Skip to content

Instantly share code, notes, and snippets.

View plowsec's full-sized avatar

volodya plowsec

96 followers · 50 following
View GitHub Profile
@CollotsSpot
CollotsSpot / Room Card
Created June 24, 2024 15:43
type: custom:button-card
name: Living Room
icon: mdi:sofa
tap_action:
action: navigate
navigation_path: '#livingroom'
entity: sensor.living_room_temp_and_hum
custom_fields:
btn:
card:
@0xeb
0xeb / ida_undo.py
Created July 7, 2021 02:05
Add programmable undo support to IDAPython
"""
IDAPython Extension library (c) Elias Bachaalany.
Undo utilities
"""
import idaapi
# ---------------------------------------------------------------
class undo_handler_t(idaapi.action_handler_t):
@0xtornado
0xtornado / 0_CyberChef_CobaltStrike_Shellcode_Decoder_Recipe
Created April 30, 2020 14:11
CyberChef recipe to extract and decode Shellcode from a Cobalt Strike beacon
[{"op":"Conditional Jump","args":["bxor",false,"Decode_Shellcode",10]},{"op":"Label","args":["Decode_beacon"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Decode text","args":["UTF-16LE (1200)"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Gunzip","args":[]},{"op":"Label","args":["Decode_Shellcode"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"Conditional Jump","args":["",false,"",10]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"XOR","args":[{"option":"Decimal","string":"35"},"Standard",false]}]
@psifertex
psifertex / 1_Snippet_Instructions.txt
Last active April 15, 2025 11:17
my current collection of snippets
Welcome to Jordan's grab-bag of common Binary Ninja Snippets.
These snippest are meant to run with the Binary Ninja Snippets Plugin
(http://github.com/Vector35/snippets) though they can all also be pasted
directly into the python console or turned into stand-alone plugins if needed.
To install the entire collection at once, just install the Snippets plugin via
the plugin manager (CMD/CTL-SHIFT-M), confirm the Snippet Editor works
(Tool/Snippets/Snippet Editor), and unzip this bundle (Download ZIP above) into
your Snippets folder.
@hasherezade
hasherezade / main.cpp
Last active September 12, 2024 05:53
Get PEB64 from a WOW64 process
#include <Windows.h>
#include <iostream>
#include "ntdll_undoc.h"
PPEB get_default_peb()
{
#if defined(_WIN64)
return (PPEB)__readgsqword(0x60);
#else
@RamblingCookieMonster
RamblingCookieMonster / Get-WinEventData and Sysmon.ps1
Last active April 21, 2025 07:08
Extract detailed data from Sysmon event logs
# Download and dot source Get-WinEventData
# https://gallery.technet.microsoft.com/scriptcenter/Get-WinEventData-Extract-344ad840
. "\\path\to\Get-WinEventData.ps1"
# Download and Set up Sysmon as desired
# http://technet.microsoft.com/en-us/sysinternals/dn798348
# http://www.darkoperator.com/blog/2014/8/8/sysinternals-sysmon
#Use Get-WinEvent and Get-WinEventData to obtain events and extract XML data from them - let's see all the properties behind one!
Get-WinEvent -FilterHashtable @{logname="Microsoft-Windows-Sysmon/Operational";id=3} |