Skip to content

Instantly share code, notes, and snippets.

💭
Probably somewhere not coding thinking "I should be coding."

Matt Brooks cmatthewbrooks

💭
Probably somewhere not coding thinking "I should be coding."
  • Singapore
Block or report user

Report or block cmatthewbrooks

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@cmatthewbrooks
cmatthewbrooks / hello_world_plugin.py
Created Apr 25, 2019
The simplest possible IDA plugin with multiple actions
View hello_world_plugin.py
##############################################################################
#
# Name: hello_world_plugin.py
# Auth: @cmatthewbrooks
# Desc: A test plugin to learn how to make these work; Specifically, how to
# have multiple actions within the same plugin.
#
# In plain English, IDA will look for the PLUGIN_ENTRY function which
# should return a plugin object. This object can contain all the
# functionality itself, or it can have multiple actions.
@cmatthewbrooks
cmatthewbrooks / indicator_args.py
Last active Dec 19, 2018
Script from the pyiocutils.iocargs asciinema example.
View indicator_args.py
import argparse
# Import from the pyiocutils package
from pyiocutils.ioc import Ioc as Ioc
from pyiocutils.iocargs import IocArgs as IocArgs
@cmatthewbrooks
cmatthewbrooks / functoyara.py
Last active Feb 8, 2018
Run from inside an r2 session to create a YARA signature for the bytes of the current function.
View functoyara.py
'''
Author: Matt Brooks, @cmatthewbrooks
DESCRIPTION:
The functoyara.py script will output an opcode-based YARA
signature from the current function of the r2 session.
ARGS:
You can’t perform that action at this time.