Skip to content

Instantly share code, notes, and snippets.

View hellodword's full-sized avatar
🔞

hellodword

🔞
View GitHub Profile
@wonderbeyond
wonderbeyond / ipset+iptables+redsocks.md
Last active March 12, 2024 13:43
Apply system-wide proxy settings dynamically using ipset, iptables, redsocks and socks5.
@y0ug
y0ug / _IAT_qiling.py
Last active December 29, 2021 03:10
Using Qiling to resolve obfuscated import on windows
# Emulate sample to resolv obfuscated import with qiling
# Just one way to do it, this method is kind of slow.
# You need to have all the required DLL in the 'rootfs'
# Classic getprocaddress by hash we hook after the call
# read EAX and resolv the name from ql.loader.import_symbols
# compute the address of the mov operand
# generate the idapython code
# python3 IAT_qiling.py sample.exe | tee addr_ida.py
# idapython is in addr_ida.py at the end
@Hanan-Natan
Hanan-Natan / revil_strings_p3.py
Last active March 19, 2025 05:07 — forked from OALabs/revil_strings.py
Decrypt REvil ransomware strings with IDA Python
import idaapi, idc, idautils
class DecryptorError(Exception):
pass
def rc4crypt(key, data):
x = 0
box = list(range(256))
@willings
willings / email-proxy-stack.ts
Created July 18, 2020 07:15
CloudFormation template for Forwarding personal domain emails to Gmail
import * as s3 from '@aws-cdk/aws-s3';
import * as iam from '@aws-cdk/aws-iam';
import * as lambda from '@aws-cdk/aws-lambda';
import * as ses from '@aws-cdk/aws-ses';
import * as sesActions from '@aws-cdk/aws-ses-actions'
import * as logs from '@aws-cdk/aws-logs'
import * as cdk from '@aws-cdk/core';
export class EmailProxyStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
@bazad
bazad / sep_firmware_split.py
Last active July 24, 2024 19:46
Split a decrypted Apple SEP firmware image into individual Mach-O files.
#! /usr/bin/env python3
#
# sep_firmware_split.py
# Brandon Azad
#
# Split a decrypted Apple SEP firmware image into individual Mach-O files.
#
# iPhone11,8 17C5053a https://twitter.com/s1guza/status/1203550760102969345
# iPhone11,8 17E255 https://twitter.com/s1guza/status/1244683851957522435
#
@OALabs
OALabs / revil_strings.py
Created January 26, 2020 22:13
Decrypt REvil ransomware strings with IDA Python
import idaapi, idc, idautils
class DecryptorError(Exception):
pass
def rc4crypt(key, data):
x = 0
box = range(256)
@Dobby233Liu
Dobby233Liu / xiaoxiao_tts.py
Last active May 30, 2023 07:05 — forked from xjohjrdy/xiaoxiao_tts.py
superb edit of an old parameterless script
#!/usr/bin/env python
# -*- coding:utf-8 -*-
"""Edge Microsoft TTS for Python."""
import sys
from ws4py.client.threadedclient import WebSocketClient
import binascii
import argparse
import json
import requests
import re
@xjohjrdy
xjohjrdy / xiaoxiao_tts.py
Last active September 10, 2024 19:50
返回的音频没有文件头,所以我随便加的一个文件头,但显示的音频时长有问题。如果播放器不能正常播放,可以使用Chrome播放。
#!/usr/bin/env python
# -*- coding:utf-8 -*-
import sys
reload(sys)
sys.setdefaultencoding('utf-8')
from ws4py.client.threadedclient import WebSocketClient
import binascii
class WSClient(WebSocketClient):
def __init__(self, url, text, filename):
@nstarke
nstarke / 01-reversing-cisco-ios-raw-binary-firmware-images-with-ghidra.md
Last active December 10, 2025 04:11
Reversing Cisco IOS Raw Binary Firmware Images with Ghidra

Reversing Raw Binary Firmware Files in Ghidra

This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.

Prep work in Binwalk

I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.

While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.

@coconut49
coconut49 / main.go
Created August 21, 2019 03:23
Golang SSL Pinning
package main
import (
"context"
"crypto/sha256"
"crypto/tls"
"crypto/x509"
"encoding/pem"
"errors"
"fmt"