Skip to content

Instantly share code, notes, and snippets.

View CyberMonitor's full-sized avatar

CyberMonitor

800 followers · 15 following
View GitHub Profile
@CyberMonitor
CyberMonitor / hello_world_plugin.py
Created April 26, 2019 05:21 — forked from cmatthewbrooks/hello_world_plugin.py
The simplest possible IDA plugin with multiple actions
##############################################################################
#
# Name: hello_world_plugin.py
# Auth: @cmatthewbrooks
# Desc: A test plugin to learn how to make these work; Specifically, how to
# have multiple actions within the same plugin.
#
# In plain English, IDA will look for the PLUGIN_ENTRY function which
# should return a plugin object. This object can contain all the
# functionality itself, or it can have multiple actions.
@CyberMonitor
CyberMonitor / ExpandDefenderSig.ps1
Created April 1, 2019 02:55 — forked from mattifestation/ExpandDefenderSig.ps1
Decompresses Windows Defender AV signatures for exploration purposes
filter Expand-DefenderAVSignatureDB {
<#
.SYNOPSIS
Decompresses a Windows Defender AV signature database (.VDM file).
.DESCRIPTION
Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed.
@CyberMonitor
CyberMonitor / ghidra-community.md
Created March 8, 2019 09:02 — forked from adulau/ghidra-community.md
Ghidra community - collection
@CyberMonitor
CyberMonitor / annotations.xml
Created May 17, 2018 15:35 — forked from Neo23x0/annotations.xml
Sources for APT Groups and Operations Search Engine
<?xml version="1.0" encoding="UTF-8" ?>
<Annotations start="0" num="136" total="136">
<Annotation about="www.hexacorn.com/blog/*" timestamp="0x00056c66ba2859bd" href="Chd3d3cuaGV4YWNvcm4uY29tL2Jsb2cvKhC9s6HR64zbAg">
<Label name="_cse_turlh5vi4xc" />
<AdditionalData attribute="original_url" value="http://www.hexacorn.com/blog/" />
</Annotation>
<Annotation about="www.clearskysec.com/blog/*" timestamp="0x00056c66b5b68989" href="Chp3d3cuY2xlYXJza3lzZWMuY29tL2Jsb2cvKhCJk9qt64zbAg">
<Label name="_cse_turlh5vi4xc" />
<AdditionalData attribute="original_url" value="https://www.clearskysec.com/blog/" />
</Annotation>
@CyberMonitor
CyberMonitor / annotations.xml
Created May 17, 2018 15:35 — forked from Neo23x0/annotations.xml
Sources for APT Groups and Operations Search Engine
<?xml version="1.0" encoding="UTF-8" ?>
<Annotations start="0" num="136" total="136">
<Annotation about="www.hexacorn.com/blog/*" timestamp="0x00056c66ba2859bd" href="Chd3d3cuaGV4YWNvcm4uY29tL2Jsb2cvKhC9s6HR64zbAg">
<Label name="_cse_turlh5vi4xc" />
<AdditionalData attribute="original_url" value="http://www.hexacorn.com/blog/" />
</Annotation>
<Annotation about="www.clearskysec.com/blog/*" timestamp="0x00056c66b5b68989" href="Chp3d3cuY2xlYXJza3lzZWMuY29tL2Jsb2cvKhCJk9qt64zbAg">
<Label name="_cse_turlh5vi4xc" />
<AdditionalData attribute="original_url" value="https://www.clearskysec.com/blog/" />
</Annotation>