By Branden Clark - https://clark.re
trietptm
/ unicode.md
Created
October 12, 2020 11:00
— forked from clarkb7/unicode.md
A guide to character encoding aware development
trietptm
/ Your language sucks.md
Created
October 7, 2020 08:00
— forked from P4/Your language sucks.md
Your programming language sucks
trietptm
/ stop_cpuid_detect.py
Created
October 7, 2020 04:49
— forked from deeso/stop_cpuid_detect.py
use x64dbg look for cpuid instructions and unset the HVM bit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from x64dbgpy import pluginsdk | |
| # Put this script in the Python path, and | |
| # execute the following Python snippets in | |
| # the Python dialog in x64dbg: | |
| # | |
| # from stop_cpuid_detect import * | |
| # trace_cpuid(n=1000) | |
| # the above code will trace through the program |
trietptm
/ bookmarklist.md
Created
October 1, 2020 07:16
— forked from tofuseng/bookmarklist.md
wtf-stuff
#summary Bookmarks List = Hacker Media =
== Blogs Worth It: == What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.
* http://carnal0wnage.blogspot.com/
* http://www.mcgrewsecurity.com/
* http://www.gnucitizen.org/blog/
trietptm
/ bbhit.c
Created
September 18, 2020 07:48
— forked from axt/bbhit.c
Naive hit tracer implementation using DynamoRIO.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Naive hit tracer implementation using DynamoRIO. | |
| * | |
| * Author: axt | |
| * | |
| * Build it with the following commands: | |
| * gcc -Dbbhit_EXPORTS -DSHOW_RESULTS -DSHOW_SYMBOLS -fPIC -I../include -I../ext/include -DX86_64 -DLINUX -O2 -fno-stack-protector -o bbhit.c.o -c bbhit.c | |
| * gcc -fPIC -O2 -DX86_64 -DLINUX -fno-stack-protector -fPIC -shared -lgcc -Wl,--hash-style=both -shared -Wl,-soname,libbbhit.so -o libbbhit.so bbhit.c.o ../lib64/debug/libdynamorio.so.4.2 ../ext/lib64/debug/libdrsyms.so | |
| */ | |
| #include <stddef.h> |
trietptm
/ rc4.py
Created
September 18, 2020 07:46
— forked from OALabs/rc4.py
RC4 Crypto Python Module (probably stolen from stack overflow but it's been so long I can't remember)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| ########################################################################################## | |
| ## | |
| ## RC4 Crypto | |
| ## | |
| ########################################################################################## | |
| def rc4crypt(key, data): |
trietptm
/ Ghidra Notes.md
Created
September 13, 2020 14:02
— forked from richinseattle/Ghidra Notes.md
Choco Install
Install Choco
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"
Install Ghidra 9.0.2
choco install ghidra
trietptm
/ Tools.txt
Created
September 10, 2020 17:48
— forked from v14dislav/Tools.txt
tools for RE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Binary editors | |
| hiew | |
| bz | |
| 010 | |
| winhex | |
| binwalk (IDA) | |
| bindiff (IDA) | |
| 2. Disassembling | |
| IDA (+hexrays plugin) (https://t.me/idapro) |
trietptm
/ process_hollowing.c
Created
September 10, 2020 17:47
— forked from v14dislav/process_hollowing.c
replacment process memory. injection technic
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //https://github.com/theevilbit/injection/blob/master/ProcessHollowing/ProcessHollowing/ProcessHollowing.cpp | |
| #include <stdio.h> | |
| #include <Windows.h> | |
| #include <winternl.h> | |
| #pragma comment(lib,"ntdll.lib") | |
| EXTERN_C NTSTATUS NTAPI NtTerminateProcess(HANDLE, NTSTATUS); | |
| EXTERN_C NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, ULONG, PULONG); |
trietptm
/ dllinject.c
Created
September 10, 2020 17:47
— forked from v14dislav/dllinject.c
dll path injection. depends on LoadLibrary()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <tlhelp32.h> | |
| DWORD getProcessID() { | |
| DWORD processID = 0; | |
| HANDLE snapHandle; | |
| PROCESSENTRY32 processEntry = {0}; | |
| if( (snapHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)) == INVALID_HANDLE_VALUE ) { | |
| return 0; |