This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aws ec2 describe-images --region us-gov-west-1 \ ⇣62.5 KiB/s ⇡4.33 KiB/s 192.168.1.140 98.97.58.200 96% 150 Mbps | |
--filters "Name=name,Values=ubuntu-*-amd64*" \ | |
--query 'Images[*].[ImageId,CreationDate]' --output text \ | |
| sort -k2 -r \ | |
| head |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# | |
# | |
# Decompling something being loaded in through powershell | |
# | |
# | |
# diff <diff@sentinalone.com> | |
# | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
) | |
func test() []*int { | |
ints := []int{1, 2, 3, 4, 5} | |
var newInts []*int |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The original issue was that some applications (ex. packers) launch the JNI/native code too fast for a person | |
to attach an IDA Pro instance to the process. The original solution was wrapping the jni code with your own | |
"surrogate" application so you could load it slower. | |
New process is to launch the Android/Dalvik activity with the debugger flag; | |
# adb shell am start -D com.play.goo_w/com.android.netservice.MainActivity | |
Which will cause the "Waiting for debugger..." mode to start. This starts the process, allowing you to | |
attach IDA Pro to the process for the native code. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package:/data/app/org.prowl.torquescan-1/base.apk=org.prowl.torquescan | |
package:/system/priv-app/FontServer/FontServer.apk=com.hy.system.fontserver | |
package:/system/priv-app/LGStartupwizard/LGStartupwizard.apk=com.android.LGSetupWizard | |
package:/system/priv-app/LGVidClip/LGVidClip.apk=com.lge.videotool | |
package:/system/app/RootPA/RootPA.apk=com.gd.mobicore.pa | |
package:/data/app/com.google.android.youtube-1/base.apk=com.google.android.youtube | |
package:/system/app/LGWeatherService/LGWeatherService.apk=com.lge.sizechangable.weather.platform | |
package:/system/priv-app/LGTelephonyProvider/LGTelephonyProvider.apk=com.android.providers.telephony | |
package:/data/app/com.onelouder.baconreader-1/base.apk=com.onelouder.baconreader | |
package:/data/app/com.google.android.googlequicksearchbox-1/base.apk=com.google.android.googlequicksearchbox |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# quick and dirty bash script to extract .gnu_debugdata section | |
# from ELF binaries to generate an IDC script that adds these | |
# names as symbols | |
# --rpw, 2020-06-21 | |
SYMBOLFILE=debugdata_symbols.elf | |
if [ $# -lt 1 ]; then | |
echo "you need to supply a path to a binary" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# fsck secneo | |
from __future__ import print_function | |
from unicorn import * | |
from unicorn.arm_const import * | |
from capstone import * | |
import binascii | |
DEBUG = False |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
antistatic/spinnerwheel/AbstractWheel$1 | |
antistatic/spinnerwheel/AbstractWheel$2 | |
antistatic/spinnerwheel/AbstractWheel$3 | |
antistatic/spinnerwheel/AbstractWheel$SavedState | |
antistatic/spinnerwheel/g$1 | |
antistatic/spinnerwheel/g$2 | |
bolts/AndroidExecutors$UIThreadExecutor | |
bolts/BoltsExecutors$ImmediateExecutor | |
bolts/CancellationTokenSource$1 | |
bolts/Task$10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"net" | |
"os" | |
"sync" | |
"time" | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# diff | |
from __future__ import print_function | |
from unicorn import * | |
from unicorn.arm_const import * | |
import binascii | |
import sys | |
# code to be emulated |
NewerOlder