hasherezade

#include <stdio.h>
#include <Windows.h>

// based on: https://www.evilsocket.net/2014/02/11/on-windows-syscall-mechanism-and-syscall-numbers-extraction-methods/
// author: @evilsocket
// modified by: @hasherezade

#define IS_ADDRESS_BETWEEN( left, right, address ) ( (address) >= (left) && (address) < (right) )
PIMAGE_SECTION_HEADER SectionByRVA( PIMAGE_SECTION_HEADER pSections, DWORD dwSections, DWORD rva )
{

jaredcatkinson

function Get-InjectedThread
{
    <# 
    
    .SYNOPSIS 
    
    Looks for threads that were created as a result of code injection.
    
    .DESCRIPTION
    

payalord

I assume that you already created C++ Win32 project where you want to include SQLite.

1. Navigate to https://www.sqlite.org/download.html and download latest amalgamation source version of SQLite.
2. Extract all the files into your project directory, or your include path, or separate path that you will add/added as include path in your project properties.
3. Run Developer Command Prompt for VS **** which is usually available at Start -> Programs -> Visual Studio **** -> Visual Studio Tools.
4. Navigate with command prompt to that directory where we extracted our SQLite.
5. Run next command to compile: cl /c /EHsc sqlite3.c
6. Run next command to create static library: lib sqlite3.obj
7. Open properties of your project and add sqlite3.lib to Linker -> Input -> Additional Dependencies.

nstarke

Reversing Raw Binary Firmware Files in Ghidra

This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.

Prep work in Binwalk

I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.

While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.

gavz

<#
    ImageFileExecutionOptions v1.0
    License: GPLv3
    Author: @netbiosX
#>
# Image File Execution Options Injection Persistence Technique
# https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/

function Persist-Debugger

csandker

PS C:\Users\Clark.Kent\Desktop> ## Unconstrained Delegation
PS C:\Users\Clark.Kent\Desktop> ([adsisearcher]'(userAccountControl:1.2.840.113556.1.4.803:=524288)').FindAll()

Path                                                          Properties
----                                                          ----------
LDAP://CN=DC01,OU=Domain Controllers,DC=MonkeyIsland,DC=local {ridsetreferences, logoncount, codepage, objectcategor...
LDAP://CN=HTTPSvc,CN=Users,DC=MonkeyIsland,DC=local           {givenname, codepage, objectcategory, dscorepropagatio...


PS C:\Users\Clark.Kent\Desktop> ## Constrained Delegation

Areizen

const simulated_latitude  = 48.8534
const simulated_longitude = 2.3488

Java.perform(function(){

    const Location = Java.use('android.location.Location')
    
    var location = Location.$new("gps")
    location.setLatitude(simulated_latitude)
    location.setLongitude(simulated_longitude)

muff-in

Assembly Language / Reversing / Malware Analysis / Game Hacking -resources

⭐Assembly Language

Modern x64 Assembly

https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA

wdormann

# DON'T USE THIS VERSION!
# Try https://gist.github.com/wdormann/89ed779933fe205fb52ecf3eacf5ff40 instead

import os
import subprocess

# See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/

svcinfo = {}
FNULL = open(os.devnull, 'w')

wumb0

import base64
import hashlib
import zlib
from ctypes import (
    CDLL,
    POINTER,
    LittleEndianStructure,
    c_size_t,
    c_ubyte,
    c_uint64,