odzhan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| Running test...key : 803D8AB2E5B6E6FCA715737C3A82F7CE3C783124F6D51CD0 | |
| Session keys match... | |
| OK. | |
| Generating random keys...OK | |
| Private Key for Alice : 31FA1084 | |
| Private Key for Bob : 2D748885 | |
| Generating public keys... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| ECC-32 implementation | |
| Private Key for Alice : 775bd026 | |
| Private Key for Bob : 5133580e | |
| Public Key for Alice : (32f20f84, 63852a02) | |
| Public Key for Bob : (6d4444c2, 1563edf9) | |
| Session Key for Alice : (2f3a9fa3, 6a9fa1ce) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # ECDH using P-192 prime192v1 | |
| # | |
| # Runs very slow because of binary methods used. | |
| # | |
| import random | |
| # Elliptic curve parameters P-192 prime192v1 | |
| p = 0xfffffffffffffffffffffffffffffffeffffffffffffffff |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Simple regexp example using IRegExp interface. | |
| // | |
| /** | |
| # Found 4 matches. | |
| > [email protected] | |
| > [email protected] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Simple obfuscation using byte substitution | |
| // | |
| #include <cstdio> | |
| #include <cstdint> | |
| #include <cstdlib> | |
| #include <cstring> | |
| #include <cmath> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // @modexpblog | |
| // | |
| #include <cstdio> | |
| #include <cstdlib> | |
| #include <cstring> | |
| #include <cstdint> | |
| #include <ctime> | |
| #include <cmath> | |
| #include <fcntl.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // How to locate the NT Delegate Callback Table in x86 builds of ntdll.dll | |
| // | |
| // @modexpblog | |
| // | |
| #define PHNT_VERSION PHNT_THRESHOLD | |
| #include <phnt_windows.h> | |
| #include <phnt.h> |
odzhan
/ proc_env_exit.cpp
Last active
June 12, 2024 05:01
Resolve dynamic address of Process.Environment.Exit in CLR host process using C++
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Resolve dynamic address of Process.Environment.Exit in CLR host process using C++ | |
| // | |
| // Based on : | |
| // https://www.mdsec.co.uk/2020/08/massaging-your-clr-preventing-environment-exit-in-in-process-net-assemblies/ | |
| // https://github.com/yamakadi/clroxide/blob/214222d578bf62b4c7fc860125268f4eecb9f331/examples/patch_exit.rs | |
| // https://github.com/kyleavery/inject-assembly/blob/8db977c0fd1da039df920f9dd4840d4a3ec2aa2c/src/scmain.c | |
| // https://github.com/TheWover/donut/blob/master/loader/test/rdt.cpp ;) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| Compression using undocumented API in rdpbase.dll | |
| RDPCompressEx supports four algorithms : MPPC-8K, MPPC-64K, NCRUSH and XCRUSH. | |
| This code supports all except NCRUSH. | |
| The MPPC compression ratio is very similar to LZSS, so this could be quite useful for shellcode trying to evade detection. | |
| NCRUSH compression appears to work but fails for decompression. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // LZ77 compression / decompression algorithm | |
| // this is the compression Microsoft used in Windows *.HLP and *.MRB files | |
| // It is also used with Install Shield files. These files are | |
| // recognizable by the letters SZDD in the first 4 bytes. The file | |
| // names for files compressed in this way are usually the name of the | |
| // file as it would be installed but with the last character replaced | |
| // by '_' | |
| // This program is a complete hack. I am not responsible for the |