View yara_fn.py
'''
IDAPython script that generates a YARA rule to match against the
basic blocks of the current function. It masks out relocation bytes
and ignores jump instructions (given that we're already trying to
match compiler-specific bytes, this is of arguable benefit).
If python-yara is installed, the IDAPython script also validates that
the generated rule matches at least one segment in the current file.
author: Willi Ballenthin <william.ballenthin@fireeye.com>
View gist:195b439480eab1de3c43f73781d5502a
screen -U -S irc
/set term_charset utf-8
/set recode_autodetect_utf8 ON
/set recode_fallback ISO-8859-15
/set recode_out_default_charset ISO-8859-15
/set recode_transliterate ON
/set recode ON
View gist:f76df7e24dd554268f0ba284fda7587c
[54%]diff@rocksteady:[repo] $ git clone --verbose https://git01.codeplex.com/veracrypt
Cloning into 'veracrypt'...
POST git-upload-pack (gzip 1440 to 623 bytes)
remote: Counting objects: 8996, done.
remote: Compressing objects: 100% (6843/6843), done.
remote: Total 8996 (delta 7179), reused 2812 (delta 2010)
Receiving objects: 100% (8996/8996), 43.16 MiB | 1.46 MiB/s, done.
error: RPC failed; curl 56 SSLRead() return error -9806
Resolving deltas: 100% (7179/7179), done.
View Api2$ApiPhoneCall.smali
.class public final Lcom/google/grandcentral/api2/Api2$ApiPhoneCall;
.super Lcom/google/protobuf/GeneratedMessageLite;
.source "Api2.java"
# annotations
.annotation system Ldalvik/annotation/EnclosingClass;
value = Lcom/google/grandcentral/api2/Api2;
.end annotation
View decrypt.py
#!/usr/bin/python
#
#
# Decompling something being loaded in through powershell
#
#
# diff <diff@sentinalone.com>
#
#
View Makefile
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := \
uree_toy.c
LOCAL_C_INCLUDE := ${ANDROID_NDK_ROOT}/platforms/android-14/arch-arm/usr/include/
LOCAL_MODULE := uree_toy
LOCAL_MODULE_TAGS := optional
View test.java
@Override
public void setUp() throws Exception {
super.setUp();
mockReader = mock(IntReader.class);
// Mock the string section data
when(mockReader.readInt()).thenReturn(
7 * 4, // size
0x02, // string count
0x00, // style count
0x00, // string chunk flags
View test.rule
rule Signed_APK_with_dex
{
meta:
author = "Tim Strazzere"
twitter = "@timstrazz"
date = "10/25/2012"
version = "1.0"
tag = "Android"
comment = "Attempted to detect an APK file with a classes.dex that is signed"
View waffles.c
#include <unistd.h>
#include <sys/socket.h>
#include <linux/netlink.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>
#define NETLINK_SOCK_DIAG NETLINK_INET_DIAG
#define SOCK_DIAG_BY_FAMILY 20
View string_add.patch
diff --git a/pfp/fields.py b/pfp/fields.py
index cf4ee31..77da4eb 100644
--- a/pfp/fields.py
+++ b/pfp/fields.py
@@ -1720,7 +1720,7 @@ class String(Field):
:returns: TODO
"""
- if isinstance(other, String):
+ if isinstance(other, str):