Skip to content

Instantly share code, notes, and snippets.

View 0xatul's full-sized avatar
🤓
0 in 0day

Atul 0xatul

🤓
0 in 0day
View GitHub Profile
@0xatul
0xatul / dump_type_indices.txt
Created February 18, 2024 13:26
here's a banger
0: kd> dx -g ((nt!_OBJECT_TYPE*[69])((__int64)&nt!ObTypeIndexTable + 0x10))->Select(o => new {Name = o->Name, Index = o->Index, DumpProcedure = o->TypeInfo->DumpProcedure ? o->TypeInfo->DumpProcedure : "nullptr",OpenProcedure = o->TypeInfo->OpenProcedure ? o->TypeInfo->OpenProcedure : "nullptr",CloseProcedure = o->TypeInfo->CloseProcedure ? o->TypeInfo->CloseProcedure : "nullptr",DeleteProcedure = o->TypeInfo->DeleteProcedure ? o->TypeInfo->DeleteProcedure : "nullptr",ParseProcedure = o->TypeInfo->ParseProcedure ? o->TypeInfo->ParseProcedure : "nullptr",ParseProcedureEx = o->TypeInfo->ParseProcedureEx ? o->TypeInfo->ParseProcedureEx : "nullptr",SecurityProcedure = o->TypeInfo->SecurityProcedure ? o->TypeInfo->SecurityProcedure : "nullptr",QueryNameProcedure = o->TypeInfo->QueryNameProcedure ? o->TypeInfo->QueryNameProcedure : "nullptr",OkayToCloseProcedure = o->TypeInfo->OkayToCloseProcedure ? o->TypeInfo->OkayToCloseProcedure : "nullptr"})
====================================================================

Keybase proof

I hereby claim:

  • I am 0xatul on github.
  • I am 0xatul (https://keybase.io/0xatul) on keybase.
  • I have a public key ASBBfZWQxIaesHYqwUIRvw-iISrVin3HVRcpJJvIllr1fwo

To claim this, I am signing this object:

@0xatul
0xatul / grabdomains.rb
Created August 27, 2020 12:04
Grab dod root domains inscope of DOD, written by dee-see
require 'open3'
require 'net/http'
require 'nokogiri'
require 'parallel'
# Requires the nokogiri gem (`gem install nokogiri`), the parallel gem (`gem install parallel`) and the psql client for PostgreSQL.
def crtsh
Open3.pipeline_rw 'psql -t -h crt.sh -p 5432 -U guest certwatch', "sed -e 's:^ *::g' -e 's:^*\\.::g' -e '/^$/d'", 'sort -u', "sed -e 's:*.::g'" do |i, o, t|
i.write("SELECT ci.NAME_VALUE NAME_VALUE FROM certificate_identity ci WHERE ci.NAME_TYPE = 'dNSName' AND reverse(lower(ci.NAME_VALUE)) LIKE reverse(lower('%.mil'));")
@0xatul
0xatul / foxyproxyBB.json
Created June 25, 2020 09:46
firefox foxy proxy settings for BB stuff
{
"84kr3q1592995213323": {
"type": 1,
"color": "#cc883a",
"title": "Burp",
"active": true,
"address": "127.0.0.1",
"port": 8080,
"proxyDNS": false,
"username": "",