root9B root9b-zz
root9b-zz
/ get_vbox_win_dev_vm.sh
Last active
July 8, 2022 23:34
Rapidly downloads the current Windows development VM, streaming the extraction and import.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Streaming setup of the VirtualBox Windows Dev VM. Saves lots of time, since instead of downloading a zip, then extracting it | |
| # to an ova, then extracting that to an actual VM, it does it all in one stream, only writing the VM to disk once. | |
| # On a Linux host or a Windows host with WSL and feeling the YOLO? | |
| # curl -L https://bit.ly/2m9tr7B | bash | |
| # Or just run the commands individually, it's ain't that long. | |
| # If you use VMWare instead of VirtualBox, try curling from https://aka.ms/windev_VM_vmware and skipping the .vbox file creation |
root9b-zz
/ FunctionHashResolution.cpp
Last active
August 28, 2018 17:56
YARA rules, scripts, and tools used in the ShellTea analysis that may be useful to other reverse engineers.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Copyright root9B, 2017. License: GPLv2 | |
| //WARNING: Since this program executes snippets of malicious code, ALWAYS run in a sandbox. | |
| //Step 1: export the disassembly of your original sample and grep for function hash constants, saving them in the hashes array | |
| //Step 2: export the sample into a C array; run "xxd -i < sample.bin" and paste the output into the shellcode array | |
| //Step 3: find the function resolver offset and replace 0x1B10 with that | |
| //Step 4: compile for the same architecture (32 vs 64 bit) of your shellcode, then run IN A SANDBOX | |
| //Step 5: paste the results into the IDA fixup script | |
| #include <Windows.h> | |
| #include <cstdio> | |
| #include <Dbghelp.h> |
root9b-zz
/ socketChatRoom.php
Last active
June 16, 2016 13:27
Proof of concept to show immediate, efficient message passing across clients without polling or DB or files using PHP sockets and server-sent events. By Matt Weeks.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // socketChatRoom proof of concept to show immediate, efficient message passing across clients | |
| // without polling or DB or files using PHP sockets and server-sent events. By Matt Weeks. | |
| // | |
| // Instructions: put on a webserver and visit in a browser. Type chat messages and hit enter. Everybody on the page will see them. | |
| // | |
| // When invoked without parameters, this script will display a chat window for the browser. | |
| // When invoked with a stream parameter, this script will start a chat broker if none exists | |
| // and if one does exist, it will connect to it, then send new messages down in an event stream. | |
| // If invoked with a POST containing a message, it will send the message to the broker to broadcast. |