Skip to content

Instantly share code, notes, and snippets.

View cvlabsio's full-sized avatar

cvlabsio

3 followers · 1 following
View GitHub Profile
@cvlabsio
cvlabsio / SilentListener.py
Created October 13, 2024 16:33 — forked from Dfte/SilentListener.py
import argparse
import ipaddress
from os import path
from time import sleep
from shlex import split
from scapy.all import sniff
from threading import Thread
from subprocess import Popen, PIPE
valid_ranges = []
@cvlabsio
cvlabsio / Install-DbgHelp.ps1
Created December 22, 2023 14:06 — forked from awakecoding/Install-DbgHelp.ps1
function Install-DbgHelp {
param (
[Parameter(Mandatory=$true, Position=0)]
[string] $DbgHelpBaseDir,
[Parameter()]
[string[]] $DbgHelpFiles = @('dbghelp.dll','symsrv.dll','srcsrv.dll'),
[Parameter()]
[switch] $Cleanup
@cvlabsio
cvlabsio / no_strings.hpp
Created October 13, 2023 08:18 — forked from EvanMcBroom/no_strings.hpp
Encrypt Strings at Compile Time
// Copyright (C) 2022 Evan McBroom
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
@cvlabsio
cvlabsio / encrypting-strings-at-compile-time.md
Created October 13, 2023 08:18 — forked from EvanMcBroom/encrypting-strings-at-compile-time.md
Encrypting Strings at Compile Time

Encrypting Strings at Compile Time

Thank you to SpecterOps for supporting this research and to Duane and Matt for proofreading and editing! Crossposted on the SpecterOps Blog.

TLDR: You may use this header file for reliable compile time string encryption without needing any additional dependencies.

Programmers of DRM software, security products, or other sensitive code bases are commonly required to minimize the amount of human readable strings in binary output files. The goal of the minimization is to hinder others from reverse engineering their proprietary technology.

Common approaches that are taken to meet this requirement often add an additional maintenance burden to the developer and are prone to error. These approaches will be presented along with t

@cvlabsio
cvlabsio / pic-and-string-literals-2.md
Created October 13, 2023 08:17 — forked from EvanMcBroom/pic-and-string-literals-2.md
Pic and String Literals Part 2

PIC and String Literals Part 2

I previously wrote about how to use macro metaprogramming to simplify using string literals in position independent code (PIC). The results are summarized in the below code snippet and the article can be read on GitHub.

void f() {
    // Example 1: The Pic idiom for instantiating a string
    char picString1[]{ 'a', 'b', 'c' };
@cvlabsio
cvlabsio / pic-and-string-literals.md
Created October 13, 2023 08:17 — forked from EvanMcBroom/pic-and-string-literals.md
Position Independent Code and String Literals

Position Independent Code and String Literals

A common programming idiom when writing position independent code (PIC) is to expand a string literal into its individual characters when instantiating a local variable.

void f() {
    // Example 1: A normal instantiation with a string literal
    char a[]{ "a long string" };

 // Example 2: The Pic idiom for instantiating a string
@cvlabsio
cvlabsio / fireeye-tools.md
Created October 13, 2023 08:16 — forked from EvanMcBroom/fireeye-tools.md
FireEye Red Team Tools - Notes

FireEye Red Team Tools - Notes

These are my notes on FireEye's yara rules for it's red team's tools.

These are the public projects that I could identify to be directly associated with a tool:

Project Source
AndrewSpecial https://github.com/hoangprod/AndrewSpecial
BloodHound https://github.com/BloodHoundAD/BloodHound
@cvlabsio
cvlabsio / perfect-loaders.md
Created October 13, 2023 08:14 — forked from EvanMcBroom/perfect-loaders.md
Perfect Loader Implementations

Perfect Loader Implementations

Thank you to SpecterOps for supporting this research and to Lee and Sarah for proofreading and editing! Crossposted on the SpecterOps Blog.

TLDR: You may use fuse-loader or perfect-loader as examples for extending an OS's native loader to support in-memory libraries.

Some software applications require the ability to load dynamic libraries from the memory of the application's own process. The majority of desktop OSes do not support this use case, so a number of developers have reimplemented the process of loading a library to overcome this limitation.

@cvlabsio
cvlabsio / PKI_Abuse_cheatsheet.md
Created October 20, 2022 13:44 — forked from Flangvik/PKI_Abuse_cheatsheet.md
PKI Abuse CheatSheet
@cvlabsio
cvlabsio / README.md
Created October 20, 2022 03:50
Table Top With Teeth - Training Exercise

Instructions

The following script is designed to create artifacts that teams can use to hunt, new or interesting capabilities.

The following table top is based on the code here: https://github.com/code-scrap/DynamicWrapperDotNet

This script is self-contained. It should dynamically write a DLL to disk and load it in to cscript.exe

To Invoke cscript.exe stranger_things.js This example expects a 64bit system.