Skip to content

Instantly share code, notes, and snippets.

View hugsy's full-sized avatar
:octocat:
‎just hacking on

crazy hugsy hugsy

:octocat:
‎just hacking on
1.1k followers · 179 following
View GitHub Profile
@jtippet
jtippet / .clang-format
Created June 25, 2019 20:10
clang-format file to approximate Windows NT coding style for C++ drivers
AccessModifierOffset: -4
AlignAfterOpenBracket: AlwaysBreak
AlignConsecutiveAssignments: false
AlignConsecutiveDeclarations: false
AlignEscapedNewlines: DontAlign
AlignOperands: true
AllowAllParametersOfDeclarationOnNextLine: false
AllowShortBlocksOnASingleLine: false
AllowShortCaseLabelsOnASingleLine: false
AllowShortFunctionsOnASingleLine: Inline
@masthoon
masthoon / rpc_dump_rs5.txt
Created January 15, 2019 06:49
RPC interfaces RS5
--------------------------------------------------------------------------------
<WinProcess "smss.exe" pid 368 at 0x5306908L>
64
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ffec24f0000
--------------------------------------------------------------------------------
<WinProcess "csrss.exe" pid 472 at 0x5306e48L>
64
Interfaces :
Endpoints :
@mackwage
mackwage / windows_hardening.cmd
Last active April 28, 2024 20:54
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@williballenthin
williballenthin / hint_calls.py
Last active April 4, 2024 03:40
'''
IDA plugin to display the calls and strings referenced by a function as hints.
Installation: put this file in your %IDADIR%/plugins/ directory.
Author: Willi Ballenthin <william.ballenthin@fireeye.com>
Licence: Apache 2.0
'''
import idc
import idaapi
import idautils
@alirobe
alirobe / reclaimWindows10.ps1
Last active April 26, 2024 17:59
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
###
###
### UPDATE: For Win 11, I recommend using this tool in place of this script:
### https://christitus.com/windows-tool/
### https://github.com/ChrisTitusTech/winutil
### https://www.youtube.com/watch?v=6UQZ5oQg8XA
### iwr -useb https://christitus.com/win | iex
###
###
@yrp604
yrp604 / cfi-notes.md
Last active December 13, 2021 07:28
CFI Notes

Starting in clang 3.7 they've introduced a new argument -fsanitize=cfi which aims to protect indirect calls from overwrites.

All the code and binaries I used can be downloaded here

Protecting C Function pointers

First, I thought I would look at how CFI applied to simple C structs with function pointers. After fighting with the compiler to get it to stop optimizing my code, (i.e. call <puts> instead of call rcx because clang realized that rcx was always going to be puts(3)) I got it calling things from memory. However, there was no CFI protection on the call. I played around with this a bit (interestingly, clang will optimize use of un-initialized memory to the ud2 instruction) but was unable to get any CFI protection in place.

Protection C++ virtual calls

Reading a bit of the clang manual, it talked a lot about C++ virtual methods, so I thought I would look at those. I also played around with non virtual calls, those were replaced with static cal

@yrp604
yrp604 / safe-stack-notes.md
Last active March 29, 2017 01:20
Safe Stack Notes

Note: I've only briefly read the related CPI paper (PDF), this is just initial impressions after playing around with it a bit.

All the code and binaries I used can be downloaded here. Note that I removed -DFORTIFY_SOURCE=2 to make the examples a bit simpler.

-fsanitize=safe-stack basically seems to move stack based buffers off the actual stack, onto another segment of memory (I'll call it the fake stack). The actual stack then stores references to this segment. For example:

char buf[20];
printf("%p\n", buf);
@steeve85
steeve85 / weesms.py
Created April 12, 2015 20:36
Send and receive SMS Text Messages in Weechat
# -*- coding:utf-8 -*-
from __future__ import unicode_literals
import weechat, csv, re, gammu, time, unicodedata
"""
README
======
2015-04-12: v0.1 - Initial/draft/beta version
@andrealbinop
andrealbinop / setup-modernie-vagrant-boxes.md
Last active May 28, 2023 01:54
Setup modern.ie vagrant boxes

Setup modern.ie vagrant boxes

Since modern.ie released vagrant boxes, it' no longer necessary to manually import the ova file to virtualbox, as mentioned here.

However, the guys at modern.ie didn't configured the box to work with WinRM. This how-to addresses that, presenting steps to proper repackage these boxes, adding WinRM support. Additionally configures chocolatey package manager and puppet provisioner.

Pre-requisites