valkheim’s gists

valkheim / windows_service_cmd.c

Created May 10, 2021 17:45

	/*
	https://github.com/sagishahar/lpeworkshop
	$ sudo apt install gcc-mingw-w64
	$ x86_64-w64-mingw32-gcc windows_service.c -o lpe.exe
	*/

	#include <windows.h>
	#include <stdio.h>

	#define SLEEP_TIME 5000

valkheim / CVE-2021-3493

Created April 29, 2021 18:42

CVE-2021-3493 - overlayfs pe

	#define _GNU_SOURCE
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <unistd.h>
	#include <fcntl.h>
	#include <err.h>
	#include <errno.h>
	#include <sched.h>
	#include <sys/types.h>

valkheim / ntoskrnl-2004.exe.h

Created April 11, 2021 20:55

	/*
	This file has been generated by IDA.
	It contains local type definitions from
	the type library 'ntoskrnl.exe'
	*/

	#define __int8 char
	#define __int16 short
	#define __int32 int
	#define __int64 long long

valkheim / .gdbiniit

Created April 7, 2021 19:12

	set disassembly-flavor intel
	set disassemble-next-line on

	set history save on
	set print pretty on
	set pagination off

	# iso env
	unset env LINES
	unset env COLUMNS

valkheim / delta_patch.py

Created April 2, 2021 21:21 — forked from wumb0/delta_patch.py

a script for applying MS patch deltas

	from ctypes import (windll, wintypes, c_uint64, cast, POINTER, Union, c_ubyte,
	LittleEndianStructure, byref, c_size_t)
	import zlib


	# types and flags
	DELTA_FLAG_TYPE = c_uint64
	DELTA_FLAG_NONE = 0x00000000
	DELTA_APPLY_FLAG_ALLOW_PA19 = 0x00000001

valkheim / PatchExtract.ps1

Created April 2, 2021 21:21 — forked from wumb0/PatchExtract.ps1

a gist copy of patch extract by Greg Lanaris

	<#

	____ ______ ______ ____ __ __
	/\ _`\ /\ _ \ /\__ _\/\ _`\ /\ \/\ \
	\ \ \L\ \\ \ \L\ \\/_/\ \/\ \ \/\_\\ \ \_\ \
	\ \ ,__/ \ \ __ \ \ \ \ \ \ \/_/_\ \ _ \
	\ \ \/ \ \ \/\ \ \ \ \ \ \ \L\ \\ \ \ \ \
	\ \_\ \ \_\ \_\ \ \_\ \ \____/ \ \_\ \_\
	\/_/ \/_/\/_/ \/_/ \/___/ \/_/\/_/

valkheim / vol_dump.bash

Created February 28, 2021 11:26

	#!/bin/sh

	out="vol_dump"
	image=$1 # .raw .vmem .sav .bin .mem etc


	function vol_op {
	echo "[+] $1: $2 ${@:3}"
	volatility -f $1 --profile=$2 ${@:3} > $out/$2/$3.txt
	}

valkheim / recaptcha.py

Last active February 28, 2021 11:27

bypass recaptcha v2

	import os
	import sys
	import time
	from optparse import OptionParser

	import requests
	import selenium
	import speech_recognition as sr
	from selenium import webdriver
	from selenium.common.exceptions import NoSuchElementException

valkheim / devregex.json

Created February 18, 2021 19:19

{"timestamp":"2019-07-31T00:00:00Z","deviceRegex":{"mdns_A":[{"noMerge":true,"caseInsensitive":true,"pattern":"iphone","type":"Phone","model":"iPhone","os":"iOS","manufacturer":"Apple Inc."},{"noMerge":true,"caseInsensitive":true,"pattern":"ipad","type":"Tablet","model":"iPad","os":"iOS","manufacturer":"Apple Inc."},{"noMerge":true,"caseInsensitive":true,"pattern":"ipod","type":"Mobile","model":"iPod Touch","os":"iOS","manufacturer":"Apple Inc."},{"regex":true,"noMerge":true,"confidence":2064,"pattern":"dp-[[:alnum:]]+","model":"Echo","type":"DigitalAssistant","manufacturer":"Amazon Technologies Inc."},{"noMerge":true,"confidence":2064,"pattern":"F7C064","model":"Wemo\u00ae Bridge","type":"WeMoBridge","manufacturer":"Belkin International, Inc."}],"upnp_Notify_Server":[{"os":"Windows","pattern":"Microsoft-Windows-NT/5.1","description":"","model":"","manufacturer":"","type":"Computer","revision":""}],"http_Content":[{"pattern":"&lt;title&gt;DWL-2100AP&lt;/title&gt;","model":"DWL-2100AP","type":"Infrastructure",

valkheim / debup.py

Created December 27, 2020 16:16

Extract and decode McAfee quarantine BUP files

	#!/usr/bin/env python

	# Extract and decode McAfee quarantine BUP files
	# See https://kc.mcafee.com/corporate/index?page=content&id=KB72755

	import sys
	import zipfile


	def decode(filename):