Skip to content

Instantly share code, notes, and snippets.

View hyuunnn's full-sized avatar
๐Ÿ˜ตโ€๐Ÿ’ซ

Hyun Yi hyuunnn

๐Ÿ˜ตโ€๐Ÿ’ซ
212 followers · 318 following
View GitHub Profile
@MSAdministrator
MSAdministrator / iranian_apit_groups_possible_commands.md
Last active December 6, 2024 08:14
Iranian APT Groups & Possible Commands Used By These Groups

Overview

The following content is generated using a preview release of Swimlane's pyattck.

This snippet of data is scoped to the following actor groups:

  • APT33
  • APT34
  • APT39
  • Charming Kitten
@williballenthin
williballenthin / TxR.bt
Created November 22, 2019 20:49
010 Editor template for parsing Windows Registry TxR (.regtrans-ms) files
//------------------------------------------------
//--- 010 Editor v8.0.1 Binary Template
//
// File: Transactional Registry Transaction Logs (.TxR)
// Authors: Willi Ballenthin <[email protected]>
// Version: 0.1
// Reference: https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html
//------------------------------------------------
LittleEndian();
@icecr4ck
icecr4ck / idapython_cheatsheet.md
Last active March 11, 2025 14:17
Cheatsheet for IDAPython
@nstarke
nstarke / 01-reversing-cisco-ios-raw-binary-firmware-images-with-ghidra.md
Last active February 20, 2025 15:02
Reversing Cisco IOS Raw Binary Firmware Images with Ghidra

Reversing Raw Binary Firmware Files in Ghidra

This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.

Prep work in Binwalk

I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.

While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.

@pe3zx
pe3zx / disable_windows_defender.bat
Last active December 25, 2023 10:27
Disable Windows Defender on Windows 10 1903
rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!!
rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference
rem To also disable Windows Defender Security Center include this
rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
rem 1 - Disable Real-time protection
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
@shoark7
shoark7 / algorithm-sites.md
Last active February 10, 2025 02:30
๊ฐœ์ธ์ ์œผ๋กœ ์‚ฌ์šฉํ–ˆ๋˜ ์•Œ๊ณ ๋ฆฌ์ฆ˜ ์‚ฌ์ดํŠธ๋“ค์„ ์ถ”์ฒœ๋“œ๋ฆฝ๋‹ˆ๋‹ค.

์•Œ๊ณ ๋ฆฌ์ฆ˜์ด๋ผ๊ณ  ๋งŽ์ด ๋“ค์–ด๋ณด์…จ์„ ๊ฒ๋‹ˆ๋‹ค. ์•Œ๊ณ ๋ฆฌ์ฆ˜์€ ๊ต๊ณผ์„œ์‹์œผ๋กœ ์ •์˜ํ•ด๋ณด๋ฉด '๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ์ผ๋ จ์˜ ์ ˆ์ฐจ'๋ผ๊ณ  ํ•  ์ˆ˜ ์žˆ๋Š”๋ฐ์š”. ์ปดํ“จํ„ฐ๋กœ ์–ด๋–ค ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•ด์•ผ ํ•  ๋•Œ, ์ฝ”๋”ฉ์œผ๋กœ ์–ด๋–ป๊ฒŒ ํ•ด๊ฒฐํ• ์ง€์— ๋Œ€ํ•œ ๊ตฌ์ฒด์ ์ธ ๋ฐฉ๋ฒ•์„ ์ด์•ผ๊ธฐํ•ฉ๋‹ˆ๋‹ค.

์˜ˆ๋ฅผ ๋“ค์–ด, ์ˆซ์ž ๋ฐฐ์—ด์„ ์ •๋ ฌํ•˜๋Š” ๋ฌธ์ œ๊ฐ€ ์žˆ๋‹ค๊ณ  ํ•ฉ์‹œ๋‹ค. ์ธ๊ฐ„์ด ๋ฐฐ์—ด์„ ๋Œ€์ถฉ ๋ณด๊ณ  ์ •๋ ฌํ•˜๊ธฐ๋Š” ์‰ฝ์ง€๋งŒ ์›์†Œ์˜ ๊ฐœ์ˆ˜๊ฐ€ ์ˆ˜๋ฐฑ๋งŒ๊ฐœ์— ๋‹ฌํ•˜๋Š” ๋ฐฐ์—ด์—์„œ ์ปดํ“จํ„ฐ์—๊ฒŒ ์ผ์„ ์‹œ์ผœ์„œ ์ปดํ“จํ„ฐ๊ฐ€ ์ •๋ ฌํ•˜๊ฒŒ ํ•˜๋Š” ๊ฒƒ์€ ์‰ฝ์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ์‹ค์ œ๋กœ ์ •๋ ฌ์€ ์•Œ๊ณ ๋ฆฌ์ฆ˜์—์„œ ๋งค์šฐ ์œ ๋ช…ํ•˜๊ณ  ๊ธฐ์ดˆ์ ์ธ ๋ถ„์•ผ๋กœ ์ •๋ ฌ์„ ํ•˜๋Š” ๋ฐฉ๋ฒ•, ์ฆ‰ ์•Œ๊ณ ๋ฆฌ์ฆ˜์ด ์ง€๊ธˆ๊นŒ์ง€ ์•Œ๋ ค์ง„ ๊ฒƒ๋งŒ ํ•ด๋„ ์ˆ˜์‹ญ๊ฐ€์ง€๊ฐ€ ๋ฉ๋‹ˆ๋‹ค.

