Based on Chris Frohoff and Wouter Coekaerts ideas:
- https://gist.github.com/frohoff/24af7913611f8406eaf3
- http://wouter.coekaerts.be/2015/annotationinvocationhandler
Full project (containing dependencies) can be found here:
gradetwo gradetwo
Proteas
/ xnu-4570.1.46-arm64-steps.txt
Created
October 9, 2017 02:46
steps to build arm64 version of xnu-4570.1.46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Following are my steps to build the ARM64 version of xnu-4570.1.46, hope this is helpfull for saving time. | |
| 1. Use Xcode 9.0 | |
| 2. Preparation is same as macOS, and there is a guide: https://0xcc.re/building-xnu-kernel-macosx-sierrra-10-12-x/ | |
| 3. There is an ARM64 version libfirehose: https://github.com/Proteas/install_firehose_lib | |
| 4. Copy and edit the ARM64 config(CFLAGS, LDFLAGS) from darwin-on-arm/xnu to your target project | |
| 5. Example CFLAGS: -Darm64 -DARM64 -D__arm64__ -D__ARM64__ -DLP64 -DCONFIG_EMBEDDED -mkernel -DARM64_BOARD_CONFIG_T8011=1 | |
| 6. Fix compiling stage errors by directly importing the missing headers or editing the code | |
| 7. Fix linking stage errors by implementing place holder funcitons for: chudxnu_cpu_alloc, etc | |
| 8. If missing symbol __divti3 in linking stage, get the runtime from llvm. |
nirizr
/ idapython_get_stack_refs.py
Last active
September 1, 2022 20:11
IDAPYTHON: List all references to all stack variables of a function
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idc, idaapi, idautils, ida_xref | |
| def find_stack_members(func_ea): | |
| members = {} | |
| base = None | |
| frame = idc.GetFrame(func_ea) | |
| for frame_member in idautils.StructMembers(frame): | |
| member_offset, member_name, _ = frame_member | |
| members[member_offset] = member_name | |
| if member_name == ' r': |
jaredcatkinson
/ Get-InjectedThread.ps1
Last active
April 22, 2024 19:09
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Give the usual warning. | |
| clear; | |
| echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds..."; | |
| sleep 10; | |
| clear; | |
| # Download and extract exploit files. | |
| echo "[INFO] Downloading exploit files from GitHub..."; |
mattifestation
/ wmi_provider_association.ps1
Last active
August 16, 2022 05:14
Enumerates WMI providers, the DLLs that back the provider, and the classes hosted by the provider.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Author: Matthew Graeber (@mattifestation) | |
| License: BSD 3-Clause | |
| #> | |
| function Get-WmiNamespace { | |
| [OutputType([String])] | |
| Param ( | |
| [String] | |
| [ValidateNotNullOrEmpty()] |
alirobe
/ reclaimWindows10.ps1
Last active
April 26, 2024 17:59
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### | |
| ### | |
| ### UPDATE: For Win 11, I recommend using this tool in place of this script: | |
| ### https://christitus.com/windows-tool/ | |
| ### https://github.com/ChrisTitusTech/winutil | |
| ### https://www.youtube.com/watch?v=6UQZ5oQg8XA | |
| ### iwr -useb https://christitus.com/win | iex | |
| ### | |
| ### |
shengoo
/ Android unzip file using ZipInputStream
Last active
February 27, 2017 08:33
Android unzip file using ZipInputStream
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class unzip extends Activity { | |
| /** Called when the activity is first created. */ | |
| static final int BUFFER = 2048; | |
| TextView textView; | |
| @Override | |
| public void onCreate(Bundle savedInstanceState) { | |
| textView = new TextView(this); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from Crypto.Cipher import AES | |
| from Crypto.Util.strxor import strxor | |
| from binascii import hexlify | |
| K = '0123456789abcdef' | |
| cipher = AES.new(K, AES.MODE_ECB) | |
| # Original Message |
alexsleat
/ argvURLfriendly.py
Created
November 14, 2011 00:34
Google Text To Speech in Python (TTS), more info at http://alexsleat.co.uk/2011/11/14/python-making-use-of-googles-text-to-speech-translation-tool/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys #for cmd line argv | |
| #take command line args as the input string | |
| input_string = sys.argv | |
| #remove the program name from the argv list | |
| input_string.pop(0) | |
| #convert to google friendly url (with + replacing spaces) |
NewerOlder