danzek
/ singly_linked_list.c
Last active
January 10, 2021 20:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * singly_linked_list.c | |
| * | |
| * Demo of singly-linked list using simplified Process struct | |
| * | |
| * I made this for the 2019 KPMG Lunch and Learn series entitled, | |
| * "A heuristic approach to coding in C on Windows" | |
| */ | |
| #include <stdio.h> |
danzek
/ Get-DesktopSearchData.ps1
Created
June 11, 2018 21:29
Gets data from Windows Desktop Search
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Gets data from Windows Desktop Search. | |
| .DESCRIPTION | |
| Uses Windows API (ADO) to get data from Windows Desktop Search JET (ESE) database. | |
| .NOTES | |
| File Name : Get-DesktopSearchData.ps1 | |
| Author : Dan O'Day - d@4n68r.com |
danzek
/ FixAbsoluteHyperlinksInExcelToRelative.vba
Created
October 26, 2020 23:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sub FixLinks() | |
| Dim wks As Worksheet | |
| Dim hl As Hyperlink | |
| Dim sOld As String | |
| Dim sNew As String | |
| Set wks = ActiveSheet | |
| sOld = "G:\MyOriginalFolderIWantToReplaceInPath\" | |
| sNew = ".\" | |
| For Each hl In wks.Hyperlinks | |
| hl.Address = Replace(hl.Address, sOld, sNew) |
danzek
/ rot13Reader.go
Created
October 25, 2020 05:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // solution to rot13Reader exercise in golang tour | |
| package main | |
| import ( | |
| "io" | |
| "os" | |
| "strings" | |
| ) |
danzek
/ fibonacci_closure.go
Created
October 23, 2020 04:32
Solution to Golang tour Fibonacci closure exercise
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // go tour fibonacci closure exercise solution | |
| // https://tour.golang.org/moretypes/26 | |
| package main | |
| import "fmt" | |
| // fibonacci is a function that returns | |
| // a function that returns an int. | |
| func fibonacci() func() int { |
danzek
/ deobfuscateClopResource.cpp
Created
April 1, 2019 22:39
decompiled / reverse-engineered Clop deobfuscation of SIXSIX1 resource code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HINSTANCE LoadExecuteClearSystemsBatchFile() | |
| { | |
| HMODULE hModule; // eax | |
| HMODULE phModule; // ebx | |
| HRSRC hRsrcSIXSIX1; // eax | |
| HRSRC phRsrcSIXSIX1; // esi | |
| HGLOBAL hGlobalRsrcSIXSIX1; // eax | |
| const void *ResourceLock; // edi | |
| DWORD cbResourceSIXSIX1; // esi | |
| HGLOBAL hDecryptedResourceMemory; // ebx |
danzek
/ winlogon.reg
Created
February 11, 2018 20:48
— forked from anonymous/winlogon.reg
WinLogon Windows 7 x64 COM Hijack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00] | |
| @="AtomicRedTeam" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam.1.00\CLSID] | |
| @="{00000001-0000-0000-0000-0000FEEDACDC}" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam] | |
| @="AtomicRedTeam" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\AtomicRedTeam\CLSID] | |
| @="{00000001-0000-0000-0000-0000FEEDACDC}" | |
| [HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{00000001-0000-0000-0000-0000FEEDACDC}] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # pdtime = parse Droid time - Utility to parse Android Unix timestamps in csv files | |
| # | |
| # Given a csv file or list of csv files containing Android timestamps, create a "parsed" directory and | |
| # output new csv files with timestamps parsed in human-readable format, with no timezone adjustments. | |
| # Android timestamps should be stored in UTC/GMT, and are parsed as such. | |
| # | |
| # Sample timestamp: 1311341729264, Android has three extra numbers than regular UNIX timestamps, because | |
| # it stores UNIX epoch in milliseconds. It must be divided by 1000 to make it a normal UNIX timestamp. |
danzek
/ reformat_encase_internet.py
Last active
January 2, 2018 21:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python -tt | |
| # -*- coding: utf-8 -*- | |
| """ | |
| Given the starting line number from the html output (and optional ending line number), parses Internet history | |
| artifacts from a default EnCase 7 HTML report into a nicer looking table. Be sure to customize fields and field widths | |
| as needed. | |
| Copyright 2015, Dan O'Day (d@4n68r.com) | |
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| """ | |
| Expert Witness Format (EWF) Extension Helper | |
| Provides generator methods that provide the next expected file extension for EWF and EWF 2 file formats. For instance: | |
| * E01 | |
| * E02 |