Skip to content

Instantly share code, notes, and snippets.

View alexander-hanel's full-sized avatar
😶

Alexander Hanel alexander-hanel

😶
134 followers · 85 following
View GitHub Profile
@vjayajv
vjayajv / api_logger.py
Created October 11, 2023 18:54
Log to stdout and an API
# api_logger.py
import logging
import json
import requests
import sys
import os
import argparse
@oopsmishap
oopsmishap / _jmp_deobfuscator.md
Last active February 27, 2024 05:48
IDA Jmp Deobfuscation Script
@trietptm
trietptm / rol-ror.py
Created August 3, 2016 16:27 — forked from vqhuy/rol-ror.py
python rol, ror operation implement
###########################################################################
# Rotating bits (tested with Python 2.7)
from __future__ import print_function # PEP 3105
# max bits > 0 == width of the value in bits (e.g., int_16 -> 16)
# Rotate left: 0b1001 --> 0b0011
rol = lambda val, r_bits, max_bits: \
(val << r_bits%max_bits) & (2**max_bits-1) | \
@Cyb3rWard0g
Cyb3rWard0g / COMPlus_ETWEnabled_detection_notes.md
Last active November 23, 2023 20:05

Initial Notes:

  • The .NET Runtime Event Provider requires setting COMPLUS_ETWEnabled=1 in your process' environment.
  • CLRConfig will look for configurations in the following places in the following order:
    • Look at environment variables (prepending COMPlus_ to the name)
    • Look at the framework registry keys (HKCU\Software\Microsoft\.NETFramework
    • Look at the framework registry keys HKLM\Software\Microsoft\.NETFramework)
  • These can be set in the following ways:
    • Setting the environment variable COMPlus_:
  • Windows
@trietptm
trietptm / idapython_ctree.md
Created May 1, 2020 13:56 — forked from icecr4ck/idapython_ctree.md
Notes on CTREE usage with IDAPython

IDAPython CTREE

Important links

Description

The CTREE is built from the optimized microcode (maturity at CMAT_FINAL), it represents an AST-like tree with C statements and expressions. It can be printed as C code.

@neomatrix369
neomatrix369 / PerformanceRelated.md
Last active November 3, 2023 20:27
Interesting links in the areas of HPC, low latency, mechanical harmony/sympathy, garbage collection
@mattifestation
mattifestation / NiftyETWProviders.json
Created December 21, 2018 19:27
ETW providers you never knew existed...
[
{
"ProviderGUID": "72d164bf-fd64-4b2b-87a0-62dbcec9ae2a",
"ProviderName": "AccEventTool",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba",
"AssociatedFilenames": [
"accevent.exe",
"inspect.exe",
"narrator.exe",
"srh.dll"
@countercept
countercept / dotnet-runtime-etw.py
Last active August 22, 2023 16:02
A research aid for tracing security relevant events in the CLR via ETW for detecting malicious assemblies.
import time
import etw
import etw.evntrace
import sys
import argparse
import threading
class RundownDotNetETW(etw.ETW):
def __init__(self, verbose, high_risk_only):
@nategraf
nategraf / ClrEtwAll.h
Created November 1, 2017 16:13
//**********************************************************************`
//* This is an include file generated by Message Compiler. *`
//* *`
//* Copyright (c) Microsoft Corporation. All Rights Reserved. *`
//**********************************************************************`
#pragma once
#include <wmistr.h>
#include <evntrace.h>
#include "evntprov.h"
//
@NyaMisty
NyaMisty / _IDAPython-Snippets.md
Last active July 31, 2023 07:13
IDAPython snippets

This gist contains lots of my written IDAPython snippets.