Skip to content

Instantly share code, notes, and snippets.

View conioh's full-sized avatar

conioh

4 followers · 6 following
View GitHub Profile
@conioh
conioh / addsym.cpp
Last active August 29, 2015 14:24 — forked from ikonst/addsym.cpp
// Adds IDA symbols as WinDbg synthetic symbols
//
// Original code by 'blabb'.
//
// See:
// http://www.woodmann.com/forum/entry.php?262-addsym-windbg-extension-%28extension-to-load-names-from-ida-to-windbg%29
// http://reverseengineering.stackexchange.com/questions/3850/importing-list-of-functions-and-addresses-into-windbg
#include <engextcpp.hpp>
@conioh
conioh / ob_callback.c
Created November 25, 2015 21:56 — forked from eahydra/ob_callback.c
/*
swirl - inREVERSE
*/
#include "obstuff.h"
DRIVER_INITIALIZE DriverEntry;
PVOID obHandle;
@conioh
conioh / hacks.md
Created February 19, 2016 03:56 — forked from alexpana/hacks.md
C++ is a hack

Various 'features' of C++ that show the hacky / inconsistent way in which the language was constructed. This is a work in progress, and currently contains some of the reasons I can remember why I've given up on C++. If you want to contribute, leave your favourite "hack" in the comments.

  1. (in)Visibility: C++ allows changing the access modifier of a virtual function in the derived class. Not only does C++ have no notion of interfaces, it actually allows subclasses to hide methods declared public in the superclass.

  2. Operator over-overloading: One of the increment operators takes a dummy int parameter in order to allow overloading. Can you tell which without googling? (hint: its postfix).

  3. Exception unspecifiers: C++ has two types of exception specifiers: throw() and nothrow. The first is deprecated (because 'we screwed up, sorry, let's forget about this terrible mess'). The second one guarantees it's contract by terminating the application when violated. That's because functions declared

@conioh
conioh / mozlz4a.py
Created April 25, 2016 14:13 — forked from Tblue/mozlz4a.py
MozLz4a compression/decompression utility
#!/usr/bin/env python
#
# Decompressor/compressor for files in Mozilla's "mozLz4" format. Firefox uses this file format to
# compress e. g. bookmark backups (*.jsonlz4).
#
# This file format is in fact just plain LZ4 data with a custom header (magic number [8 bytes] and
# uncompressed file size [4 bytes, little endian]).
#
# This Python 3 script requires the LZ4 bindings for Python, see: https://pypi.python.org/pypi/lz4
#
@conioh
conioh / set-vm.ps1
Created August 30, 2017 18:11
Function Set-VMNetworkConfiguration {
[CmdletBinding()]
Param (
[Parameter(Mandatory=$true,
Position=1,
ParameterSetName='DHCP',
ValueFromPipeline=$true)]
[Parameter(Mandatory=$true,
Position=0,
@conioh
conioh / WMI_persistence_template.ps1
Created September 20, 2017 14:25
Fileless WMI persistence payload template (CommandlineEventConsumer, __IntervalTimerInstruction trigger, w/ registry payload storage)
# Step #1 - Prep payload
$Hive = 'HKLM'
$PayloadKey = 'SOFTWARE\PayloadKey'
$PayloadValue = 'PayloadValue'
$TimerName = 'PayloadTrigger'
$EventFilterName = 'TimerTrigger'
$EventConsumerName = 'ExecuteEvilPowerShell'
switch ($Hive) {
'HKLM' { $HiveVal = [UInt32] 2147483650 }
@conioh
conioh / CIPolicyParser.ps1
Created April 2, 2018 16:08 — forked from mattifestation/CIPolicyParser.ps1
Functions to recover information from binary Device Guard Code Integrity policies.
# Ensure System.Security assembly is loaded.
Add-Type -AssemblyName System.Security
function ConvertTo-CIPolicy {
<#
.SYNOPSIS
Converts a binary file that contains a Code Integrity policy into XML format.
Author: Matthew Graeber (@mattifestation)
@conioh
conioh / HowtodownloadConsumerIso.txt
Created August 4, 2018 22:58 — forked from CHEF-KOCH/HowtodownloadConsumerIso.txt
Windows Redstone 4 (1803) - All download links - April Update
1. Open Chrome and search for User-Agent Switcher for Chrome extension, link https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg and select Add to Chrome
2. After the extension is installed/added, click the User-Agent extension and change User-Agent to Safari or Android mode
3. Open this link https://www.microsoft.com/en-us/software-download/windows10ISO
4. You will see the April Update ISO files, select the language and bit what you want, finally you can download it using download manager
5. Done, that's all, the direct link are valid only 24 hours after you created them.
Mirrors are here via adguard:
https://tb.rg-adguard.net/public.php
@conioh
conioh / seh_xp.c
Created August 26, 2018 18:38 — forked from TheCjw/seh_xp.c
http://www.sota.gen.nz/veh/seh_xp.txt
/*
* exception handling routines (xp 32-bit, partial/incomplete)
*
* ntdll 5.1.2600.5755
* v2 (updated jan 2011)
*
* - hawkes <hawkes@sota.gen.nz>
*
* useful link: http://www.eeye.com/html/resources/newsletters/vice/VI20060830.html
*
@conioh
conioh / Find-OrphanDockerLayers.ps1
Created October 30, 2019 03:08 — forked from olljanat/Find-OrphanDockerLayers.ps1
Find Windows containers orphan layers
param (
[switch]$RenameOrphanLayers
)
If ($RenameOrphanLayers) {
Write-Warning "$($env:COMPUTERNAME) -RenameOrphanLayers option enabled, will rename all orphan layers"
}
# Get known layers on Docker images
[array]$ImageDetails += docker images -q | ForEach { docker inspect $_ | ConvertFrom-Json }