以下に記載する本やサイトを参考にして色々遊ぶとアンチウイルス企業のマルウェア解析とかの仕事を任せられるようになります。
順番はめちゃくちゃです(思い出した順に書いています)
なんか気になるのがあったら適当に手にとる感じでどうぞ。
-
Hacking:美しき策謀 第2版 ――脆弱性攻撃の理論と実際
-
リバースエンジニアリング ――Pythonによるバイナリ解析技法
famasoon
/ Win32_Callback_Inject.cs
Created
January 13, 2025 06:58
— forked from v4nyl/Win32_Callback_Inject.cs
Win32 Callback Injection - 12 Methods
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Runtime.InteropServices; | |
| //Resource: https[:]//vx-underground.org/papers.html -> Windows VX -> INJECTION -> Win32 Callback Injection (Author(s): Dreamer && Clover) | |
| namespace Callback_Inject | |
| { | |
| class Program | |
| { |
famasoon
/ PatchExtract125.ps1
Created
January 10, 2023 09:06
— forked from moshekaplan/PatchExtract125.ps1
Patch Extract v1.25 by Greg Linares (@Laughing_Mantis)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| ================ | |
| PATCHEXTRACT.PS1 | |
| ================= | |
| Version 1.25 Microsoft MSU Patch Extraction and Patch Organization Utility by Greg Linares (@Laughing_Mantis) | |
| This Powershell script will extract a Microsoft MSU update file and then organize the output of extracted files and folders. | |
| Organization of the output files is based on the patch's files and will organize them based on their archicture (x86, x64, or wow64) | |
| as well as their content-type, ie: resource and catalog files will be moved to a JUNK subfolder and patch binaries and index files will |
famasoon
/ アドベントカレンダー.md
Last active
November 2, 2022 06:03
famasoon
/ twint_practice.py
Created
May 9, 2020 17:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import twint | |
| def get_followers(username): | |
| c = twint.Config() | |
| c.Username = username | |
| c.Profile_full = True | |
| c.Store_csv = True | |
| c.Output = "followers.csv" | |
| twint.run.Followers(c) |
famasoon
/ for_malware_analysis.md
Created
March 24, 2020 13:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| build: main.go | |
| GOOS=linux GOARCH=amd64 go build -o hello | |
| zip: build | |
| zip handler.zip ./hello |
famasoon
/ onion_crtsh_result.txt
Created
December 3, 2019 13:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *.37nhmdszo2ltkkfo.onion | |
| *.56m4joozvkzlx6ln.onion | |
| *.analytics.qklykfiomrwjhdz4.onion | |
| *.api.37nhmdszo2ltkkfo.onion | |
| *.api.dev.nytimes3xbfgragh.onion | |
| *.api.nytimes3xbfgragh.onion | |
| *.api.s5rhoqqosmcispfb.onion | |
| *.api.stg.nytimes3xbfgragh.onion | |
| *.blogs.nytimes3xbfgragh.onion | |
| *.blogs.stg.nytimes3xbfgragh.onion |
famasoon
/ extract_exe_resource_image.sh
Last active
November 28, 2019 15:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PATH=$(cd $(dirname $1);pwd) | |
| echo $PATH | |
| /bin/mkdir -p ${PATH}imges | |
| /usr/local/bin/wrestool -x 1 -o ${PATH}images | |
| /bin/mkdir -p output | |
| /usr/local/bin/icotool -x -o output ${PATH}images/* |
famasoon
/ cdn_cn.txt
Created
November 23, 2019 14:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0-100.com | |
| 0-6.com | |
| 0-gold.net | |
| 00.net | |
| 000219.com | |
| 00042.com | |
| 0005pz.com | |
| 0006266.com | |
| 0007.net | |
| 000dn.com |
famasoon
/ hacknote_writeup.py
Created
September 15, 2019 13:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| context(os='linux', arch='i386') | |
| HOST = 'chall.pwnable.tw' | |
| PORT = 10102 | |
| PRINT_NOTE_FN = 0x804862b | |
| LIBC_READ_OFFSET = 0xd41c0 | |
| LIBC_SYSTEM_OFFSET = 0x3a940 |
NewerOlder