Skip to content

Instantly share code, notes, and snippets.

View MayerDaniel's full-sized avatar

Daniel Mayer MayerDaniel

30 followers · 1 following
  • New Orleans, LA
View GitHub Profile
@MayerDaniel
MayerDaniel / guidconvert.py
Created June 7, 2024 15:31
guidconvert
import struct
import argparse
def hex_string_to_guid(hex_string):
# Convert the hex string to bytes
guid_bytes = bytes.fromhex(hex_string)
if len(guid_bytes) != 16:
print("Invalid GUID hex string length")
return None
@MayerDaniel
MayerDaniel / capstone_identify_rpc_server.md
Created March 15, 2024 17:51
capstone step 2 notes 
Import-Module -Name NtObjectManager
$rpc = ls C:\Windows\System32\* | Get-RpcServer
$rpc | Where-Object {$_.InterfaceId -eq '4b324fc8-1670-01d3-1278-5a47bf6ee188'} | Format-List
$server = $rpc | Where-Object {$_.InterfaceId -eq '4b324fc8-1670-01d3-1278-5a47bf6ee188'}
$Proc12 = $server.Procedures | Where-Object {$_.ProcNum -eq 12}
$Proc12
@MayerDaniel
MayerDaniel / submodule_rm.sh
Created March 8, 2024 17:37
remove git submodule
git rm --cached submodule_path # delete reference to submodule HEAD (no trailing slash)
git rm .gitmodules # if you have more than one submodules,
# you need to edit this file instead of deleting!
rm -rf submodule_path/.git # make sure you have backup!!
git add submodule_path # will add files instead of commit reference
git commit -m "remove submodule"
@MayerDaniel
MayerDaniel / capstone_server.md
Last active March 15, 2024 20:27
Capstone notes
@MayerDaniel
MayerDaniel / create_service.md
Last active February 21, 2024 20:10
create_service.md

Severice Creation Logs: Security 4697 and System 7045

Create Service

# Define service parameters
$serviceName = "MyTestService"
$serviceDisplayName = "MY Test Service"
$serviceDescription = "This is a test service created for demonstration purposes."
$serviceExecutablePath = "C:\Windows\System32\cmd.exe"
@MayerDaniel
MayerDaniel / guidconvert.py
Last active June 25, 2024 10:29
Example IDA Plugin - GUID Convert
import idaapi
import idautils
import idc
import struct
CONTEXT_MENU_PATH = 'GUIDConvert/'
ITEM_NAME = 'Convert GUID Bytes'
class GuidConverterActionHandler(idaapi.action_handler_t):
def activate(self, ctx):
@MayerDaniel
MayerDaniel / pyenv.md
Created November 16, 2023 17:57
pyenv banteg

it has come to my attention that people still have problems with their python environment.

  1. install pyenv with curl https://pyenv.run | bash
  2. pyenv install 3.11 now you have the latest python (it can also install pypy, anaconda and many others if you need)
  3. pyenv global 3.11 now you have a global python
  4. pyenv virtualenv 3.11 ape now you have a virtualenv
  5. pyenv local ape now the project folder contains .python-version which automatically activates the environment when you enter the folder

read more about pyenv here https://github.com/pyenv/pyenv-installer

@MayerDaniel
MayerDaniel / msgbox_shellcode.cpp
Last active October 4, 2023 19:44 — forked from kkent030315/main.cpp
Windows x64 MessageBox Shellcode (434 bytes)
#include <iostream>
#include <Windows.h>
int main()
{
char shellcode[] = "\x48\x83\xEC\x28\x48\x83\xE4\xF0\x48\x8D\x15\x66\x00\x00\x00"
"\x48\x8D\x0D\x52\x00\x00\x00\xE8\x9E\x00\x00\x00\x4C\x8B\xF8"
"\x48\x8D\x0D\x5D\x00\x00\x00\xFF\xD0\x48\x8D\x15\x5F\x00\x00"
"\x00\x48\x8D\x0D\x4D\x00\x00\x00\xE8\x7F\x00\x00\x00\x4D\x33"
"\xC9\x4C\x8D\x05\x61\x00\x00\x00\x48\x8D\x15\x4E\x00\x00\x00"
@MayerDaniel
MayerDaniel / slack_cookies.ps1
Last active September 11, 2023 18:10
Get Slack Cookies
$path = (Get-Process slack | Select-Object Path | select -first 1).Path
Get-Process slack | Stop–Process
Start-Process $path -ArgumentList "--args --remote-debugging-port=9444 --inspect=5858"
@MayerDaniel
MayerDaniel / electron_persistence.js
Created September 8, 2023 15:22
electron persistence
var exec = require('child_process').execFile;
var fun =function(){
exec('<exe path>', {cwd: '<directory>'},
function(err, data) {
console.log(err)
console.log(data.toString());
});
}
fun();