Skip to content

Instantly share code, notes, and snippets.

View neomafo88's full-sized avatar
🏠
Remote

Neoma Fong neomafo88

🏠
Remote
27 followers · 42 following
View GitHub Profile
@marcnewlin
marcnewlin / apple-hid-read-flash.py
Created March 23, 2024 15:47
#!/usr/bin/env python3
import usb.core
import struct
from collections import namedtuple
APPLE_VID = 0x05ac
Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"])
@Dump-GUY
Dump-GUY / hint_calls.py
Created March 18, 2024 07:30
Modified version of Willi Ballenthin IDA Plugin hint_calls.py ported to support Python2/3 and IDA>=7.4 (tested IDA 7.7, 8.4)
'''
IDA plugin to display the calls and strings referenced by a function as hints.
Installation: put this file in your %IDADIR%/plugins/ directory.
Author: Willi Ballenthin <[email protected]>
Licence: Apache 2.0
'''
import idc
import idaapi
import idautils
@jershmagersh
jershmagersh / generate_api_code_with_db_context.md
Last active February 26, 2024 01:54

Can you write Python that extracts the copied_alphabet string from the __builtin_strncpy in this function and uses it to decrypt data wtihin the dec_sc_buff variable using the binary ninja API? 👤

🤖 To extract the copied_alphabet string and decrypt data within the dec_sc_buff variable using the Binary Ninja API, you can follow these steps: Extract the copied_alphabet string directly from the provided HLIL. Implement the decryption logic based on the operation described in the HLIL for modifying dec_sc_buff. Use the Binary Ninja API for any additional operations needed. Here is a Python example that accomplishes this:

@awakecoding
awakecoding / Install-DbgHelp.ps1
Created December 12, 2023 03:27
function Install-DbgHelp {
param (
[Parameter(Mandatory=$true, Position=0)]
[string] $DbgHelpBaseDir,
[Parameter()]
[string[]] $DbgHelpFiles = @('dbghelp.dll','symsrv.dll','srcsrv.dll'),
[Parameter()]
[switch] $Cleanup
@SinaKarvandi
SinaKarvandi / intercepting-memory-allocations.ds
Created November 24, 2023 09:10
intercepting-memory-allocations
start path "C:\Windows\notepad.exe"
g
? .thread_intercept_thread = 0;
? .target_pid = $pid;
? .target_tid = 0;
? .target_allocation_address = 0;
? .target_allocation_size = 0;
? .is_commited = 0;
!sysret stage post script {
@Dump-GUY
Dump-GUY / GetR2RMethodDisassembly.ps1
Created November 20, 2023 17:06
# Get IL code and pre-compiled native code disassembly of R2R Assembly methods
# Using AsmResolver + Iced + PowerShell
# More Info Here: https://docs.washi.dev/asmresolver/guides/peimage/ready-to-run.html
# Loading dependecies
[System.Reflection.Assembly]::LoadFrom([System.IO.Path]::GetFullPath(".\libs\AsmResolver\net6.0\AsmResolver.PE.dll")) | Out-Null
[System.Reflection.Assembly]::LoadFrom([System.IO.Path]::GetFullPath(".\libs\AsmResolver\net6.0\AsmResolver.DotNet.dll")) | Out-Null
[System.Reflection.Assembly]::LoadFrom([System.IO.Path]::GetFullPath(".\libs\Iced\netstandard2.1\Iced.dll")) | Out-Null
$filePath = [System.IO.Path]::GetFullPath(".\test_files\CompileDecoy_ReplaceReal_SC_Original.dll") # R2R Assembly Sample
@Dump-GUY
Dump-GUY / GetStringHeapObjects.ps1
Created November 13, 2023 14:08
# Recovering strings objects from .NET Heap
# Using clrMD "Microsoft.Diagnostics.Runtime.dll" - https://github.com/microsoft/clrmd
# Use 32-bit PowerShell to investigate 32-bit process and 64-bit PowerShell to investigate 64-bit process
[System.Reflection.Assembly]::LoadFile([System.IO.Path]::GetFullPath("Microsoft.Diagnostics.Runtime.dll")) | Out-Null
$processID = (Get-Process -Name "TestStrings_confused").Id
$dataTarget = [Microsoft.Diagnostics.Runtime.DataTarget]::AttachToProcess($processID, $false)
$clrInfo = $dataTarget.ClrVersions[0]
$clrRuntime = $clrInfo.CreateRuntime()
$objects = $clrRuntime.Heap.EnumerateObjects().Where{$_.Type.IsString}
@jlumbroso
jlumbroso / decrypt_all_pdfs.py
Created November 3, 2023 21:59
A Python script to recursively decrypt PDF files using `qpdf --decrypt`, handling files without passwords and overwriting the originals if decryption is successful.
#!/usr/bin/env python3
"""
decrypt_all_pdfs.py
Author: Jérémie Lumbroso <lumbroso@seas.upenn.edu>
Date: November 3, 2023
Description:
This script recursively finds all PDF files within a specified directory path,
checks if they are encrypted (without a password), and attempts to decrypt them
@csm10495
csm10495 / locked_cookie_test.py
Last active November 16, 2025 15:37
POC that fetches cookies from a locked cookies file on Windows with Chromium based browsers
@Kenny-MWI
Kenny-MWI / slack_tweaks.md
Last active November 19, 2025 16:19
Slack Tweaks

Slack Tweaks

In Fall 2023, Slack introduced an updated client with some unpopular UI changes. The tweaks in this document can be used to revert to the old client or hide the new side bar. These will reset every time you fully close Slack but they are easy to re-apply once you get the hang of it.

(Cross Platform) Open Dev Tools [Preferred Option]

To run any of these scripts, you'll need to open the Dev Tools (or Console). You can do this by typing /slackdevtools in a Slack channel or direct message. These are the same Dev Tools you'd get in Chrome if you hit F12. Along the top are tabs for Elements, Console, Sources, Network, etc. You'll want to paste these scripts into the Console tab at the > prompt.

If Slack disables this command, then you can open Dev Tools by setting a system-wide environment variable and using a keyboard shortcut to open the console. If /slackdevtools worked for you then you can skip these next two sections.

(Mac OS) Enable Dev Mode