I hereby claim:
- I am osandamalith on github.
- I am osandamalith (https://keybase.io/osandamalith) on keybase.
- I have a public key ASCfqDPzWwYPaREcF79e9gKYERtHxDq8YCCO92JylChSTgo
To claim this, I am signing this object:
Osanda Malith Jayathissa OsandaMalith
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import subprocess | |
| import os | |
| import sys | |
| ''' | |
| A simple python shell | |
| Author: @OsandaMalith | |
| ''' | |
| while True: |
OsandaMalith
/ Unload_Minifilter.c
Last active
August 13, 2021 12:39
Unloading a minifilter driver by calling the FilterUnload which is the Win32 equivalent of FltUnloadFilter. It will call the minifilter's FilterUnloadCallback (PFLT_FILTER_UNLOAD_CALLBACK) routine.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #include <Windows.h> | |
| #include <fltuser.h> | |
| #pragma comment(lib,"FltLib.lib") | |
| /* | |
| Author: Osanda Malith Jayathissa (@OsandaMalith) | |
| Website: https://osandamalith.com | |
| Description: Unloading a minifilter driver by calling the FilterUnload which is the Win32 equivalent of FltUnloadFilter. |
OsandaMalith
/ CreateMinidump_HotPatch.cpp
Last active
September 12, 2019 04:46
The function CreateMinidump is only available in Windows XP and Windows Server 2003. If you want to get this working in other Windows systems, copy the DLL from XP or Server 2003 and place it in the same folder. This DLL has no ASLR enabled and therfore the address are hardcoded.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <TlHelp32.h> | |
| #include <iostream> | |
| using namespace std; | |
| /* | |
| Title: Faultrep!CreateMinidump Hot Patch to get a full dump passing MiniDumpWithFullMemory as the MINIDUMP_TYPE. | |
| Author: Osanda Malith Jayathissa (@OsandaMalith) | |
| Research: https://osandamalith.com/2019/09/08/minidumpwritedump-via-faultrepcreateminidump/ |
OsandaMalith
/ CreateMinidump.cpp
Last active
January 27, 2020 15:14
Faultrep!CreateMinidump undocumented API. The API only exists in Windows XP and Windows Server 2003. You can copy the DLL and place it in the same folder.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <TlHelp32.h> | |
| #include <iostream> | |
| using namespace std; | |
| /* | |
| Title: Faultrep!CreateMinidump to get a full dump passing MiniDumpWithFullMemory as the MINIDUMP_TYPE. | |
| Author: Osanda Malith Jayathissa (@OsandaMalith) | |
| Research: https://osandamalith.com/2019/09/08/minidumpwritedump-via-faultrepcreateminidump/ | |
| The function CreateMinidump is only available in Windows XP and Windows Server 2003. |
OsandaMalith
/ MsgBoxExe2DLL
Created
August 26, 2019 21:30
A simple msgbox converted from an EXE to a DLL. The exported function is Run.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | |
| AAAAAAAAAAAAAAAA+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5v | |
| dCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABM7TuOCIxV3QiMVd0IjFXd | |
| bepW3AGMVd1t6lDcgoxV3W3qUdwajFXdM9JW3BiMVd0z0lDcFYxV3TPSUdwZjFXd | |
| bepU3A2MVd0IjFTdWYxV3Z/SUdwJjFXdn9JX3AmMVd1SaWNoCIxV3QAAAAAAAAAA | |
| AAAAAAAAAABQRQAATAEGAJwfZF0AAAAAAAAAAOAAAiELAQ4AAKoAAAB+AAAAAAAA | |
| 2LkAAAAQAAAAwAAAAABAAAAQAAAAAgAABgAAAAAAAAAGAAAAAAAAAABwAQAABAAA | |
| AAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAYAEAABAAACQQAQA8AAAA | |
| AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFABAIQNAABwCQEAHAAAAAAAAAAAAAAA | |
| AAAAAAAAAAAAAAAAAAAAAJAJAQBAAAAAAAAAAAAAAAAAwAAACAEAAAAAAAAAAAAA |
OsandaMalith
/ 2darray.c
Last active
May 28, 2019 12:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| //@OsandaMalith | |
| const char *string[][2] = { | |
| {"Osanda","Malith"} , | |
| {"ABC","JKL"}, | |
| {"DEF","MNO"}, | |
| }; |
OsandaMalith
/ PublicKey.asc
Created
November 24, 2018 11:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN PGP PUBLIC KEY BLOCK----- | |
| Version: OpenPGP.js v3.1.3 | |
| Comment: https://openpgpjs.org | |
| xsBNBFTdTYIBCAC7J9zTkGISNp3grbXscyY7AKhFVnxg2Cb79NE2d18wrlaA | |
| 4XMIQD+sEPI7fzYN+26wMDoFjGM7WKP8oOLBHY5BclmARZbxYelUSdPPq4tg | |
| ohV8bjJ/+DvAxqUqmvJ7cz+inOD2meWXS63BZLQtwfNSIr99Nh8CWPf0hvNL | |
| sSpgcD8fbYCBlLFjJhpTBTgLpMWhA5hi1ygSvIrSc/yqmjHgCerB+GVpKctt | |
| o9wyq/Yfjps+qPGY73JUcHPThPAdi4DI1fHYk8qr71iechmgOVhJ3YHzZxjg | |
| lpbBFQs6k9JFnx6q7pNEeUTtG+glcLYA2PBQZ4E7D8+yQZ+Z668VCXg3ABEB |
OsandaMalith
/ keybase.md
Created
November 16, 2018 21:58
OsandaMalith
/ runas.ps1
Created
June 13, 2018 22:48
A simple automation to run a program under a different user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| # Title: A simple automation to run a program under a different user | |
| # Author: Osanda Malith (@OsandaMalith) | |
| # Website: https://osandamalith.com | |
| #> | |
| add-type -AssemblyName microsoft.VisualBasic | |
| add-type -AssemblyName System.Windows.Forms | |
| $args = "/user:jane " + $args[0] |
OsandaMalith
/ magic.c
Created
December 18, 2017 16:05
Compile this using Dev-C++ or if you use VStudio disable DEP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Author: @OsandaMalith | |
| * Website: https://OsandaMalith.com | |
| */ | |
| unsigned char string[] = | |
| "‰åÛ×ÙuôXPYIIIIIIIIIICCCCCC7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIhh9okOKOyokpqOl" | |
| "ytdFbC15QnaIauQc1WqgqOsiWuMGCzVKLmZEWWLffdO2dO6oZyrZVZHc6WvtFvfaNnkkNK1Jf8r" | |
| "gr4Fwv89c3FfwvffillmfagLgwzBXz0ULKzLLCxlGLf3RvbwOInmTPLwkHJHQ0URWvc6nkxp2HK" | |
| "NVbDFdFkOKf2HFkwsgvvfYoIFu8b54CFfEVyoN6Lym0v3dqbkhhIo7qWvdFmiQYu7JrONHhIeUQ" | |
| "tFfflKKhOIYKXZHkN0k9QMXLixzFfaWvwvMipL6lfbNNOyQU9lKXJyeQFf4FH9oWFkry7xnicuJ" |
NewerOlder