Skip to content

Instantly share code, notes, and snippets.

View 002Zer0Tw0's full-sized avatar

002Zer0Tw0

0 followers · 14 following
View GitHub Profile
@ker2x
ker2x / emotet.md
Last active January 29, 2022 14:03
Reverse engineering emotet, bit by bit

(extracted from main diary)

2021/11/10 : Exploring emotet

  • SHA256 : 878d5137e0c9a072c83c596b4e80f2aa52a8580ef214e5ba0d59daa5036a92f8
  • Probably the scariest trojan of the current days. Let's explore it. I using ghidra again.
  • According to ghidra, the only import is KERNEL32.DLL::WTSGetActiveConsoleSessionId
  • I wonder what it can possibly be with so little and i'll have to find out.
  • The obvious step for now is to find out how it load other functions to be able to do anything.
@2niuhe
2niuhe / termux_mxrig.md
Last active March 30, 2024 12:45
install XMRig on termux

Monero XMR mining via termux ;ubuntu

  1. install ubuntu in termux command; (ubuntu is optional)
pkg install update && upgrade
apt install git
apt install wget
apt install proot
@mfukar
mfukar / inspector_malloc.gdb
Last active May 9, 2023 11:04
gdb functions to dump glibc malloc arenas + chunks
define -mem-heap-dump-chunk
printf "%#016x: ", $mem_addr
printf "%016lu %016lu %#02x ", ((long *)$mem_addr)[0], ((long *)$mem_addr)[1] & ~3, ((long*)$mem_addr)[1] & 3
printf "%016x %016x\n", ((long *)$mem_addr)[2], ((long *)$mem_addr)[3]
set $mem_addr = $mem_addr + ((long *)$mem_addr)[1] & ~3
end
document -mem-heap-dump-chunk
!!! FOR INTERNAL USE ONLY - DO NOT CALL !!!
end
@nolim1t
nolim1t / socket.c
Created June 10, 2009 03:14
HTTP Request in C using low level write to socket functionality
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/tcp.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>