Schrodinger schrodyn
schrodyn
/ ioc_vulnerable_drivers.csv
Created
April 8, 2023 14:34
— forked from k4nfr3/ioc_vulnerable_drivers.csv
IOC vulnerable drivers
We can make this file beautiful and searchable if this error is corrected: It looks like row 9 should actually have 4 columns, instead of 2 in line 8.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SHA256,Name,Signer,Description | |
| 04A85E359525D662338CAE86C1E59B1D7AA9BD12B920E8067503723DC1E03162,ADV64DRV.sys,"""FUJITSU LIMITED """, | |
| 05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows | |
| 4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows | |
| 6948480954137987A0BE626C24CF594390960242CD75F094CD6AAA5C2E7A54FA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows | |
| 8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F,Agent64.sys,"""eSupport.com, Inc""",DriverAgent Direct I/O for 64-bit Windows | |
| B1D96233235A62DBB21B8DBE2D1AE333199669F67664B107BFF1AD49B41D9414,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows | |
| 7196187FB1EF8D108B380D37B2AF8EFDEB3CA1F6EEFD37B5DC114C609147216D,ALSysIO64.sys,Artur Liberman,ALSysIO | |
| 7F375639A0DF7FE51E5518CF87C3F513C55BC117DB47D28DA8C615642EB18BFA,ALSys |
schrodyn
/ _rhadamanthys_stage3_unpacker.py
Created
March 18, 2023 16:10
— forked from oopsmishap/_rhadamanthys_stage3_unpacker.py
Rhadamanthys stage3 unpacker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| def extract_stage3(stage3_buffer): | |
| # struct stage3_header | |
| # { | |
| # uint32_t magic; | |
| # uint16_t block_count; | |
| # uint16_t header_size; | |
| # uint32_t entry_offset; |
schrodyn
/ auto_shellcode_hashes.py
Created
March 18, 2023 16:10
— forked from williballenthin/auto_shellcode_hashes.py
automatically resolve shellcode hashes into symbolic names using emulation, example: https://asciinema.org/a/EaHLv3yy7nGnh7mfHQ5DVy1LJ
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sys | |
| import logging | |
| import pefile | |
| import ucutils | |
| import unicorn | |
| import capstone | |
| import argparse |
schrodyn
/ PEB_UNIVERSAL.h
Created
March 3, 2023 00:04
— forked from herrcore/PEB_UNIVERSAL.h
Process Environment Block (PEB) Universal Struct - Fix broken IDA struct
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct PEB_UNIVERSAL | |
| { | |
| BOOLEAN InheritedAddressSpace; //0x0000 | |
| BOOLEAN ReadImageFileExecOptions; //0x0001 | |
| BOOLEAN BeingDebugged; //0x0002 | |
| BYTE byte3; | |
| HANDLE Mutant; //0x0004 | |
| void* ImageBaseAddress; //0x0008 | |
| PEB_LDR_DATA* Ldr; //0x000C | |
| RTL_USER_PROCESS_PARAMETERS* ProcessParameters; //0x0010 |
schrodyn
/ lang.h
Created
March 3, 2023 00:04
— forked from herrcore/lang.h
LANGID Windows Locals enum for quickly parsing malware language checks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| enum langid_country | |
| { | |
| Afrikaans = 0x36, | |
| Afrikaans_South_Africa = 0x436, | |
| Albanian = 0x1c, | |
| Albanian_Albania = 0x41c, | |
| Alsatian = 0x84, | |
| Alsatian_France = 0x484, | |
| Amharic = 0x5e, | |
| Amharic_Ethiopia = 0x45e, |
schrodyn
/ .profile
Created
February 1, 2023 13:55
— forked from bmhatfield/.profile
Automatic Git commit signing with GPG on OSX
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In order for gpg to find gpg-agent, gpg-agent must be running, and there must be an env | |
| # variable pointing GPG to the gpg-agent socket. This little script, which must be sourced | |
| # in your shell's init script (ie, .bash_profile, .zshrc, whatever), will either start | |
| # gpg-agent or set up the GPG_AGENT_INFO variable if it's already running. | |
| # Add the following to your shell init to set up gpg-agent automatically for every shell | |
| if [ -f ~/.gnupg/.gpg-agent-info ] && [ -n "$(pgrep gpg-agent)" ]; then | |
| source ~/.gnupg/.gpg-agent-info | |
| export GPG_AGENT_INFO | |
| else |
schrodyn
/ generate-simple-yara.idc
Created
January 8, 2023 16:56
— forked from notareverser/generate-simple-yara.idc
Extremely simple IDC script to generate a YARA rule from the selected bytes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <idc.idc> | |
| static lmd5(fmd5) | |
| { | |
| auto result,size, nb, x; | |
| size=strlen(fmd5); | |
| result=""; | |
| for (x = 0; x < size; x++) | |
| { |
schrodyn
/ eBPF_second_example.py
Created
October 23, 2022 14:55
— forked from oghie/eBPF_second_example.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import dnslib | |
| import fcntl | |
| import os | |
| import sys | |
| from bcc import BPF | |
| BPF_APP = r''' |
schrodyn
/ final_code_eBPF_dns.py
Created
October 23, 2022 14:53
— forked from oghie/final_code_eBPF_dns.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from struct import unpack | |
| from bcc import BPF | |
| from socket import if_indextoname | |
| C_BPF_KPROBE = """ | |
| #include <net/sock.h> |
schrodyn
/ delta_patch.py
Created
August 11, 2022 23:29
— forked from wumb0/delta_patch.py
a script for applying MS patch deltas
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from ctypes import (windll, wintypes, c_uint64, cast, POINTER, Union, c_ubyte, | |
| LittleEndianStructure, byref, c_size_t) | |
| import zlib | |
| # types and flags | |
| DELTA_FLAG_TYPE = c_uint64 | |
| DELTA_FLAG_NONE = 0x00000000 | |
| DELTA_APPLY_FLAG_ALLOW_PA19 = 0x00000001 |