์•Œ๊ณ ๋ฆฌ์ฆ˜์„ ๊ณต๋ถ€ํ•˜๋Š” ๊ฒƒ์€ ๊ฝค ๋„์›€์ด ๋˜๋Š”๋ฐ์š”. ์ผ๋‹จ ์ฝ”๋”ฉ์„ ์‹œ์ž‘ํ•˜์‹œ๋Š” ๋ถ„๋“ค ์ž…์žฅ์—์„œ๋Š” ์ฝ”๋”ฉ์„ ํ•˜๊ฒŒ ๋˜์„œ ์ฝ”๋”ฉ๊ณผ ๋ฌธ๋ฒ•์— ์ต์ˆ™ํ•ด์ง€๋Š” ์žฅ์ ์ด ์žˆ๊ณ , ๋˜ ๊ฐœ๋ฐœ์ž์  ์‚ฌ๊ณ ๋ฅผ ํ•˜๋Š” ๋ฐ ์•Œ๊ณ ๋ฆฌ์ฆ˜ ๋ฌธ์ œ๋ฅผ ํ‘ธ๋Š” ๊ฒƒ์ด ๋„์›€์ด ๋ฉ๋‹ˆ๋‹ค. ์–ด๋–ค ๊ฐœ๋ฐœ ํšŒ์‚ฌ๋“ค์€ ์•Œ๊ณ ๋ฆฌ์ฆ˜ ๋Šฅ๋ ฅ์„ ํ…Œ์ŠคํŠธํ•˜๊ธฐ ๋•Œ๋ฌธ์— ์ทจ์—…์„ ๋ชฉํ‘œ๋กœ ๊ณต๋ถ€ํ•˜์‹ ๋‹ค๋ฉด ์†ํ•ด๋Š” ๋ณด์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

์ €๋Š” ์•Œ๊ณ ๋ฆฌ์ฆ˜์„ ์ข‹์•„ํ•ด์„œ ์กฐ๊ธˆ์”ฉ ํ’€์–ด์™”๋Š”๋ฐ์š”. ์•Œ๊ณ ๋ฆฌ์ฆ˜์„ ํ’€ ์ˆ˜ ์žˆ๋„๋ก ๋ฌธ์ œ๋ฅผ ๋‚ด์ฃผ๋Š” ์‚ฌ์ดํŠธ๋“ค์ด ์ •๋ง ๋งŽ์Šต๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ ๊ทธ์ค‘์—์„œ ๋ช‡ ๊ฐ€์ง€๋งŒ ์†Œ๊ฐœํ•ด๋“œ๋ฆฌ๊ฒ ์Šต๋‹ˆ๋‹ค. ์‚ฌ์ดํŠธ๋Š” ์ •๋ง ๋งŽ์€๋ฐ์š”, ๊ทธ์ค‘์—์„œ ์ œ๊ฐ€ ์ตœ์†Œ ๋ช‡ ๋ฒˆ์ด๋ผ๋„ ์จ๋ณธ ์‚ฌ์ดํŠธ๋“ค๋งŒ ์†Œ๊ฐœํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค. ๋” ์ข‹์€ ์‚ฌ์ดํŠธ๋“ค์ด ์žˆ์œผ๋ฉด ์†Œ๊ฐœํ•ด์ฃผ์‹œ๋ฉด ์ถ”๊ฐ€ํ•  ์ˆ˜ ์žˆ์„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.


@icecr4ck
icecr4ck / binja_ui_template.py
Created June 12, 2019 19:33
Template for writing Binary Ninja UI plugins.
import sys
from PySide2.QtWidgets import (QApplication, QDialog, QPushButton, QLabel, QHBoxLayout)
from PySide2.QtCore import Qt
from binaryninjaui import (UIAction, UIActionHandler, Menu)
class GreatUI(QDialog):
def __init__(self, parent=None):
super(GreatUI, self).__init__(parent)
self.setWindowModality(Qt.NonModal)
@richinseattle
richinseattle / LaunchWinAFL.java
Last active January 14, 2025 18:12
// Launch WinAFL with current function as hook location
//@author richinseattle
//@category _NEW_
//@keybinding
//@menupath
//@toolbar
// Usage:
// Install DynamoRIO and WinAFL
// Add LaunchWinAFL to Ghidra scripts
@cmatthewbrooks
cmatthewbrooks / hello_world_plugin.py
Created April 25, 2019 12:41
The simplest possible IDA plugin with multiple actions
##############################################################################
#
# Name: hello_world_plugin.py
# Auth: @cmatthewbrooks
# Desc: A test plugin to learn how to make these work; Specifically, how to
# have multiple actions within the same plugin.
#
# In plain English, IDA will look for the PLUGIN_ENTRY function which
# should return a plugin object. This object can contain all the
# functionality itself, or it can have multiple actions.
@adulau
adulau / ghidra-community.md
Last active November 11, 2023 13:16
Ghidra community - collection