Just some notes and references for myself.
- In bash, you can access your
C:\
drive via/mnt/c/
~
=C:\Users\MLM\AppData\Local\lxss\home\mlm
and is different from your Windows user directoryC:\Users\MLM
<# | |
.Synopsis | |
Scans a host or network for the MS17-010 vulnerability and output results as a | |
table that you can pipe to other PowerShell functions such as Invoke-Command or | |
Export-CSV. | |
.DESCRIPTION | |
This script will use a custom NMap NSE script to scan a destination host on | |
port 445 for the MS17-010 vulnerability. If the host is not online or is blocking |
#include "stdafx.h" | |
#include "HideModule.h" | |
std::vector<UNLINKED_MODULE> UnlinkedModules; | |
void RelinkModuleToPEB(HMODULE hModule) | |
{ | |
std::vector<UNLINKED_MODULE>::iterator it = std::find_if(UnlinkedModules.begin(), UnlinkedModules.end(), FindModuleHandle(hModule)); | |
if (it == UnlinkedModules.end()) |
#!/usr/bin/env python | |
import os | |
import sys | |
import os.path | |
import site | |
try: | |
import binaryninja | |
print "Binary Ninja API Installed" |
#include <windows.h> | |
#include <stdio.h> | |
static int data[1] __attribute__((aligned(4096))) = {1}; | |
int main() | |
{ | |
MEMORY_BASIC_INFORMATION info; | |
VirtualQuery(&data, &info, sizeof(info)); | |
printf("%d\n", info.Protect==PAGE_WRITECOPY); |
''' | |
IDAPython script that generates a YARA rule to match against the | |
basic blocks of the current function. It masks out relocation bytes | |
and ignores jump instructions (given that we're already trying to | |
match compiler-specific bytes, this is of arguable benefit). | |
If python-yara is installed, the IDAPython script also validates that | |
the generated rule matches at least one segment in the current file. | |
author: Willi Ballenthin <william.ballenthin@fireeye.com> |
// http://www.exploit-monday.com/2013/06/undocumented-ntquerysysteminformation.html | |
// ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// | |
enum _SYSTEM_INFORMATION_CLASS | |
{ | |
SystemBasicInformation = 0x0000, | |
SystemProcessorInformation = 0x0001, | |
SystemPerformanceInformation = 0x0002, | |
SystemTimeOfDayInformation = 0x0003, |
// | |
// main.c | |
// macho-syms | |
// | |
// Created by C0deH4cker on 3/19/16. | |
// Copyright © 2016 C0deH4cker. All rights reserved. | |
// | |
#include <stdio.h> | |
#include <stdlib.h> |
// Just before switching jobs: | |
// Add one of these. | |
// Preferably into the same commit where you do a large merge. | |
// | |
// This started as a tweet with a joke of "C++ pro-tip: #define private public", | |
// and then it quickly escalated into more and more evil suggestions. | |
// I've tried to capture interesting suggestions here. | |
// | |
// Contributors: @r2d2rigo, @joeldevahl, @msinilo, @_Humus_, | |
// @YuriyODonnell, @rygorous, @cmuratori, @mike_acton, @grumpygiant, |