Skip to content

Instantly share code, notes, and snippets.

Countercept countercept

Block or report user

Report or block countercept

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@countercept
countercept / dotnet-runtime-etw.py
Last active May 7, 2019
A research aid for tracing security relevant events in the CLR via ETW for detecting malicious assemblies.
View dotnet-runtime-etw.py
import time
import etw
import etw.evntrace
import sys
import argparse
import threading
class RundownDotNetETW(etw.ETW):
def __init__(self, verbose, high_risk_only):
@countercept
countercept / Get-LibraryMS.ps1
Created Jul 31, 2018
Checks the %USERPROFILE% directory for any file with library-ms extension and extract the CLSID. In particular, the <url> element with shell command.
View Get-LibraryMS.ps1
function Get-LibraryMS {
<#
.SYNOPSIS
Author: Jayden Zheng (@fuseyjz)
Checks the %USERPROFILE% directory for any file with library-ms extension and extract the CLSID.
In particular, <url> element with shell command.
Blog: pending release
You can’t perform that action at this time.