saagarjha

// To compile: clang++ -arch x86_64 -arch arm64 -std=c++20 library_injector.cpp -lbsm -lEndpointSecurity -o library_injector,
// then codesign with com.apple.developer.endpoint-security.client and run the
// program as root.

#include <EndpointSecurity/EndpointSecurity.h>
#include <algorithm>
#include <array>
#include <bsm/libbsm.h>
#include <cstddef>
#include <cstdint>

rafaelldi

Starting

Command	WinDbg	LLDB
Start	windbg {executable} [{args}]	lldb {executable} [--args]
Attach	windbg -p {pid}	lldb --attach-pid {pid}

Symbols and modules

Command	WinDbg	LLDB
(Re)load symbols	lb {module-name}	target symbols add {symbol-file-path}

ujin5

function sleep( sleepDuration ){
    var now = new Date().getTime();
    while(new Date().getTime() < now + sleepDuration){ /* do nothing */ } 
}
function gc() {
    for (let i = 0; i < 0x10; i++) {
            new ArrayBuffer(0x1000000);
        }
}
let data_view = new DataView(new ArrayBuffer(8));

testanull

import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus

requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

tandasat

/**
 * @file CheckGuestVmcsFieldsForVmEntry.c
 * @author Satoshi Tanda (tanda.sat@gmail.com)
 * @brief Checks validity of the guest VMCS fields for VM-entry as per
 *      26.3 CHECKING AND LOADING GUEST STATE
 * @version 0.1
 * @date 2021-02-20
 *
 * @details This file implements part of checks performed by a processor during
 *      VM-entry as CheckGuestVmcsFieldsForVmEntry(). This can be called on VM-exit

theevilbit

/*
This is a POC for a generic technique I called internally on our red team assessment "Divide and Conquer", which can be used to bypass behavioral based NextGen AV detection. It works by splitting malicious actions and API calls into distinct processes.
*/

#include <stdio.h>
#include <tchar.h>

#include <windows.h>
#include "Commctrl.h"
#include <string>

dougallj

# IDA (disassembler) and Hex-Rays (decompiler) plugin for Apple AMX
#
# WIP research. (This was edited to add more info after someone posted it to
# Hacker News. Click "Revisions" to see full changes.)
#
# Copyright (c) 2020 dougallj


# Based on Python port of VMX intrinsics plugin:
# Copyright (c) 2019 w4kfu - Synacktiv

osy

Thanks to the work of @agraf, @KhaosT, @imbushuo, and others, we have Virtualization.framework working on M1 Macs. These [changes][1] have been merged with QEMU v5.2.0 RC3 (will rebase once the final release is out) and integrated with UTM, a brand new QEMU frontend designed in SwiftUI for iOS 14 and macOS 11.

Downloads

• UTM
• Windows for ARM
• Windows 10 ARM.utm
• VirtIO Drivers

cheadrian

#With the help of this script you can download parts from the Youtube Video that is live streamed, from start of the stream till the end

import urllib.request
import os

#E.G: "https://r4---sn-gqn-p5ns.googlevideo.com/videoplayback?expire=1603041842& ..... 2.20201016.02.00&sq="
#The sound link should contain: &mime=audio in it.
#Here's an example from NASA LIVE:
#VIDEO: https://r5---sn-gqn-p5ns.googlevideo.com/videoplayback?expire=1603165657&ei=eQmOX8TeFtS07gO1xLWwDA&ip=79.115.11.159&id=DDU-rZs-Ic4.1&itag=137&aitags=133%2C134%2C135%2C136%2C137%2C160&source=yt_live_broadcast&requiressl=yes&mh=PU&mm=44%2C29&mn=sn-gqn-p5ns%2Csn-c0q7lnsl&ms=lva%2Crdu&mv=m&mvi=5&pl=20&initcwndbps=1350000&vprv=1&live=1&hang=1&noclen=1&mime=video%2Fmp4&gir=yes&mt=1603143920&fvip=5&keepalive=yes&fexp=23915654&c=WEB&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Clive%2Chang%2Cnoclen%2Cmime%2Cgir&sig=AOq0QJ8wRQIgQMnxy1Yk3HLTpqbOGmjZYH1CXCTNx6u6PgngAVGi4EQCIQDWyaye-u_KGyVQ0HRUsyKVaAzyXbmzDqOGVGpIyP7VtA%3D%3D&lspa

Siguza

#!/usr/bin/env zsh

set -e;
set +m; # Job control would've been nice, but manual round robin it is, sigh.

if [ -z "${ZSH_VERSION+x}" ]; then
    echo 'Try again with zsh.';
    exit 1;
fi;