- target: 856 binaries in
/bin
| name | frequency (%) | cumulative (%) |
|---|---|---|
| ld | 14.101200487156945 | 14.101200487156945 |
| mv | 10.010240605850349 | 24.111441093007294 |
| addi | 9.590532965163105 | 33.7019740581704 |
| sd | 8.400851481380371 | 42.10282553955077 |
kohnakagawa
/ XPR_pirrit_132.yara
Created
May 2, 2024 12:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private rule Macho | |
| { | |
| meta: | |
| description = "private rule to match Mach-O binaries" | |
| condition: | |
| uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca | |
| } | |
| rule macos_pirrit_install_flash | |
| { |
kohnakagawa
/ arm64_bit_instruction_test.c
Created
December 15, 2021 04:53
ARM64 の ubfx 命令の挙動をテストするためのプログラム
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdint.h> | |
| __attribute__((noinline)) | |
| uint64_t ubfx(uint64_t src) { | |
| uint64_t ret = 0x5555555555555555; | |
| asm volatile ("ubfx %0, %1, #4, #24" | |
| : "=r"(ret) | |
| : "r"(src)); | |
| return ret; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Windbg\Workspaces] | |
| "Default"=hex:57,44,57,53,01,00,00,00,33,00,00,00,68,00,5c,00,f3,ff,ff,ff,00,\ | |
| 00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,03,02,01,31,43,00,\ | |
| 6f,00,6e,00,73,00,6f,00,6c,00,61,00,73,00,00,00,00,00,00,00,00,00,00,00,00,\ | |
| 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ | |
| 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,10,00,04,00,19,\ | |
| 19,19,00,00,00,00,00,01,00,02,00,10,00,04,00,cf,ce,9a,00,00,00,00,00,02,00,\ | |
| 02,00,10,00,04,00,6f,6d,7e,00,00,00,00,00,03,00,02,00,10,00,04,00,cf,ce,9a,\ |
kohnakagawa
/ HeapLayoutChecker.cpp
Last active
September 1, 2021 14:05
Inspired by this blog post (https://www.rapid7.com/blog/post/2019/06/12/heap-overflow-exploitation-on-windows-10-explained/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <Windows.h> | |
| #include <vector> | |
| #include <algorithm> | |
| class OffsetTracker | |
| { | |
| std::vector<int> offsets; | |
| public: |
kohnakagawa
/ patch_2020_2021.diff
Last active
June 1, 2021 07:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/src/PE/Binary.cpp b/src/PE/Binary.cpp | |
| index 0884c625..34e881bf 100644 | |
| --- a/src/PE/Binary.cpp | |
| +++ b/src/PE/Binary.cpp | |
| @@ -1,5 +1,5 @@ | |
| -/* Copyright 2017 R. Thomas | |
| - * Copyright 2017 Quarkslab | |
| +/* Copyright 2017 - 2021 R. Thomas | |
| + * Copyright 2017 - 2021 Quarkslab | |
| * |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .global _main | |
| .p2align 4 | |
| _main: | |
| adr x0, shell | |
| mov x1, 0 | |
| mov x2, 0 | |
| mov x16,#0x3b | |
| svc #0x80 | |
| ret |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| int main() { | |
| int a; | |
| __asm { | |
| fldz; | |
| fstenv ss : [esp - 0xc]; | |
| pop eax; | |
| mov a, eax; |
kohnakagawa
/ check_cet_supported.c
Created
March 27, 2021 07:53
Checks whether your cpu supports Intel CET or not (Linux).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <cpuid.h> | |
| #include <stdint.h> | |
| int cpu_supports_cet_shadow_stack() { | |
| uint32_t eax = 0, ebx = 0, ecx = 0, edx = 0; | |
| __cpuid_count(7, 0, eax, ebx, ecx, edx); | |
| return (ecx & (1 << 7)) != 0; | |
| } |
kohnakagawa
/ openssl_pkcs7_sample.c
Created
August 1, 2020 03:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/stat.h> | |
| #include "openssl/err.h" | |
| #include "openssl/objects.h" | |
| #include "openssl/evp.h" | |
| #include "openssl/x509.h" | |
| #include "openssl/pkcs7.h" | |
| #include "openssl/pem.h" |
kohnakagawa
/ README.md
Created
July 1, 2020 12:27
NewerOlder