This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| void DumpHex(const void* data, size_t size) { | |
| char ascii[17]; | |
| size_t i, j; | |
| ascii[16] = '\0'; | |
| for (i = 0; i < size; ++i) { | |
| printf("%02X ", ((unsigned char*)data)[i]); | |
| if (((unsigned char*)data)[i] >= ' ' && ((unsigned char*)data)[i] <= '~') { | |
| ascii[i % 16] = ((unsigned char*)data)[i]; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // A very rough x64 POC for spoofing environment variables similar to argument spoofing with a focus on | |
| // setting the COMPlus_ETWEnabled=0 var for disabling ETW in .NET. | |
| // | |
| // Works by launching the target process suspended, reading PEB, updates the ptr used to store environment variables, | |
| // and then resuming the process. | |
| // | |
| // (https://blog.xpnsec.com/hiding-your-dotnet-complus-etwenabled/) | |
| #define INJECT_PARAM L"COMPlus_ETWEnabled=0\0\0\0" | |
| #define INJECT_PARAM_LEN 43 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| '''checkaslrfiles.py: Check for files that opt into ASLR with /DYNAMICBASE, | |
| but do not have a relocation table to allow ASLR to function. | |
| usage: checkaslrfiles.py <dir> | |
| ex: checkaslr.py "C:\Program Files\" | |
| requires: pefile <https://github.com/erocarrera/pefile>, which should be | |
| installable via: pip install pefile | |
| ''' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Latency Comparison Numbers (~2012) | |
| ---------------------------------- | |
| L1 cache reference 0.5 ns | |
| Branch mispredict 5 ns | |
| L2 cache reference 7 ns 14x L1 cache | |
| Mutex lock/unlock 25 ns | |
| Main memory reference 100 ns 20x L2 cache, 200x L1 cache | |
| Compress 1K bytes with Zippy 3,000 ns 3 us | |
| Send 1K bytes over 1 Gbps network 10,000 ns 10 us | |
| Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy"> | |
| <VersionEx>10.0.1.0</VersionEx> | |
| <PolicyID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyID> | |
| <BasePolicyID>{A244370E-44C9-4C06-B551-F6016E563076}</BasePolicyID> | |
| <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> | |
| <Rules> | |
| <Rule> | |
| <Option>Enabled:Unsigned System Integrity Policy</Option> | |
| </Rule> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ensure System.Security assembly is loaded. | |
| Add-Type -AssemblyName System.Security | |
| function ConvertTo-CIPolicy { | |
| <# | |
| .SYNOPSIS | |
| Converts a binary file that contains a Code Integrity policy into XML format. | |
| Author: Matthew Graeber (@mattifestation) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -version 5 | |
| <# | |
| The things you find on Google searching for specific GUIDs... | |
| Known Keyword friendly names: | |
| "UTC:::CATEGORYDEFINITION.MS.CRITICALDATA":"140737488355328" | |
| "UTC:::CATEGORYDEFINITION.MS.MEASURES":"70368744177664" | |
| "UTC:::CATEGORYDEFINITION.MS.TELEMETRY":"35184372088832" | |
| "UTC:::CATEGORYDEFINITION.MSWLAN.CRITICALDATA":"2147483648" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ::############################################################################################################### | |
| :: Credits and More info: https://gist.github.com/mackwage/08604751462126599d7e52f233490efe | |
| :: https://github.com/LOLBAS-Project/LOLBAS | |
| :: https://lolbas-project.github.io/ | |
| :: https://github.com/Disassembler0/Win10-Initial-Setup-Script | |
| :: https://github.com/cryps1s/DARKSURGEON/tree/master/configuration/configuration-scripts | |
| :: https://gist.github.com/alirobe/7f3b34ad89a159e6daa1#file-reclaimwindows10-ps1-L71 | |
| :: https://github.com/teusink/Home-Security-by-W10-Hardening | |
| :: | |
| ::############################################################################################################### |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Parser for chess games from Chess.com | |
| # Cleans everything between {} | |
| #ORIG:1.d4 {0:59} e6 {0:59} 2.Nc3 {0:59} Nf6 {0:59} 3.Bf4 {0:58} d5 {0:59} 4.f3 {0:58} a6 {0:58} 5.Qd2 {0:58} Bb4 {0:58} 6.O-O-O {0:57} c5 {0:57} 7.a3 {0:56} Ba5 {0:56} 8.dxc5 {0:55} Bc7 {0:51} 9.Bxc7 {0:54} Qxc7 {0:51} 10.g4 {0:54} Qxc5 {0:50} 11.h4 {0:53} Qf2 {0:44} 12.g5 {0:51} Nh5 {0:41} 13.Ne4 {0:51} dxe4 {0:37} 14.Qd8# {0:50} | |
| #CLEANED: 1.d4 e6 2.Nc3 Nf6 3.Bf4 d5 4.f3 a6 5.Qd2 Bb4 6.O-O-O c5 7.a3 Ba5 8.dxc5 Bc7 9.Bxc7 Qxc7 10.g4 Qxc5 11.h4 Qf2 12.g5 Nh5 13.Ne4 dxe4 14.Qd8# | |
| $game = '1.d4 {0:59} e6 {0:59} 2.Nc3 {0:59} Nf6 {0:59} 3.Bf4 {0:58} d5 {0:59} 4.f3 {0:58} a6 {0:58} 5.Qd2 {0:58} Bb4 {0:58} 6.O-O-O {0:57} c5 {0:57} 7.a3 {0:56} Ba5 {0:56} 8.dxc5 {0:55} Bc7 {0:51} 9.Bxc7 {0:54} Qxc7 {0:51} 10.g4 {0:54} Qxc5 {0:50} 11.h4 {0:53} Qf2 {0:44} 12.g5 {0:51} Nh5 {0:41} 13.Ne4 {0:51} dxe4 {0:37} 14.Qd8# {0:50}' | |
| $regex = '\{(.*?)\}' | |
| $cleanedgame = $txt -replace $regex, '' | |
| $cleanedgame |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |