Tim Strazzere
strazzere
strazzere
/ backdoor.go
Last active Jul 25, 2017
View backdoor.go
| package main | |
| import ( | |
| "fmt" | |
| "net" | |
| "os" | |
| "sync" | |
| "time" | |
| ) |
View Makefile
| all: | |
| gcc decrypt.c -I/usr/local/opt/boringssl/include -L/usr/local/opt/boringssl/lib -lcrypto -o kony_decrypt |
View detect.go
| package main | |
| import ( | |
| "fmt" | |
| "github.com/robertkrimen/otto" | |
| ) | |
| func main() { | |
| vm := otto.New() |
View example.go
| package main | |
| import ( | |
| "errors" | |
| "fmt" | |
| "os" | |
| "time" | |
| "github.com/robertkrimen/otto" | |
| ) |
strazzere
/ yara_fn.py
Created Aug 18, 2016
— forked from williballenthin/yara_fn.py
generate a yara rule that matches the basic blocks of the current function in IDA Pro
View yara_fn.py
| ''' | |
| IDAPython script that generates a YARA rule to match against the | |
| basic blocks of the current function. It masks out relocation bytes | |
| and ignores jump instructions (given that we're already trying to | |
| match compiler-specific bytes, this is of arguable benefit). | |
| If python-yara is installed, the IDAPython script also validates that | |
| the generated rule matches at least one segment in the current file. | |
| author: Willi Ballenthin <william.ballenthin@fireeye.com> |
strazzere
/ gist:195b439480eab1de3c43f73781d5502a
Created Jul 23, 2016
osx + irssi + chinese utf-8 characters
View gist:195b439480eab1de3c43f73781d5502a
| screen -U -S irc | |
| /set term_charset utf-8 | |
| /set recode_autodetect_utf8 ON | |
| /set recode_fallback ISO-8859-15 | |
| /set recode_out_default_charset ISO-8859-15 | |
| /set recode_transliterate ON | |
| /set recode ON |
View gist:f76df7e24dd554268f0ba284fda7587c
| [54%]diff@rocksteady:[repo] $ git clone --verbose https://git01.codeplex.com/veracrypt | |
| Cloning into 'veracrypt'... | |
| POST git-upload-pack (gzip 1440 to 623 bytes) | |
| remote: Counting objects: 8996, done. | |
| remote: Compressing objects: 100% (6843/6843), done. | |
| remote: Total 8996 (delta 7179), reused 2812 (delta 2010) | |
| Receiving objects: 100% (8996/8996), 43.16 MiB | 1.46 MiB/s, done. | |
| error: RPC failed; curl 56 SSLRead() return error -9806 | |
| Resolving deltas: 100% (7179/7179), done. |
strazzere
/ Api2$ApiPhoneCall.smali
Last active Nov 2, 2015
View Api2$ApiPhoneCall.smali
| .class public final Lcom/google/grandcentral/api2/Api2$ApiPhoneCall; | |
| .super Lcom/google/protobuf/GeneratedMessageLite; | |
| .source "Api2.java" | |
| # annotations | |
| .annotation system Ldalvik/annotation/EnclosingClass; | |
| value = Lcom/google/grandcentral/api2/Api2; | |
| .end annotation |
View decrypt.py
| #!/usr/bin/python | |
| # | |
| # | |
| # Decompling something being loaded in through powershell | |
| # | |
| # | |
| # diff <diff@sentinalone.com> | |
| # | |
| # |
View Makefile
| LOCAL_PATH := $(call my-dir) | |
| include $(CLEAR_VARS) | |
| LOCAL_SRC_FILES := \ | |
| uree_toy.c | |
| LOCAL_C_INCLUDE := ${ANDROID_NDK_ROOT}/platforms/android-14/arch-arm/usr/include/ | |
| LOCAL_MODULE := uree_toy | |
| LOCAL_MODULE_TAGS := optional |
NewerOlder