Skip to content

Instantly share code, notes, and snippets.

View evandrix's full-sized avatar
💭
offline

evandrix evandrix

💭
offline
370 followers · 609 following
View GitHub Profile
@tlansec
tlansec / externals_example.py
Created February 21, 2022 10:08
Simple script to demo use of yara-python + externals
# Simple script to demo use of yara-python + externals
# think of all the externals you could define!
import os
import sys
import yara
example_rule = '''
rule demo_externals
{
@matterpreter
matterpreter / RpcParser.java
Last active March 9, 2022 00:21
Ghidra RPC procedure identification script
//Locate RPC procecures inside of server code
//@author Matt Hand (@matterpreter) based on original work by Sektor7 Labs (@reenz0h)
//@category Functions
//@keybinding
//@menupath
//@toolbar
import ghidra.app.script.GhidraScript;
import ghidra.program.model.block.*;
import ghidra.program.model.symbol.*;
@huytd
huytd / wordle.md
Last active May 2, 2024 12:13
Wordle in less than 50 lines of Bash

image

How to use:

./wordle.sh

Or try the unlimit mode:

@olliencc
olliencc / AA.cpp
Last active October 11, 2023 10:26
Enumerates why each DLL loaded for each process via PEB
/*
This was the first version - the newer version also includes *When* it was loaded also.
https://gist.github.com/olliencc/e166a64ca211c51eb69111f26ce57bc1
*/
@str4d
str4d / DemangleRust.py
Last active March 27, 2024 12:41
Ghidra script for demangling Rust symbols
# Attempts to demangle all mangled symbols in the current program using the Rust
# mangling schemes, and replace the default symbol and function signature
# (if applicable) with the demangled symbol.
#
# License: MIT OR Apache-2.0
#@author Jack Grigg <thestr4d@gmail.com>
#@category Symbol
import string
@barneygale
barneygale / macvnc.py
Last active March 18, 2024 07:17
from os import urandom
from socket import create_connection
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives.serialization import load_der_public_key
def read(sock, length):
result = b''
@zingaburga
zingaburga / sve2.md
Last active April 30, 2024 15:08
ARM’s Scalable Vector Extensions: A Critical Look at SVE2 For Integer Workloads

ARM’s Scalable Vector Extensions: A Critical Look at SVE2 For Integer Workloads

Scalable Vector Extensions (SVE) is ARM’s latest SIMD extension to their instruction set, which was announced back in 2016. A follow-up SVE2 extension was announced in 2019, designed to incorporate all functionality from ARM’s current primary SIMD extension, NEON (aka ASIMD).

Despite being announced 5 years ago, there is currently no generally available CPU which supports any form of SVE (which excludes the [Fugaku supercomputer](https://www.fujitsu.com/global/about/innovation/

@10maurycy10
10maurycy10 / ester.js
Created December 15, 2021 17:23
Npm cli easter egg code [DEOBFUSCATED]
// Original obfuscated code.
//
//
//
// module.exports = c => {
// const B = global[Buffer.from([66, 117, 102, 102, 101, 114])]
// const f = B.from([102, 114, 111, 109])
// const D = global[B[f]([68, 97, 116, 101])]
// const s = 8
@jaygooby
jaygooby / log4j-jndi.conf
Last active February 2, 2022 12:04
fail2ban filter rule for the log4j CVE-2021-44228 exploit
# log4j jndi exploit CVE-2021-44228 filter
# Save this file as /etc/fail2ban/filter.d/log4j-jndi.conf
# then copy and uncomment the [log4j-jndi] section
# to /etc/fail2ban/jail.local
#
# jay@gooby.org
# https://jay.gooby.org/2021/12/13/a-fail2ban-filter-for-the-log4j-cve-2021-44228
# https://gist.github.com/jaygooby/3502143639e09bb694e9c0f3c6203949
# Thanks to https://gist.github.com/kocour for a better regex
#
@blotus
blotus / log4j_exploitation_attempts_crowdsec.md
Last active December 29, 2023 12:24
IPs exploiting the log4j2 CVE-2021-44228 detected by the crowdsec community

This list is no longer updated, thus the information is no longer reliable.

You can see the latest version (from october 2022) here