Skip to content

Instantly share code, notes, and snippets.

View rootbsd's full-sized avatar

Rascagneres Paul rootbsd

27 followers · 0 following
  • Europa
View GitHub Profile
@rootbsd
rootbsd / bfinject
Created July 30, 2018 08:03 — forked from svedm/bfinject
bfinject Electra 11.3.1
#!/jb/bin/bash
CYCRIPT_PORT=1337
function help {
echo "Syntax: $0 [-p PID | -P appname] [-l /path/to/yourdylib | -L feature]"
echo
echo For example:
echo " $0 -P Reddit.app -l /path/to/evil.dylib # Injects evil.dylib into the Reddit app"
echo " or"
@rootbsd
rootbsd / eternalblue_kshellcode.asm
Created May 29, 2017 09:25 — forked from worawit/eternalblue_merge_shellcode.py
Windows x64 kernel shellcode for eternalblue exploit
;
; Windows x64 kernel shellcode from ring 0 to ring 3 by sleepya
; The shellcode is written for eternalblue exploit:
; - https://gist.github.com/worawit/bd04bad3cd231474763b873df081c09a
; - https://gist.github.com/worawit/074a27e90a3686506fc586249934a30e
;
;
; Idea for Ring 3 to Ring 0 from Sean Dillon (@zerosum0x0)
;
;
@rootbsd
rootbsd / fake_sandbox.ps1
Created April 14, 2016 14:39 — forked from x0rz/fake_sandbox.ps1
# Simulate fake processes of analysis sandbox/VM that some malware will try to evade
# This just spawn ping.exe with different names (wireshark.exe, vboxtray.exe, ...)
# It's just a PoC and it's ugly as f*ck but hey, if it works...
# Usage: .\fake_sandbox.ps1 -action {start,stop}
param([Parameter(Mandatory=$true)][string]$action)
$fakeProcesses = @("wireshark.exe", "vmacthlp.exe", "VBoxService.exe",
"VBoxTray.exe", "procmon.exe", "ollydbg.exe", "vmware-tray.exe",