Skip to content

Instantly share code, notes, and snippets.

View mnrkbys's full-sized avatar

Minoru Kobayashi mnrkbys

  • Internet Initiative Japan Inc.
  • Tokyo, Japan
  • X @unkn0wnbit
View GitHub Profile
theevilbit /
Created March 26, 2024 09:13
Download Apple Technotes
#ugly script bu works. Most of the time. You might need to rerun to get all pages.
#need to open the pages before we can do --print-to-pdf or --dump-dom as otherwise it doesn't load them
#doing PDFs as raw htmls look really ugly
/Applications/Google\\ Chrome --incognito
sleep 10
/Applications/Google\\ Chrome --headless=new --incognito --dump-dom > technotes.html
cat technotes.html | grep -Eo "href=\"/documentation/technotes/tn[a-zA-Z0-9/-]*\"" | cut -d "\"" -f 2 | cut -d "/" -f 4 | sort -u > urls.txt
doraTeX /
Last active March 27, 2024 12:43
A macOS script that masks faces of individuals in photos using emojis ( )
SCRIPTNAME=$(basename "$0")
function realpath () {
if [ -d "$f" ]; then
base="/$(basename "$f")"
Dump-GUY /
Created March 18, 2024 07:30
Modified version of Willi Ballenthin IDA Plugin ported to support Python2/3 and IDA>=7.4 (tested IDA 7.7, 8.4)
IDA plugin to display the calls and strings referenced by a function as hints.
Installation: put this file in your %IDADIR%/plugins/ directory.
Author: Willi Ballenthin <>
Licence: Apache 2.0
import idc
import idaapi
import idautils
cparmn / AMSI-Authenticode.ps1
Created March 20, 2023 17:13
AMSI Provider Information
function AMSI-Authenticode {
param (
if ($EnableAuthenticodeSigning) {
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\AMSI" -Name "FeatureBits" -Value 0x2 -Type DWord
vocaeq / inject.c
Last active April 2, 2024 09:09 — forked from knightsc/inject.c
An example of how to inject code to call dlopen and load a dylib into a remote mach task. Tested on 12.5 M1 Pro.
#include <dlfcn.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <mach/mach.h>
#include <mach/error.h>
#include <errno.h>
#include <stdlib.h>
#include <sys/sysctl.h>
#include <sys/mman.h>
Wra7h / Get-ProcessPipes.ps1
Last active March 4, 2024 09:11
Use PowerShell to get the PIDs associated with Named Pipes
function Get-ProcessPipes{
Add-Type -TypeDefinition @"
using System;
mgraeber-rc / AMSITools.psm1
Created November 10, 2021 18:41
Get-AMSIEvent and Send-AmsiContent are helper functions used to validate AMSI ETW events. Note: because this script contains the word AMSI, it will flag most AV engines. Add an exception on a test system accordingly in order to get this to work.
filter Send-AmsiContent {
Supplies the AmsiScanBuffer function with a buffer to be scanned by an AMSI provider.
Author: Matt Graeber
Company: Red Canary
jborean93 / Get-RegKeyInfo.ps1
Created April 29, 2021 03:34
Gets detailed information about a registry key
# Copyright: (c) 2021, Jordan Borean (@jborean93) <>
# MIT License (see LICENSE or
Function Get-RegKeyInfo {
Gets details about a registry key.
Gets very low level details about a registry key.
brunerd / maclTrack.command
Last active June 16, 2022 18:59
Examine all the entries on files and folders
: <<-EOL
MIT License
Copyright (c) 2020 Joel Bruner
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell