Skip to content

Instantly share code, notes, and snippets.

@jaredcatkinson
jaredcatkinson / Get-InjectedThread.ps1
Last active Jan 15, 2021
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
View Get-InjectedThread.ps1
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION
@w4kfu
w4kfu / dllinjshim.cpp
Last active Sep 9, 2020
DLL Injection via Shim
View dllinjshim.cpp
/*
-------- dllinjshim.cpp --------
> cl /Fe:dllinjshim.exe dllinjshim.cpp
> dllinjshim.exe
> sdbinst moo.sdb
/!\ On Windows 10 there is a new function `SdbIsKnownShimDll` called
in `SdbGetDllPath` which will check the DLL name against the following list:
View grsecurity_pax_copperheados.md

This is an overview of the usefulness of PaX/grsecurity features for CopperheadOS especially when taking into account the overlap of the access control features with SELinux and that the Nexus line will be entirely 64-bit ARM. Note that it's missing most of the unnamed features without configuration options tied to them. A grsecurity kernel also comes with lots of security bug fixes backported from master, adapted from lkml submissions that were ignored, etc.

Previously, CopperheadOS used ports of PaX to the 3.4 Android kernels used by the Nexus 5 and Galaxy S4. The plan was to start from there, backporting from the PaX stable patches as needed along with reimplementing the relevant pieces of grsecurity without actually applying an old patch and backporting to it.

This is no longer the case for the published releases now that devices have moved to 64-bit ARM (which is not supported by PaX / grsecurity yet) and both the PaX and grsecurity stable patches have become private. There are still PaX ports for test

@novemberborn
novemberborn / setup.md
Created Jan 7, 2016
OS X Redirect ports 80 and 443 to 8080 and 8443 respectively
View setup.md

Changes with .dev domains in mind.

Create /etc/pf.anchors/dev, containing:

rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443

@skeeto
skeeto / jit.c
Last active Mar 5, 2020
Basic JIT
View jit.c
/* http://redd.it/2z68di */
#define _BSD_SOURCE // MAP_ANONYMOUS
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <sys/mman.h>
#define PAGE_SIZE 4096
@mallyvai
mallyvai / windows.h__.js
Created Nov 18, 2012
windows.h.js INFINITY
View windows.h__.js
var ffi = require('ffi'),
ref = require('ref'),
Struct = require('ref-struct'),
Library = require('./Library'),
Type = ref.Type,
NULL = ref.NULL,
isNull = ref.isNull;
var groups = ['libs', 'types', 'structs', 'callbacks', 'enums'];
@caniszczyk
caniszczyk / clone-all-twitter-github-repos.sh
Created Oct 9, 2012
Clone all repos from a GitHub organization
View clone-all-twitter-github-repos.sh
curl -s https://api.github.com/orgs/twitter/repos?per_page=200 | ruby -rubygems -e 'require "json"; JSON.load(STDIN.read).each { |repo| %x[git clone #{repo["ssh_url"]} ]}'