DavidBuchanan314
/ 31_round_sha256_poc.py
Last active
April 17, 2024 16:17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| 31-round sha256 collision. | |
| Not my research, just a PoC script I put together with numbers plugged in from the slide at | |
| https://twitter.com/jedisct1/status/1772647350554464448 from FSE2024 | |
| SHA256 impl follows FIPS 180-4 | |
| https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf | |
| """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks. | |
| // You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/) | |
| (() => { | |
| const SHOW_SIDES = false; // color sides of DOM nodes? | |
| const COLOR_SURFACE = true; // color tops of DOM nodes? | |
| const COLOR_RANDOM = false; // randomise color? | |
| const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com) | |
| const MAX_ROTATION = 180; // set to 360 to rotate all the way round | |
| const THICKNESS = 20; // thickness of layers | |
| const DISTANCE = 10000; // ¯\\_(ツ)_/¯ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cstdint> | |
| // x86_64-w64-mingw32-g++ -lstdc++ -static -O3 -s -DPAYLOAD_SIZE=276 ./byorwx.cpp ./section.S -o ./byorwx.exe | |
| // msfvenom -p windows/x64/exec -f c CMD=calc.exe --encrypt xor --encrypt-key abcdef | |
| unsigned char buf[] = | |
| "\x9d\x2a\xe0\x80\x95\x8e\xa1\x62\x63\x64\x24\x37\x20\x32" | |
| "\x31\x35\x33\x2e\x50\xb0\x06\x2c\xee\x34\x01\x2a\xe8\x36" | |
| "\x7d\x2e\xea\x30\x43\x2c\xee\x14\x31\x2a\x6c\xd3\x2f\x2c" | |
| "\x2c\x53\xaa\x2c\x54\xa6\xcd\x5e\x02\x18\x67\x4a\x41\x23" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Core.h> | |
| #include <Win32.h> | |
| #include <Structs.h> | |
| #include <Sleep.h> | |
| #include <Utils.h> | |
| SEC( text, C ) VOID Ekko ( DWORD SleepTime, PINSTANCE Instance) | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Runtime.CompilerServices; | |
| using System.Reflection; | |
| using System.Reflection.Emit; | |
| namespace FunkyJit | |
| { | |
| class Program | |
| { | |
| public static void Nothing() { Console.WriteLine(); } | |
| static void Main(string[] args) |
olliencc
/ DLLLoadReasonEnumeratorWithWhen.cpp
Created
January 7, 2022 13:55
Enumerates which DLL loaded when and why for each process via PEB enumeration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| DLL Load Reason Enumerator for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
olliencc
/ WindowsThreadStartModule.cpp
Last active
January 26, 2022 06:21
Thread Start Address Enumerator for Microsoft Windows
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Thread Start Address Enumerator for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
olliencc
/ DetectImpersonatingThreads.cpp
Last active
December 19, 2023 03:03
Detect Windows threads which are impersonating
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| TEB Detect Impersonating Threads for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
olliencc
/ DetectHardwareBreakPointMisuse.cpp
Last active
March 2, 2023 01:17
Detect Windows processes with hardware breakpoints set
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Debug register (hardware breakpoint) misuse detector for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
olliencc
/ WindowsVEHusingProcEnumandCountandDecode.cpp
Created
January 3, 2022 14:01
Enumerates processes which use VEH via their PEB and then counts the number of VEHs present - decodes pointers and works out which module they are in
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| VEH misuse detector for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
NewerOlder