Skip to content

Instantly share code, notes, and snippets.

View LZDecompress.cpp
#include <iostream>
#include <Windows.h>
#pragma comment(lib,"LZ32.lib")
bool decompress(LPSTR infile, LPSTR outfile)
{
INT hin, hout = 0;
OFSTRUCT ofin = { 0 };
OFSTRUCT ofout = { 0 };
View mal_unpack_runner.py
#!/usr/bin/env python3
import sys, os, subprocess
import pefile
from pathlib import Path
def mal_unp_res_to_str(returncode):
if returncode == (-1):
return "ERROR"
if returncode == 0:
View quick-disable-windows-defender.bat
rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!!
rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference
rem To also disable Windows Defender Security Center include this
rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
rem 1 - Disable Real-time protection
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
@hasherezade
hasherezade / fakedns.py
Created Sep 15, 2021
FakeDNS (Python3)
View fakedns.py
#!/usr/bin/python3
__author__ = 'Francisco Santos'
# URL: https://code.activestate.com/recipes/491264-mini-fake-dns-server/
import socket
class DNSQuery:
def __init__(self, data):
self.data=data
@hasherezade
hasherezade / install.reg
Last active Jul 28, 2021
AppInit_DLLs : install/uninstall DLL
View install.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=dword:00000001
"AppInit_DLLs"="C:\\dlls\\demo64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=dword:00000001
"AppInit_DLLs"="C:\\dlls\\demo32.dll"
@hasherezade
hasherezade / Program.cs
Last active Jul 27, 2021
A simple app to decode #PurpleFoxEK stegano payloads
View Program.cs
using System;
using System.Drawing;
using System.IO;
namespace PurpleFoxPNGDec
{
internal class Program
{
public static int getPrintableLen(byte[] array)
{
@hasherezade
hasherezade / winupdate64.dll.tag
Created Jul 27, 2021
Tag file from tracing a VMProtect-protected NuggetPhantom component
View winupdate64.dll.tag
71941;kernel32.LoadLibraryA
Arg[0] = ptr 0x000000d19111f670 -> "kernel32.dll"
cdb3d;kernel32.GetModuleFileNameW
cdb3d;kernel32.CreateFileW
Arg[0] = ptr 0x000000d19111f280 -> L"C:\Users\tester\Desktop\winupdate64.dll"
Arg[1] = 0x0000000080000000 = 2147483648
Arg[2] = 0x0000000000000003 = 3
Arg[3] = 0
Arg[4] = 0x0000000000000003 = 3
@hasherezade
hasherezade / GzipSimpleHttpServer.py
Last active Aug 17, 2021 — forked from bkeating/GzipSimpleHttpServer.py
Python's SimpleHttpServer, but w/Gzip support. 🤙
View GzipSimpleHttpServer.py
#!/usr/bin/python3
"""Simple HTTP Server.
This module builds on BaseHTTPServer by implementing the standard GET
and HEAD requests in a fairly straightforward manner.
"""
__version__ = "0.7"
@hasherezade
hasherezade / main.cpp
Created Jul 17, 2021
A native way to enumerate processes (alternative to: EnumProcesses, CreateToolhelp32Snapshot - Process32First - Process32Next)
View main.cpp
#include <windows.h>
#include <iostream>
#include "ntddk.h"
bool enum_processes()
{
ULONG retLen = 0;
// check length: