Skip to content

Instantly share code, notes, and snippets.

View gabriellandau's full-sized avatar

Gabriel Landau gabriellandau

187 followers · 10 following
View GitHub Profile
@mgraeber-rc
mgraeber-rc / analysis.md
Created March 4, 2021 21:08
Basic dynamic malware analysis with AMSI events

Step 1) Start an AMSI ETW trace from an elevated command prompt

logman start trace AMSITrace -p Microsoft-Antimalware-Scan-Interface (Event1) -o amsi.etl -ets

Step 2) Run your evil maldoc or script. Note: AMSI can capture runtime context of VBA, Excel4, JScript, VBScript, PowerShell, WMI, and .NET (4.8+) in-mem assembly loads

Step 3) Stop the AMSI trace

@mridgers
mridgers / pdbdump.c
Created June 21, 2012 21:19
Small tool to list and query symbols in PDB files.
//------------------------------------------------------------------------------
// pdbdump.c - dump symbols from .pdb and executable files (public domain).
// - to compile; cl.exe /Ox /Zi pdbdump.c
// -
// - Martin Ridgers, pdbdump 'at' fireproofgravy.co.uk
//------------------------------------------------------------------------------
#include <stdio.h>
#include <Windows.h>
#include <DbgHelp.h>