls.idc
Last active
October 10, 2022 12:31
IOCTLs used by \Device\KsecDD, e.g. via RtlEncryptMemory and RtlDecryptMemory for use in C/C++ and IDA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <idc.idc> | |
| static main(void) | |
| { | |
| auto id; | |
| // set 'loading idc file' mode | |
| set_inf_attr(INF_GENFLAGS, INFFL_LOADIDC|get_inf_attr(INF_GENFLAGS)); | |
| begin_type_updating(UTP_ENUM); | |
| id = add_enum(-1,"IOCTL_KSEC",0x1100000); | |
| add_enum_member(id,"IOCTL_KSEC_CONNECT_LSA", 0x398000, -1); // CTL_CODE(FILE_DEVICE_KSEC, 0x00, METHOD_BUFFERED, FILE_WRITE_ACCESS) |
exoosh
/ windows_hardening.cmd
Created
September 19, 2022 11:30
— forked from ricardojba/windows_hardening.cmd
A Windows hardening script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ::########################################################################################################################## | |
| :: | |
| :: This script can ruin your day, if you run it without fully understanding what it does, you don't know what you are doing, | |
| :: | |
| :: OR BOTH!!! | |
| :: | |
| :: YOU HAVE BEEN WARNED!!!!!!!!!! | |
| :: | |
| :: This script is provided "AS IS" with no warranties, and confers no rights. | |
| :: Feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section, |
exoosh
/ TLGMetadataParser.psm1
Created
September 19, 2022 11:33
— forked from mattifestation/TLGMetadataParser.psm1
Retrieves TraceLogging metadata from a file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -version 5 | |
| <# | |
| The things you find on Google searching for specific GUIDs... | |
| Known Keyword friendly names: | |
| "UTC:::CATEGORYDEFINITION.MS.CRITICALDATA":"140737488355328" | |
| "UTC:::CATEGORYDEFINITION.MS.MEASURES":"70368744177664" | |
| "UTC:::CATEGORYDEFINITION.MS.TELEMETRY":"35184372088832" | |
| "UTC:::CATEGORYDEFINITION.MSWLAN.CRITICALDATA":"2147483648" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "FilePath": "C:\\Windows\\System32\\dpapisrv.dll", | |
| "Providers": [ | |
| { | |
| "ProviderGUID": "9d2a53b2-1411-5c1c-d88c-f2bf057645bb", | |
| "ProviderName": "Microsoft.Windows.Security.Dpapi", | |
| "ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba" | |
| }, | |
| { | |
| "ProviderGUID": "703fcc13-b66f-5868-ddd9-e2db7f381ffb", |
exoosh
/ get_version_with_gitrev.py
Created
October 25, 2022 13:53
Use Dulwich to retrieve the full commit hash and dirty state of a Git work tree
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # -*- coding: utf-8 -*- | |
| # vim: set autoindent smartindent softtabstop=4 tabstop=4 shiftwidth=4 expandtab: | |
| import functools | |
| import os | |
| from contextlib import suppress | |
| from dulwich import porcelain | |
| from dulwich.errors import NotGitRepository | |
| __version__ = "0.1.2" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function detect_newest # Function to detect newest clang-based tool (they have a numeric suffix -<version>) | |
| { | |
| local PFX=${1:-clang++} | |
| for v in "" -{32..1}; do test -n "$(which -- $PFX$v)" && { echo "$PFX$v"; break; }; done | |
| } | |
| [[ -z "$CXX" ]] && CXX=$(detect_newest clang++) | |
| [[ -z "$CC" ]] && CC=$(detect_newest clang) | |
| [[ -n "$CXX" ]] || { echo -e "${cR}FATAL:${cZ} ${cW}CXX${cZ} not detected."; } | |
| [[ -n "$CC" ]] || { echo -e "${cR}FATAL:${cZ} ${cW}CC${cZ} not detected."; } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Small function to use Bash to detect the latest available clang and clang++ binaries, if using them by that name fails | |
| detect_newest=$(shell bash -c 'for v in "" -{32..1}; do test -n "$$(which -- $1$$v)" && { echo "$1$$v"; break; }; done') | |
| override CXX:=$(call detect_newest,clang++) | |
| override CC:=$(call detect_newest,clang) | |
| $(warning CC: $(CC)) | |
| $(warning CXX: $(CXX)) |
exoosh
/ find-visual-studio-path.sh
Last active
February 27, 2023 17:05
How to detect Visual Studio installation path from Git Bash, Cygwin, MSYS2 etc.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| [[ -t 1 ]] && { cG="\e[1;32m"; cR="\e[1;31m"; cB="\e[1;34m"; cW="\e[1;37m"; cY="\e[1;33m"; cG_="\e[0;32m"; cR_="\e[0;31m"; cB_="\e[0;34m"; cW_="\e[0;37m"; cY_="\e[0;33m"; cZ="\e[0m"; export cR cG cB cY cW cR_ cG_ cB_ cY_ cW_ cZ; } | |
| for tool in env gawk tr; do type $tool > /dev/null 2>&1 || { echo -e "${cR}ERROR:${cZ} couldn't find '$tool' which is required by this script."; exit 1; }; done | |
| function VsWhereLatest | |
| { | |
| for tool in cygpath; do type $tool > /dev/null 2>&1 || { echo -e "${cR}ERROR:${cZ} couldn't find '$tool' which is required by this script."; exit 1; }; done | |
| # Bash chokes on variable names with embedded parentheses, hence this mumbo jumbo | |
| local PF86="$(cygpath -u "$(env|tr -d '\r'|gawk -F= '$1 == "ProgramFiles(x86)" {print $2}')")" | |
| # This is a well-known path that _can_ legitimately be hardcoded as per Microsoft! |
exoosh
/ os-release.txt
Created
December 6, 2023 09:24
/etc/os-release contents of some Debian and Debian derivatives (URLs removed)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ID=debian | |
| NAME="Debian GNU/Linux" | |
| PRETTY_NAME="Debian GNU/Linux 11 (bullseye)" | |
| VERSION="11 (bullseye)" | |
| VERSION_CODENAME=bullseye | |
| VERSION_ID="11" | |
| ID=debian | |
| NAME="Debian GNU/Linux" | |
| PRETTY_NAME="Debian GNU/Linux 12 (bookworm)" |