Skip to content

Instantly share code, notes, and snippets.

View alexander-hanel's full-sized avatar
😶

Alexander Hanel alexander-hanel

😶
131 followers · 83 following
View GitHub Profile
@williballenthin
williballenthin / vb-ref.md
Last active December 27, 2019 01:59
@nitrocode
nitrocode / getDictValueFromPath.py
Last active July 21, 2020 22:00
Gets a value from a dictionary using a list key path
#!/usr/bin/env python
def getDictValueFromPath(listKeys, jsonData):
"""Retrieve value from a dictionary using a list of keys.
>>> mydict = {
'a': {
'b': {
'c': '1'
}
@lucasg
lucasg / ida_get_guid.py
Created June 13, 2019 14:43
Read memory as GUID via IDA
import ida_bytes
import binascii
def get_guid(address):
data1 = ida_bytes.get_dword(address)
data2 = ida_bytes.get_word(address + 4)
data3 = ida_bytes.get_word(address + 6)
data4 = ida_bytes.get_bytes(address + 8, 8)
@Cr4sh
Cr4sh / uac_bypass.c
Created April 9, 2016 10:17
void TestCopy()
{
BOOL cond = FALSE;
IFileOperation *FileOperation1 = NULL;
IShellItem *isrc = NULL, *idst = NULL;
BIND_OPTS3 bop;
SHELLEXECUTEINFOW shexec;
HRESULT r;
do {
@tophertimzen
tophertimzen / CreateThread.asm
Last active June 14, 2022 00:45
Make a new Thread with Windows PEB -> Function Hash Resolver
; Topher Timzen
; Messing around with PE backdooring for CTP/OSCE and wanted to make a new thread inside of process to avoid synchronization issues.
; Tons of NULL as I used this in a PE directly, no need to avoid them.
; nasm CreateThread.asm -o CreateThread.raw; xxd -p CreateThread.raw | tr -d '\n'
[BITS 32]
[SECTION .text]
global _start
@DanielRTeixeira
DanielRTeixeira / example.sct
Created November 2, 2017 15:21 — forked from nicholasmckinney/example.sct
SCT File Obfuscation Examples:
<?XML version="1.0"?>
<scriptlet>
<registration
progid="PoC"
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<!-- Proof Of Concept - Casey Smith @subTee -->
<!-- License: BSD3-Clause -->
<script language="JScript">
<![CDATA[
//x86 only. C:\Windows\Syswow64\regsvr32.exe /s /u /i:file.sct scrobj.dll
@rkitover
rkitover / make.log
Created April 9, 2016 00:20
llvm won't link
[ 89%] Built target not
[ 89%] Built target yaml-bench
[ 89%] Built target gtest
[ 89%] Built target gtest_main
[ 89%] Built target LTO_exports
[ 90%] Linking CXX shared library ../../lib/libLTO.so
../../lib/libLLVMScalarOpts.a: could not read symbols: Memory exhausted
collect2: error: ld returned 1 exit status
*** Error 1 in . (tools/lto/CMakeFiles/LTO.dir/build.make:255 'lib/libLTO.so')
*** Error 1 in . (CMakeFiles/Makefile2:12494 'tools/lto/CMakeFiles/LTO.dir/all')
@OALabs
OALabs / revil_strings.py
Created January 26, 2020 22:13
Decrypt REvil ransomware strings with IDA Python
import idaapi, idc, idautils
class DecryptorError(Exception):
pass
def rc4crypt(key, data):
x = 0
box = range(256)
@Auscitte
Auscitte / pefileseh.py
Last active April 4, 2023 09:15
Reading exception directory with pefile
""" Extends Ero Carrera's pefile with the functionality for parsing exception tables (SEH support).
Beginning from version 2021.9.3, this functionality has been integrated into pefile, so you will
need pefileseh.py only if you use an older version of pefile.
Only x64 and IA64 architectures are supported.
Classes defined in this module:
* StructureWithBitfields
* ExceptionsDirEntryData
@jymcheong
jymcheong / Program.cs
Created December 19, 2019 08:06
C# ETW Example
using System;
using System.Diagnostics;
using Microsoft.Diagnostics.Tracing;
using Microsoft.Diagnostics.Tracing.Session;
using Microsoft.Diagnostics.Tracing.Parsers;
using System.IO;
using System.Collections.Generic;
using System.Reflection;
using Newtonsoft.Json;