Borja Merino BorjaMerino
BorjaMerino
/ AA.cpp
Created
October 11, 2023 10:26
— forked from olliencc/AA.cpp
Enumerates why each DLL loaded for each process via PEB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| This was the first version - the newer version also includes *When* it was loaded also. | |
| https://gist.github.com/olliencc/e166a64ca211c51eb69111f26ce57bc1 | |
| */ |
BorjaMerino
/ gist:d1534a3b563df9f1d5188c435b98f212
Created
September 18, 2023 10:24
Silly script to extract the compressed-encrypted payload of PNG images dropped by HijackLoader
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # @BorjaMerino (Alpine Security) | |
| import lznt1, argparse, os, struct | |
| TAG = b'\xC6\xA5\x79\xEA' | |
| CHUNK_ID = b'\x49\x44\x41\x54' | |
| DWORD = 4 | |
| def get_header(png): | |
| with open(png, "rb") as file: |
BorjaMerino
/ LowUtilities.cpp
Created
May 30, 2022 15:21
— forked from D4stiny/LowUtilities.cpp
A dependency-less implementation of GetModuleHandle and GetProcAddress.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // An implementation of GetModuleHandle and GetProcAddress that works with manually mapped modules, forwarded exports, | |
| // without a CRT standard library, and uses no Windows API or dependencies. | |
| // | |
| // Author: Bill Demirkapi | |
| // License: MIT, appended at the bottom of this document if you care about licensing and want to credit me in your own project. | |
| // | |
| #include <Windows.h> | |
| #include <winternl.h> |
BorjaMerino
/ gist:a43cc46071151c25bd83
Created
January 8, 2015 00:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am BorjaMerino on github. | |
| * I am borjamerino (https://keybase.io/borjamerino) on keybase. | |
| * I have a public key whose fingerprint is 5A29 5A19 7679 EA52 7236 87FE A619 EC45 526A E877 | |
| To claim this, I am signing this object: |