Skip to content

Instantly share code, notes, and snippets.

View najashark's full-sized avatar
🐔
ciken

hewhewhew najashark

🐔
ciken
27 followers · 40 following
View GitHub Profile
@najashark
najashark / ExcelXLL.md
Created July 24, 2017 12:31 — forked from ryhanson/ExcelXLL.md
Execute a DLL via .xll files and the Excel.Application object's RegisterXLL() method

DLL Execution via Excel.Application RegisterXLL() method

A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.

When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\.

The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN

The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc

@najashark
najashark / gist:b00c576684053db874aad61f581bd7c2
Created April 2, 2016 14:26 — forked from trietptm/gist:6efdeaffa79926015774
https://www.andrew.cmu.edu/user/mteh/docs/C_Pointers.txt
https://www.andrew.cmu.edu/user/mteh/docs/C_Pointers.txt
Pointers
=====================================================================
---------------------------------------------------------------------
Reading C type declarations
---------------------------------------------------------------------
void * foo; (foo is a pointer to void; generic pointer)
@najashark
najashark / ollydbg.ini
Created April 2, 2016 14:22 — forked from trietptm/ollydbg.ini
OllyDbg 2.01 / Хабрахабр http://habrahabr.ru/post/201576/
[Settings]
Check DLL versions=0
Topmost window=0
Show main menu items that don't apply=0
Show popup items that don't apply=0
Show toolbar=1
Use system colours in toolbar=0
Status in toolbar=0
Flash duration=1
Autoupdate interval=4
@najashark
najashark / malware.md
Created April 2, 2016 14:20
Malware

Malware Research, Collection, and Analysis

All of this information was collected by doing google searches or from the URLs mentioned in the References section. I collected them here because I wanted a single list that I could update, refer to, and share with others. Simply having a link listed here is not necessarily an endorsement. I only have personal experience with a small number of the resources listed here. I did however, make an initial attempt to remove dead links from the reference links. Some good starting points are Lenny Zelster's Reverse-Engineering Malware Cheat Sheet and Analyzing Malicious Documents Cheat Sheet. In fact, as you'll notice in the reference section, Lenny's site is included multiple times. He has some really awesome information.

Mailing Lists and Discussion Forums

http://www.securityfocus.com/archive/138/description http://reddit.c

@najashark
najashark / MITM -SSL-Proxies.md
Last active August 29, 2015 14:17 — forked from jeremiahsnapp/MITM -SSL-Proxies.md

HTTP(S) specific MITM SSL Proxies

mitmproxy

mitmproxy is an excellent console app written in Python.

It is easy to use on Linux and OS X.

Use brew install mitmproxy to install it on OS X.