hasherezade hasherezade
View PesieveLdr.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "syscall" | |
| "unsafe" | |
| ) | |
| var ( | |
| peSieveDll = syscall.NewLazyDLL("pe-sieve64.dll") |
hasherezade
/ LZDecompress.cpp
Created
February 23, 2022 22:47
View LZDecompress.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <Windows.h> | |
| #pragma comment(lib,"LZ32.lib") | |
| bool decompress(LPSTR infile, LPSTR outfile) | |
| { | |
| INT hin, hout = 0; | |
| OFSTRUCT ofin = { 0 }; | |
| OFSTRUCT ofout = { 0 }; |
hasherezade
/ mal_unpack_runner.py
Last active
January 28, 2022 21:15
View mal_unpack_runner.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys, os, subprocess | |
| import pefile | |
| from pathlib import Path | |
| def mal_unp_res_to_str(returncode): | |
| if returncode == (-1): | |
| return "ERROR" | |
| if returncode == 0: |
hasherezade
/ quick-disable-windows-defender.bat
Created
November 10, 2021 19:18
— forked from shadyeip/quick-disable-windows-defender.bat
View quick-disable-windows-defender.bat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! | |
| rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference | |
| rem To also disable Windows Defender Security Center include this | |
| rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f | |
| rem 1 - Disable Real-time protection | |
| reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
View fakedns.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| __author__ = 'Francisco Santos' | |
| # URL: https://code.activestate.com/recipes/491264-mini-fake-dns-server/ | |
| import socket | |
| class DNSQuery: | |
| def __init__(self, data): | |
| self.data=data |
View install.reg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] | |
| "LoadAppInit_DLLs"=dword:00000001 | |
| "AppInit_DLLs"="C:\\dlls\\demo64.dll" | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows] | |
| "LoadAppInit_DLLs"=dword:00000001 | |
| "AppInit_DLLs"="C:\\dlls\\demo32.dll" |
hasherezade
/ Program.cs
Last active
July 27, 2021 06:48
A simple app to decode #PurpleFoxEK stegano payloads
View Program.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Drawing; | |
| using System.IO; | |
| namespace PurpleFoxPNGDec | |
| { | |
| internal class Program | |
| { | |
| public static int getPrintableLen(byte[] array) | |
| { |
hasherezade
/ winupdate64.dll.tag
Created
July 27, 2021 06:31
Tag file from tracing a VMProtect-protected NuggetPhantom component
View winupdate64.dll.tag
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 71941;kernel32.LoadLibraryA | |
| Arg[0] = ptr 0x000000d19111f670 -> "kernel32.dll" | |
| cdb3d;kernel32.GetModuleFileNameW | |
| cdb3d;kernel32.CreateFileW | |
| Arg[0] = ptr 0x000000d19111f280 -> L"C:\Users\tester\Desktop\winupdate64.dll" | |
| Arg[1] = 0x0000000080000000 = 2147483648 | |
| Arg[2] = 0x0000000000000003 = 3 | |
| Arg[3] = 0 | |
| Arg[4] = 0x0000000000000003 = 3 |
hasherezade
/ GzipSimpleHttpServer.py
Last active
January 18, 2023 14:11
— forked from bkeating/GzipSimpleHttpServer.py
Python's SimpleHttpServer, but w/Gzip support. 🤙
View GzipSimpleHttpServer.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| """Simple HTTP Server. | |
| This module builds on BaseHTTPServer by implementing the standard GET | |
| and HEAD requests in a fairly straightforward manner. | |
| """ | |
| __version__ = "0.7" |
hasherezade
/ main.cpp
Created
July 17, 2021 16:35
A native way to enumerate processes (alternative to: EnumProcesses, CreateToolhelp32Snapshot - Process32First - Process32Next)
View main.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <iostream> | |
| #include "ntddk.h" | |
| bool enum_processes() | |
| { | |
| ULONG retLen = 0; | |
| // check length: |
NewerOlder