Skip to content

Instantly share code, notes, and snippets.

View c3rb3ru5d3d53c's full-sized avatar
😇
Malware Hunter Killer

c3rb3ru5 c3rb3ru5d3d53c

😇
Malware Hunter Killer
View GitHub Profile
@c3rb3ru5d3d53c
c3rb3ru5d3d53c / init.lua
Last active November 24, 2023 12:11
NeoVIM Config
--[[
NeoVIM NVChad Configuration Setup
sudo add-apt-repository ppa:neovim-ppa/unstable
sudo apt update
sudo apt install -y neovim clangd python-is-python3 python3-pip
sudo pip install pyright
git clone https://github.com/NvChad/NvChad ~/.config/nvim --depth 1
curl https://gist.github.com/c3rb3ru5d3d53c/init.lua >> ~/.config/nvim/init.lua
wget https://github.com/ryanoasis/nerd-fonts/releases/download/v3.0.2/DroidSansMono.zip
unzip DroidSansMono.zip -d ~/.fonts/
@c3rb3ru5d3d53c
c3rb3ru5d3d53c / aihelper.sh
Last active March 22, 2024 06:39
Linux AI with TTS Helper
#!/usr/bin/env bash
# AI Helper powered by ollama AI and piper TTS
# Author: @c3rb3ru5d3d53c
# Requires: ffplay, ollama and piper
# ollama: https://github.com/jmorganca/ollama
# piper : https://github.com/rhasspy/piper
# start ollama first with ollama serve
# Global Variable Configuration
@c3rb3ru5d3d53c
c3rb3ru5d3d53c / findyara.py
Last active June 19, 2023 12:19
Find YARA Matches with Ghidra
#Find YARA Matches
#@author @c3rb3ru5d3d53c
#@category YARA
#@keybinding
#@menupath
#@toolbar
import yara
from dataclasses import dataclass
@c3rb3ru5d3d53c
c3rb3ru5d3d53c / cipherit.py
Created June 11, 2023 02:51
CipherIT Extractor
#!/usr/bin/env python
# pip install malduck
import re
import argparse
from malduck import lznt1, rc4
__version__ = '1.0.0'
__author__ = '@c3rb3ru5d3d53c'
@c3rb3ru5d3d53c
c3rb3ru5d3d53c / pikabot.yara
Created March 3, 2023 01:17
PikaBot YARA Signature
rule pikabot_0 {
meta:
author = "@c3rb3ru5d3d53c"
description = "Detects PikaBot"
created = "2023-03-02"
tlp = "white"
rev = 1
strings:
$trait_0 = {
8d 85 ?? ?? ?? ?? 89 b5 ?? ?? ?? ?? 50 8d 85 ??
@c3rb3ru5d3d53c
c3rb3ru5d3d53c / ghidra_python.md
Last active January 21, 2023 15:35
Ghidra Python Cheatsheet

Ghidra Python Cheatsheet

This is a cheatsheet I use for Ghidra scripting.

NOTE: Some of these functions use each other 😄

Get Python Bytes from Address

def get_bytes(address, size):
#! /usr/bin/env python3
import os, sys
#import requests
from urllib import request
import traceback
from shutil import copyfile
from hashlib import md5
import binascii
@c3rb3ru5d3d53c
c3rb3ru5d3d53c / lnk.hexpat
Created August 3, 2022 23:52
LNK Hex Pattern for ImHex
// LNK Data Structures
// https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-showwindow
enum SHOWCOMMAND : u16 {
SW_HIDE = 0x0000,
SW_SHOWNORMAL = 0x0001,
SW_SHOWMINIMIZED = 0x0002,
SW_SHOWMAXIMIZED = 0x0003,
SW_SHOWNOACTIVATE = 0x0004,
SW_SHOW = 0x0005,
@c3rb3ru5d3d53c
c3rb3ru5d3d53c / lbmt.py
Last active July 15, 2022 14:34
Lockbit MultiTool
#!/usr/bin/env python
import sys
import struct
try:
import pefile
except ImportError or ModuleNotFoundError:
print('missing pefile module', file=sys.stderr)
sys.exit(1)
import pickle
@c3rb3ru5d3d53c
c3rb3ru5d3d53c / mitmhttp
Last active March 29, 2024 09:20
mitmhttp - a simple mitmproxy http redirector tool
#!/usr/bin/env bash
DARKGREEN=$'\e[00;32m'
GREEN=$'\e[01;32m'
TEAL=$'\e[00;36m'
DARKGREY=$'\e[01;30m'
CYAN=$'\e[01;36m'
LIGHTGREY=$'\e[00;37m'
RED=$'\e[00;31m'
PINK=$'\e[01;31m'