View PesieveLdr.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"syscall" | |
"unsafe" | |
) | |
var ( | |
peSieveDll = syscall.NewLazyDLL("pe-sieve64.dll") |
View LZDecompress.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <iostream> | |
#include <Windows.h> | |
#pragma comment(lib,"LZ32.lib") | |
bool decompress(LPSTR infile, LPSTR outfile) | |
{ | |
INT hin, hout = 0; | |
OFSTRUCT ofin = { 0 }; | |
OFSTRUCT ofout = { 0 }; |
View mal_unpack_runner.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import sys, os, subprocess | |
import pefile | |
from pathlib import Path | |
def mal_unp_res_to_str(returncode): | |
if returncode == (-1): | |
return "ERROR" | |
if returncode == 0: |
View quick-disable-windows-defender.bat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! | |
rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference | |
rem To also disable Windows Defender Security Center include this | |
rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f | |
rem 1 - Disable Real-time protection | |
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
View fakedns.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
__author__ = 'Francisco Santos' | |
# URL: https://code.activestate.com/recipes/491264-mini-fake-dns-server/ | |
import socket | |
class DNSQuery: | |
def __init__(self, data): | |
self.data=data |
View install.reg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows Registry Editor Version 5.00 | |
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] | |
"LoadAppInit_DLLs"=dword:00000001 | |
"AppInit_DLLs"="C:\\dlls\\demo64.dll" | |
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows] | |
"LoadAppInit_DLLs"=dword:00000001 | |
"AppInit_DLLs"="C:\\dlls\\demo32.dll" |
View Program.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Drawing; | |
using System.IO; | |
namespace PurpleFoxPNGDec | |
{ | |
internal class Program | |
{ | |
public static int getPrintableLen(byte[] array) | |
{ |
View winupdate64.dll.tag
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
71941;kernel32.LoadLibraryA | |
Arg[0] = ptr 0x000000d19111f670 -> "kernel32.dll" | |
cdb3d;kernel32.GetModuleFileNameW | |
cdb3d;kernel32.CreateFileW | |
Arg[0] = ptr 0x000000d19111f280 -> L"C:\Users\tester\Desktop\winupdate64.dll" | |
Arg[1] = 0x0000000080000000 = 2147483648 | |
Arg[2] = 0x0000000000000003 = 3 | |
Arg[3] = 0 | |
Arg[4] = 0x0000000000000003 = 3 |
View GzipSimpleHttpServer.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
"""Simple HTTP Server. | |
This module builds on BaseHTTPServer by implementing the standard GET | |
and HEAD requests in a fairly straightforward manner. | |
""" | |
__version__ = "0.7" |
View main.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <iostream> | |
#include "ntddk.h" | |
bool enum_processes() | |
{ | |
ULONG retLen = 0; | |
// check length: |
NewerOlder