- https://ollama.com/blog/windows-preview
- https://www.vox.com/the-highlight/24034907/use-anger-productively-motivation-problem-solving
- https://werat.dev/blog/learning-about-debuggers/
- https://revers.engineering/beyond-process-and-object-callbacks-an-unconventional-method/
- https://www.paloaltonetworks.com/blog/security-operations/a-deep-dive-into-malicious-direct-syscall-detection/
- https://mcyoung.xyz/2023/08/01/llvm-ir/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import idautils | |
ea = 0x000000140013188 | |
name = ida_name.get_ea_name(ea) | |
print("found") | |
# get xrefs to function | |
xrefs = [x for x in idautils.CodeRefsTo(ea, 0)] | |
for func in xrefs: |
- https://bmcder.com/blog/a-begginers-all-inclusive-guide-to-etw
- https://nasbench.medium.com/a-primer-on-event-tracing-for-windows-etw-997725c082bf
- https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/about-event-tracing-for-drivers
- https://gist.github.com/acumenix/ff377ffada032354ad06f61526efc42e
- https://gist.github.com/Holo-Krzysztof/9600dbe63859ee5a8add1123466be187
- https://gist.github.com/mattifestation/04e8299d8bc97ef825affe733310f7bd
- https://github.com/tpn/winsdk-10/blob/master/Include/10.0.14393.0/shared/TraceLoggingProvider.h
- https://blog.palantir.com/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
- https://posts.specterops.io/data-source-analysis-and-dynamic-windows-re-using-wpp-and-tracelogging-e465f8b653f7
from cmd or Run
powershell -Command "Start-Process cmd -Verb RunAs"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import pefile | |
import json | |
INTERESTING_DLLS = [ | |
'kernel32.dll', 'comctl32.dll', 'advapi32.dll', 'comdlg32.dll', | |
'gdi32.dll', 'msvcrt.dll', 'netapi32.dll', 'ntdll.dll', | |
'ntoskrnl.exe', 'oleaut32.dll', 'psapi.dll', 'shell32.dll', | |
'shlwapi.dll', 'srsvc.dll', 'urlmon.dll', 'user32.dll', |
This is my current warmup routine. I have been doing variations of it for over 10 years. I usually row or jump rope for 5 minutes and then do the warmup which typically takes about 10 minutes. Once warmed-up I start with squats and then I do a combination of overhead press, bent-over row, bench-press or deadlifts.
- Source: Becoming a Supple Leopard 2nd Edition: The Ultimate Guide to Resolving Pain, Preventing Injury, and Optimizing Athletic Performance
- Note: No timelimit
- Source: Combination of Supple Leopard, Limber 11 (link) and McGill 3
- Note: No timelimit, focus on areas that trigger pain
Prevent distractions within slack by making the sidebar black.
Slack > Settings > Themes > Create a Custom Theme > "Copy and paste these values to share your custom theme with others"
Cut and paste the following values
#000000,#000000,#000000,#000000,#000000,#000000,#000000,#000000,#000000,#000000
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import ctypes | |
class BYTE2UUID(ctypes.Structure): | |
""" | |
Variant 2 UUIDs | |
https://en.wikipedia.org/wiki/Universally_unique_identifier#Encoding | |
""" | |
_fields_ = [ | |
("time_low", ctypes.c_uint), ("time_mid", ctypes.c_ushort), ("time_hi_and_version", ctypes.c_ushort), | |
("clock_seq_hi_and_res", ctypes.c_char * 2), ("node", ctypes.c_char * 6) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import re | |
from anytree import Node, RenderTree, find | |
""" | |
Author: Alexander Hanel | |
Description: POC for displaying function names as a folder-like structure. Relies on function names being labled with a pdb. | |
Version: 0.5 - 2023/04/10 | |
Execution: open script in IDA, run export_layout() to save to file or export_layout() to print to command line | |
TODO: | |
- review how mangled names are used in IDA. I'm seeing some strange results. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from binaryninja import lowlevelil | |
DEBUG = False | |
def get_rc4_xor_instru(instr): | |
if not instr: | |
return False | |
if DEBUG: | |
print(hex(instr.address), instr) | |
for oper in instr.operands: |
NewerOlder