Random musings from a 3 AM brain spin. Likely a very stupid idea :)
- create a list of files to lock
- randomize the list order
- generate a random 8 bit ascii hex string to use as an IV
ropnop
/ go-sharp-loader.go
Created
August 5, 2020 17:12
Example Go file embedding multiple .NET executables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Example Go program with multiple .NET Binaries embedded | |
| This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
| $ go get -u github.com/gobuffalo/packr/packr | |
| Place all your EXEs are in a "binaries" folder |
williballenthin
/ macOS_savedstate.py
Last active
September 5, 2024 13:19
parse macOS savedState files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| parse SavedState artifacts extracted from OSX. | |
| author: Willi Ballenthin (william.ballenthin@fireeye.com) | |
| license: Apache 2.0 | |
| ''' | |
| import re | |
| import sys | |
| import json | |
| import struct |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2.7 | |
| import argparse | |
| import binascii | |
| import sys | |
| import base64 | |
| import hashlib | |
| from Crypto.Cipher import AES | |
| from pkcs7 import PKCS7Encoder | |
| import random | |
| from random import randint |
williballenthin
/ macOS_keychain.py
Last active
July 23, 2024 16:09
bling.py - extract keys from macOS keychains.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| ''' | |
| bling.py - extract keys from macOS keychains. | |
| installation: | |
| pip install pytz hexdump vivisect-vstruct-wb tabulate argparse pycryptodome | |
| usage: | |
| python bling.py /path/to/keychain-db <password> ./path/to/output/directory |
wybiral
/ noscript-tracking.go
Last active
October 28, 2024 23:01
Tracking cursor position in real-time with remote monitoring (without JavaScript)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Tracking cursor position in real-time without JavaScript | |
| // Demo: https://twitter.com/davywtf/status/1124146339259002881 | |
| package main | |
| import ( | |
| "fmt" | |
| "net/http" | |
| "strings" | |
| ) |
williballenthin
/ macOS_stickies.py
Last active
June 24, 2022 15:32
extract entries from the osx sticky database
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| parse osx sticky databases. | |
| author: Willi Ballenthin <william.ballenthin@fireeye.com> | |
| license: Apache 2.0 | |
| usage: | |
| $ python extract_stickies.py /path/to/input.bin /path/to/output/directory/ | |
| ''' |
capnspacehook
/ invokeInMemLinux.go
Created
February 21, 2019 13:37
Executes a binary or file in memory on a Linux system. Uses the memfd_create(2) syscall. Credits and idea from: https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "io/ioutil" | |
| "os" | |
| "os/exec" | |
| "strconv" | |
| "syscall" |
leoloobeek
/ ShellcodeRDI.go
Last active
January 23, 2023 16:49
Go implementation of https://github.com/monoxgas/sRDI/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| * | |
| * This is just a Go implementation of https://github.com/monoxgas/sRDI/ | |
| * Useful if you're trying to generate shellcode for reflective DLL | |
| * injection in Go, otherwise probably not much use :) | |
| * | |
| * The project, shellcode, most comments within this project | |
| * are all from the original project by @SilentBreakSec's Nick Landers (@monoxgas) |
mattifestation
/ PSProcmon.psm1
Last active
May 9, 2023 20:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # These keyword values can be obtained with: logman query providers Microsoft-Windows-Kernel-Registry | |
| [Flags()] | |
| enum RegistryOptions { | |
| CloseKey = 0x00000001 | |
| QuerySecurityKey = 0x00000002 | |
| SetSecurityKey = 0x00000004 | |
| EnumerateValueKey = 0x00000010 | |
| QueryMultipleValueKey = 0x00000020 | |
| SetInformationKey = 0x00000040 | |
| FlushKey = 0x00000080 |
NewerOlder