Russ Kubik rkubik
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sched.h> | |
| #include <sys/wait.h> | |
| #include <errno.h> | |
| #include <linux/limits.h> | |
| #include <inttypes.h> | |
| #include <sys/stat.h> |
rkubik
/ poc_mntns.c
Created
June 6, 2018 19:14
POC - Process evading monitoring by joining existing mount namespace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <inttypes.h> | |
| #include <sys/types.h> | |
| #include <sys/stat.h> | |
| #include <fcntl.h> | |
| #include <linux/limits.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <inttypes.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #If no argument is specified, ask for it and exit! | |
| if [[ -z "$@" ]]; | |
| then | |
| echo "An argument is needed to run this script"; | |
| exit | |
| else | |
| arg="$@" | |
| #Basic check to make sure argument number is valid. If not, display error and exit | |
| if [[ $(($(echo $arg | grep -o "\s" | wc --chars) / 2 )) -ne 2 ]]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* ------------------------------------------------------------ * | |
| * file: certstack.c * | |
| * purpose: Example how to handle a pile of CA certificates * | |
| * author: 07/16/2012 Frank4DD * | |
| * * | |
| * gcc -lssl -lcrypto -o certstack certstack.c * | |
| * ------------------------------------------------------------ */ | |
| #include <openssl/bio.h> | |
| #include <openssl/err.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* extract_vdso.c */ | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| int main(int argc, char **argv) | |
| { | |
| char buf[256], *mem; | |
| const char *range_name; |
rkubik
/ dump-vdso.py
Created
February 25, 2016 15:39
— forked from kmcallister/dump-vdso.py
dump vdso
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from ctypes import * | |
| for ln in open('/proc/self/maps'): | |
| if "[vdso]" in ln: | |
| start, end = [int(x,16) for x in ln.split()[0].split('-')] | |
| CDLL("libc.so.6").write(1, c_void_p(start), end-start) | |
| break |