Skip to content

Instantly share code, notes, and snippets.

View trietptm's full-sized avatar
💭
Information Security Consulting, Threat Hunting

Minh-Triet Pham Tran trietptm

💭
Information Security Consulting, Threat Hunting
View GitHub Profile
@trietptm
trietptm / Exploitation
Created February 20, 2016 04:05 — forked from HockeyInJune/Exploitation
Here are the tutorials we ran in #tutorials on IRC for CSAW CTF 2013.
04:28 -!- mode/#tutorials [+m] by HockeyInJune
04:28 <~HockeyInJune> Okay, we'll be starting again in a second.
04:29 <~HockeyInJune> Exploitation 1 is next at 19 votes.
04:29 <~HockeyInJune> Let's do that one.
04:29 <~HockeyInJune> You'll need IDA Demo and a Text Editor.
04:29 <~HockeyInJune> https://www.hex-rays.com/products/ida/support/download_demo.shtml
04:29 <~HockeyInJune> http://www.sublimetext.com/
04:31 <~HockeyInJune> Oh, isn't this a great song?
04:31 <~HockeyInJune> Alright, let's get started.
04:31 <~HockeyInJune> The times the are a-changin'
@trietptm
trietptm / learn_crypto.txt
Created February 20, 2016 05:29 — forked from abderraouf-adjal/learn_crypto.txt
Learn crypto links
أساسيات التشفير - رواق
http://www.rwaq.org/courses/introduction-to-encryption
Applied Cryptography - UDACITY
https://www.udacity.com/course/cs387
Theory and Practice of Cryptography - GoogleTechTalks
http://youtu.be/IzVCrSrZIX8
CISSP Training - Cryptography - The Geek Academy
@trietptm
trietptm / malware.md
Created March 24, 2016 18:56
Malware

Malware Research, Collection, and Analysis

All of this information was collected by doing google searches or from the URLs mentioned in the References section. I collected them here because I wanted a single list that I could update, refer to, and share with others. Simply having a link listed here is not necessarily an endorsement. I only have personal experience with a small number of the resources listed here. I did however, make an initial attempt to remove dead links from the reference links. Some good starting points are Lenny Zelster's Reverse-Engineering Malware Cheat Sheet and Analyzing Malicious Documents Cheat Sheet. In fact, as you'll notice in the reference section, Lenny's site is included multiple times. He has some really awesome information.

Mailing Lists and Discussion Forums

http://www.securityfocus.com/archive/138/description http://reddit.c

#!/usr/bin/env python
"""
(c) hAsh, 2015 run via ImmunityDbg
"""
__VERSION__ = '0.3.1'
__AUTHOR__ = 'hAsh'
import immlib
import pefile
@trietptm
trietptm / AddToShell.reg
Created March 28, 2016 16:18 — forked from hasherezade/AddToShell.reg
PIN_runner
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\PIN_run]
@="Run with PIN"
[HKEY_CLASSES_ROOT\*\shell\PIN_run\command]
@="\"C:\\Pin_Tools\run_me.bat\" \"%1\""
# Flags util (for .gdbinit)
# set of commands for easy manipulation on FLAGS
# CC-BY: hasherezade
define translate_flag
if $argc == 0
help translate_flag
else
set $retval = (-1)
@trietptm
trietptm / ImportParser.cpp
Created March 28, 2016 16:49 — forked from mrexodia/ImportParser.cpp
PE Import Table Parser
#include <windows.h>
#include <stdio.h>
int gtfo(const char* text = "")
{
printf("gtfo! (%s)\n", text);
return -1;
}
int main(int argc, char* argv[])
@trietptm
trietptm / RemoveJunkOpcodes.py
Created March 28, 2016 19:06 — forked from alessandrogario/RemoveJunkOpcodes.py
Sample script that removes junk code from an IDA database
import idaapi
import idc
class MemoryPattern(object):
def __init__(self, pattern, wildcards, patch):
self._pattern = pattern
self._wildcards = wildcards
self._patch = patch
def compareTo(self, buffer, offset):
@ECHO OFF
SETLOCAL
ECHO ASLR Enable / Diable Batch Script - Please run as admin
set /p Choice=Want to Enable or Disable ASLR? (e or d):%=%
if "%Choice%"=="e" goto :ENABLE
if "%Choice%"=="d" goto :DISABLE
:ENABLE
@trietptm
trietptm / XrefViewer.ipynb
Created March 28, 2016 19:31 — forked from tmr232/XrefViewer.ipynb
View screenshots of xrefs inside the IPython shell
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.