Luca Corbatto targodan
str4d
/ DemangleRust.py
Last active
November 18, 2024 15:32
Ghidra script for demangling Rust symbols
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Attempts to demangle all mangled symbols in the current program using the Rust | |
| # mangling schemes, and replace the default symbol and function signature | |
| # (if applicable) with the demangled symbol. | |
| # | |
| # License: MIT OR Apache-2.0 | |
| #@author Jack Grigg <[email protected]> | |
| #@category Symbol | |
| import string |
miguelmota
/ logrus_hooks.go
Last active
September 7, 2021 07:27
Golang Logrus show filename and line number
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package logger | |
| import ( | |
| "fmt" | |
| "path" | |
| "runtime" | |
| "github.com/sirupsen/logrus" | |
| ) |
x0rz
/ fake_sandbox.ps1
Created
April 14, 2016 13:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Simulate fake processes of analysis sandbox/VM that some malware will try to evade | |
| # This just spawn ping.exe with different names (wireshark.exe, vboxtray.exe, ...) | |
| # It's just a PoC and it's ugly as f*ck but hey, if it works... | |
| # Usage: .\fake_sandbox.ps1 -action {start,stop} | |
| param([Parameter(Mandatory=$true)][string]$action) | |
| $fakeProcesses = @("wireshark.exe", "vmacthlp.exe", "VBoxService.exe", | |
| "VBoxTray.exe", "procmon.exe", "ollydbg.exe", "vmware-tray.exe", |