Skip to content

Instantly share code, notes, and snippets.

View mosesrenegade's full-sized avatar

mosesrenegade mosesrenegade

90 followers · 4 following
View GitHub Profile
@mosesrenegade
mosesrenegade / tmux-cheatsheet.markdown
Created February 5, 2018 00:41 — forked from MohamedAlaa/tmux-cheatsheet.markdown
tmux shortcuts & cheatsheet

tmux shortcuts & cheatsheet

start new:

tmux

start new with session name:

tmux new -s myname
@mosesrenegade
mosesrenegade / deployment-tool-ansible-puppet-chef-salt.md
Created February 7, 2018 00:15 — forked from jaceklaskowski/deployment-tool-ansible-puppet-chef-salt.md
Choosing a deployment tool - ansible vs puppet vs chef vs salt

Requirements

  • no upfront installation/agents on remote/slave machines - ssh should be enough
  • application components should use third-party software, e.g. HDFS, Spark's cluster, deployed separately
  • configuration templating
  • environment requires/asserts, i.e. we need a JVM in a given version before doing deployment
  • deployment process run from Jenkins

Solution

@mosesrenegade
mosesrenegade / InstallUtilMouseKeyLogger.cs
Created February 26, 2018 23:03
Input Capture - InstallUtil Hosted MouseClick / KeyLogger -
using System;
using System.IO;
using System.Diagnostics;
using System.Windows.Forms;
using System.Configuration.Install;
using System.Runtime.InteropServices;
//KeyStroke Mouse Clicks Code
/*
* https://code.google.com/p/klog-sharp/
*/
@mosesrenegade
mosesrenegade / main.cpp
Created March 14, 2018 18:11 — forked from hasherezade/main.cpp
A tiny PE-sieve based process scanner
#include <stdio.h>
#include <windows.h>
#include <psapi.h>
#include <iostream>
#include <string>
#include <vector>
#include "pe_sieve_api.h"
#pragma comment(lib, "pe-sieve.lib")
@mosesrenegade
mosesrenegade / AtomicTestsCommandLines.txt
Created September 7, 2018 19:28
Atomic Tests - All Command Lines - Replace Input Arguments #{input_argument} - More Soon
_ _____ ___ __ __ ___ ____ ____ _____ ____ _____ _____ _ __ __
/ \|_ _/ _ \| \/ |_ _/ ___| | _ \| ____| _ \ |_ _| ____| / \ | \/ |
/ _ \ | || | | | |\/| || | | | |_) | _| | | | | | | | _| / _ \ | |\/| |
/ ___ \| || |_| | | | || | |___ | _ <| |___| |_| | | | | |___ / ___ \| | | |
/_/ \_\_| \___/|_| |_|___\____| |_| \_\_____|____/ |_| |_____/_/ \_\_| |_|
[********BEGIN TEST*******] Data Compressed T1002 has 3 Test(s)
@mosesrenegade
mosesrenegade / booklist.txt
Created September 7, 2018 19:28
Reading List - Export list of some of the books on my kindle
.NET and COM: The Complete Interoperability Guide
@War: The Rise of the Military-Internet Complex
21st Century C: C Tips from the New School
3D Math Primer for Graphics and Game Development (Wordware Game Math Library)
A Guide to Claims-Based Identity and Access Control (Microsoft patterns & practices)
A Guide to Kernel Exploitation: Attacking the Core
A More Beautiful Question: The Power of Inquiry to Spark Breakthrough Ideas
A Primer of Analytic Number Theory: From Pythagoras to Riemann
Absolute FreeBSD, 2nd Edition: The Complete Guide to FreeBSD
Advanced C and C++ Compiling
@mosesrenegade
mosesrenegade / autoProc.py
Created August 24, 2019 00:16 — forked from knavesec/autoProc.py
Automatic lsass dumper
#!/usr/bin/env python
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# A similar approach to smbexec but executing commands through WMI.
# Main advantage here is it runs under the user (has to be Admin)
# account, not SYSTEM, plus, it doesn't generate noisy messages
@mosesrenegade
mosesrenegade / reversing-cisco-ios-raw-binary-firmware-images-with-ghidra.md
Created August 24, 2019 00:17 — forked from nstarke/01-reversing-cisco-ios-raw-binary-firmware-images-with-ghidra.md
Reversing Cisco IOS Raw Binary Firmware Images with Ghidra

I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.

While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.

That makes importing this type of firmware file difficult, as Ghidra doesn't have any idea what type of ISA it needs to disassemble and decompile for.

The following are a few things I learned while trying to get the Cisco IOS image in a reversible state within Ghidra.

First I had to extract the image. The first 112 bytes of the firmware I received from the vendor are some sort of Cisco proprietary header that is not useful for our purpose. We need to extract the bzip2 archive that we are interested in. The easist way to do that is binwalk:

@mosesrenegade
mosesrenegade / Steps.txt
Created October 19, 2019 19:51 — forked from med0x2e/Steps.txt
1. Download the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases
2. Get Mimikatz PE Loader from https://gist.github.com/pljoel/42dae5e56a86a43612bea6961cb59d1a
3. use @pljoel katz.cs cs file and uncomment the building lines available on Delivery.Program.Main() & comment Exec() line of code.
4. Build it to generate file.b64, copy its content and replace Package.file string available on payload.txt file.
6. Make sure payloadPath var is properly set on "TestAssemblyLoader.cs"
@mosesrenegade
mosesrenegade / PCMPBNMBAO_x86_poc.vba
Created November 4, 2019 12:19 — forked from xpn/PCMPBNMBAO_x86_poc.vba
PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON POC via VBA
' POC to spawn process with PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON mitigation enabled
' by @_xpn_
'
' Thanks to https://github.com/itm4n/VBA-RunPE and https://github.com/christophetd/spoofing-office-macro
Const EXTENDED_STARTUPINFO_PRESENT = &H80000
Const HEAP_ZERO_MEMORY = &H8&
Const SW_HIDE = &H0&
Const MAX_PATH = 260
Const PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY = &H20007