Skip to content

Instantly share code, notes, and snippets.

@jaredcatkinson
jaredcatkinson / Get-InjectedThread.ps1
Last active March 1, 2024 03:05
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION
@w4kfu
w4kfu / dllinjshim.cpp
Last active June 2, 2023 03:58
DLL Injection via Shim
/*
-------- dllinjshim.cpp --------
> cl /Fe:dllinjshim.exe dllinjshim.cpp
> dllinjshim.exe
> sdbinst moo.sdb
/!\ On Windows 10 there is a new function `SdbIsKnownShimDll` called
in `SdbGetDllPath` which will check the DLL name against the following list:

This is an overview of the usefulness of PaX/grsecurity features for CopperheadOS especially when taking into account the overlap of the access control features with SELinux and that the Nexus line will be entirely 64-bit ARM. Note that it's missing most of the unnamed features without configuration options tied to them. A grsecurity kernel also comes with lots of security bug fixes backported from master, adapted from lkml submissions that were ignored, etc.

Previously, CopperheadOS used ports of PaX to the 3.4 Android kernels used by the Nexus 5 and Galaxy S4. The plan was to start from there, backporting from the PaX stable patches as needed along with reimplementing the relevant pieces of grsecurity without actually applying an old patch and backporting to it.

This is no longer the case for the published releases now that devices have moved to 64-bit ARM (which is not supported by PaX / grsecurity yet) and both the PaX and grsecurity stable patches have become private. There are still PaX ports for test

@novemberborn
novemberborn / setup.md
Created January 7, 2016 15:05
OS X Redirect ports 80 and 443 to 8080 and 8443 respectively

Changes with .dev domains in mind.

Create /etc/pf.anchors/dev, containing:

rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443

@skeeto
skeeto / jit.c
Last active September 27, 2023 11:27
Basic JIT
/* http://redd.it/2z68di */
#define _BSD_SOURCE // MAP_ANONYMOUS
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <sys/mman.h>
#define PAGE_SIZE 4096
@mallyvai
mallyvai / windows.h__.js
Created November 18, 2012 08:09
windows.h.js INFINITY
var ffi = require('ffi'),
ref = require('ref'),
Struct = require('ref-struct'),
Library = require('./Library'),
Type = ref.Type,
NULL = ref.NULL,
isNull = ref.isNull;
var groups = ['libs', 'types', 'structs', 'callbacks', 'enums'];
@caniszczyk
caniszczyk / clone-all-twitter-github-repos.sh
Created October 9, 2012 04:25
Clone all repos from a GitHub organization
curl -s https://api.github.com/orgs/twitter/repos?per_page=200 | ruby -rubygems -e 'require "json"; JSON.load(STDIN.read).each { |repo| %x[git clone #{repo["ssh_url"]} ]}'