Skip to content

Instantly share code, notes, and snippets.

Jonathan Echavarria Und3rf10w

Block or report user

Report or block Und3rf10w

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
Und3rf10w /
Created Oct 26, 2019
Convert a binary file to a hexbyte string
#!/usr/bin/env python3
import binascii
import argparse
from os import path
parser = argparse.ArgumentParser(description ='Convert input raw binary file to a hex byte string')
parser.add_argument('-i', '--input', dest='input_file', required=True, help="The input file to convert")
parser.add_argument('-o', '--output', dest='output_file', required=False, help="The output file to write to")
args = parser.parse_args()
View Hello_world.asm
bits 64
jmp short message
pop rsi
xor rax,rax
mov al, 1
Und3rf10w / HowToDetectTechniqueX_Demos.ps1
Created Sep 6, 2019 — forked from mattifestation/HowToDetectTechniqueX_Demos.ps1
Demo code from my DerbyCon talk: "How do I detect technique X in Windows?" Applied Methodology to Definitively Answer this Question
View HowToDetectTechniqueX_Demos.ps1
#region Attack validations
wmic /node: /user:Administrator /password:badpassword process call create notepad.exe
Invoke-WmiMethod -ComputerName -Credential Administrator -Class Win32_Process -Name Create -ArgumentList notepad.exe
$CimSession = New-CimSession -ComputerName -Credential Administrator
Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{ CommandLine = 'notepad.exe' }
$CimSession | Remove-CimSession
winrm --% invoke Create wmicimv2/Win32_Process @{CommandLine="notepad.exe"} -remote: -username:Administrator -password:badpassword
View introspection-query.graphql
query IntrospectionQuery {
__schema {
queryType { name }
mutationType { name }
subscriptionType { name }
types {
directives {
View reversed_ayyylmao_xss_rtlo
printf "\u202e<tpircs/>('oamlyyyya')trela.wodniw<tpircs>\u202e" | xclip -sel clip
Und3rf10w /
Created Oct 8, 2018
For being a dick when you steal someone's slack token
# Usage: slackpost <token> <channel> <message>
# Enter the name of your slack host here - the thing that appears in your URL:
# Stolen apikey
Und3rf10w / 99-usb.rules
Created Sep 11, 2018
Udev Setup script to notify any changes to USB subsystem
View 99-usb.rules
# Udev rule in /etc/udev/rules.d/
ACTION=="add", RUN+="/usr/local/bin/udevnotify"
Und3rf10w /
Last active Aug 28, 2018
Shell function to wrap radamsa against an application that takes one argument
while true; do
testcase=$(echo $2 | radamsa) # AAAA is the sample arguments you're passing to the application you're testing
echo -e "\n\n---TESTCASE---\n$testcase\n\n---OUTPUT---"
./$1 $testcase # tmp is the application to be fuzzed
test $? -gt 0 && break # if the fuzzed application returns anything that's not a 0, then break out of the loop
echo -e "\n---ENDOUTPUT---\n"
echo -e "---ENDCASE---\n"
echo -e "\n\n\e[0;31mAPPLICATION CRASHED\n\e[0mHexdump of input below:\n\n"
printf $testcase | hexdump -Cv | tee crash.hexdump # return a hexdump of the crashy input
sudo mount -t tmpfs -o size=1024m tmpfs ~/ramdisk/
Und3rf10w /
Last active Feb 5, 2018
Generates and tests a nyancat png with an embedded eicar string
from PIL import Image
from cStringIO import StringIO
import requests
import imageio
import base64
import zlib
import PIL
import re
def encode(data, imageio):
You can’t perform that action at this time.