Skip to content

Instantly share code, notes, and snippets.

View fariss's full-sized avatar
💜
Is this social media?

fariss fariss

💜
Is this social media?
21 followers · 0 following
View GitHub Profile
@fariss
fariss / SumSquareDivisors.py
Last active March 1, 2018 02:54
def SumSquareDivisisors(m, n):
from math import sqrt as sq
result = []
f = lambda x: x**2
for k in range(m, n+1):
L = [k]
for i in range(1, k//2 + 1):
if k % i == 0:
L.append(i)
M = list(map(f, L))
@fariss
fariss / RedditFormatter.java
Last active February 14, 2020 08:05
Literally, just turns your sentences into subreddits. That's about it!
public class RedditFormatter {
private String[] input;
public RedditFormatter(String[] input) {
this.input = input;
}
public String format() {
String result = String.join(" r/", this.input);
System.out.println("r/" + result);
@fariss
fariss / wbs.txt
Last active November 26, 2023 04:35
WBS final
1. Benchmarking + Encryption + Generation = 1 unit (Payload build)
1.1 Payload generators (Study metasploit, Convenant, PoshC2, SharpShooter)
1.2 Proper Generator
2. Payload/Shellcode Execution
2.1 Invokation (Distrubtion / Dropper)
2.1.1. Marcros
2.1.2. MS HTA
2.1.3. MSB
2.1.4. WMI
@fariss
fariss / APC-inject.md
Last active November 26, 2023 04:35
Title APC Queue Code Injection
Date 05 May 2021
Author Soufiane Fariss
email [email protected]

APC Queue Code Injection

Simple APC Queue Code Injection

Injection techniques that rely on creating a remote thread in the target process to execute the shellcode might cause a huge increase in the malware confidence score which will raise a lot of suspicion among security products. Nevertheless, these techniques create a new thread, which causes a lot of overhead because of allocating new resources to get the thread up and running.

@fariss
fariss / Makefile
Created August 30, 2021 11:14
Makefile template to assemble with NASM to x86-64 with libc
AS=nasm
ASFLAGS=-f elf64 -g -F dwarf
LD=ld
LDFLAGS=-dynamic-linker /lib64/ld-linux-x86-64.so.2 -lc -m elf_x86_64
RM=rm -rf
SOURCES=$(wildcard *.asm)
OBJECTS=$(SOURCES:.asm=.o)
TARGET=out
%.o: %.asm
@fariss
fariss / extract_insn_number_features_via_pcode_script.py
Last active March 15, 2024 13:41
Just a POC on an idea
#Extract instruction-level number features with P-code
#@category PCode
#@author Soufiane Fariss
#@menupath
#@toolbar
from ghidra.program.model.pcode import HighParam, PcodeOp, PcodeOpAST
from ghidra.program.model.address import AddressSet
from capa.features.extractors.ghidra.insn import *
from capa.features.address import AbsoluteVirtualAddress
@fariss
fariss / keybase.md
Created October 21, 2025 17:18

Keybase proof

I hereby claim:

  • I am fariss on github.
  • I am fariss (https://keybase.io/fariss) on keybase.
  • I have a public key ASC846tysSlsPA5shFdF78Lv9qfw-8ObJnVEmWi58azD6go

To claim this, I am signing this object:

@fariss
fariss / CapaTreeTableDemo.md
Created January 20, 2026 22:34

CAPA TreeTable Ghidra Extension

Installation

  1. Copy all four Java files to your Ghidra scripts directory:

    • macOS/Linux: ~/.ghidra/.ghidra_<version>/scripts/

  2. Run TreeTableGhidraScript.java from the Script Manager

Files Included