This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>CFBundleDevelopmentRegion</key> <string>en</string> | |
<key>CFBundleName</key> <string>MinecraftLauncher</string> | |
<key>CFBundleVersion</key> <string>1.0.1</string> | |
<key>CFBundleShortVersionString</key> <string>MinecraftLauncher 1.0.1</string> | |
<key>CFBundleExecutable</key> <string>LaunchGame</string> | |
<key>CFBundlePackageType</key> <string>APPL</string> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<key>IOKitPersonalities</key> | |
<dict> | |
<key>DisplayLink0</key> | |
<dict> | |
<key>CFBundleIdentifier</key> | |
<string>com.displaylink.driver.DisplayLinkDriver</string> | |
<key>IOClass</key> | |
<string>DisplayLinkParent</string> | |
<key>IOMatchCategory</key> | |
<string>DisplayLinkParent0</string> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AccessProtection { | |
UserString UR1 "Prevent evil programs from creating *.exe under application data (2000/XP)" | |
UserEnforce UR1 0 | |
UserReport UR1 1 | |
UserProcess UR1 {Include iexplore.exe java.exe javaw.exe javaws.exe} | |
UserRule UR1 G_User {File C { Include "**\\Documents and Settings\\**\\Application Data\\**\\*.exe" } | |
} | |
UserString UR10 "CryptoLocker HKCU\\....\\Run" | |
UserEnforce UR10 1 | |
UserReport UR10 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Skip to the end to see what this can do. | |
# | |
# http://s.sudre.free.fr/Stuff/Ivanhoe/FLAT.html | |
# Flat packages are xar files with a particular structure | |
# We're looking for the PackageInfo file within the xar file | |
import urllib2, ctypes, zlib | |
import xml.etree.ElementTree as ET | |
class SimpleObj(object): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ctypes import CDLL, Structure, POINTER, byref, c_uint64, c_uint32 | |
Security = CDLL('/System/Library/Frameworks/Security.framework/Versions/Current/Security') | |
class OpaqueType(Structure): | |
pass | |
OpaqueTypeRef = POINTER(OpaqueType) | |
BooleanFalse = 0 | |
BooleanTrue = 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ctypes import CDLL, byref, c_uint32 | |
Security = CDLL('/System/Library/Frameworks/Security.framework/Versions/Current/Security') | |
kcallerSecuritySession = c_uint32(-1) | |
my_session = c_uint32(0) | |
session_bits = c_uint32(0) | |
result = Security.SessionGetInfo(kcallerSecuritySession, byref(my_session), byref(session_bits)) | |
flags = session_bits.value |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ctypes import CDLL, Structure, POINTER, c_int32 | |
CFoundation = CDLL('/System/Library/Frameworks/CoreFoundation.Framework/Versions/Current/CoreFoundation') | |
from CoreFoundation import kCFStringEncodingUTF8 | |
class OpaqueType(Structure): | |
pass | |
OpaqueTypeRef = POINTER(OpaqueType) | |
CFArrayCreateMutable = CFoundation.CFArrayCreateMutable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ctypes import CDLL, Structure, POINTER, c_char_p, c_size_t, c_void_p, c_uint32, pointer, byref | |
Security = CDLL('/System/Library/Frameworks/Security.framework/Versions/Current/Security') | |
class OpaqueType(Structure): | |
pass | |
OpaqueTypeRef = POINTER(OpaqueType) | |
AuthorizationRef = OpaqueTypeRef |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<QueryList> | |
<Query Id="0" Path="System"> | |
<Select Path="System"> | |
*[EventData/Data[6]] | |
</Select> | |
</Query> | |
</QueryList> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>PayloadContent</key> | |
<array> | |
<dict> | |
<key>PayloadCertificateFileName</key> | |
<string>my.org.cer</string> | |
<key>PayloadContent</key> |