strazzere
/ backdoor.go
Last active
May 3, 2018 20:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "net" | |
| "os" | |
| "sync" | |
| "time" | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| all: | |
| gcc decrypt.c -I/usr/local/opt/boringssl/include -L/usr/local/opt/boringssl/lib -lcrypto -o kony_decrypt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "github.com/robertkrimen/otto" | |
| ) | |
| func main() { | |
| vm := otto.New() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "errors" | |
| "fmt" | |
| "os" | |
| "time" | |
| "github.com/robertkrimen/otto" | |
| ) |
strazzere
/ yara_fn.py
Created
August 18, 2016 21:50
— forked from williballenthin/yara_fn.py
generate a yara rule that matches the basic blocks of the current function in IDA Pro
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| IDAPython script that generates a YARA rule to match against the | |
| basic blocks of the current function. It masks out relocation bytes | |
| and ignores jump instructions (given that we're already trying to | |
| match compiler-specific bytes, this is of arguable benefit). | |
| If python-yara is installed, the IDAPython script also validates that | |
| the generated rule matches at least one segment in the current file. | |
| author: Willi Ballenthin <william.ballenthin@fireeye.com> |
strazzere
/ gist:195b439480eab1de3c43f73781d5502a
Created
July 23, 2016 02:24
osx + irssi + chinese utf-8 characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| screen -U -S irc | |
| /set term_charset utf-8 | |
| /set recode_autodetect_utf8 ON | |
| /set recode_fallback ISO-8859-15 | |
| /set recode_out_default_charset ISO-8859-15 | |
| /set recode_transliterate ON | |
| /set recode ON |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [54%]diff@rocksteady:[repo] $ git clone --verbose https://git01.codeplex.com/veracrypt | |
| Cloning into 'veracrypt'... | |
| POST git-upload-pack (gzip 1440 to 623 bytes) | |
| remote: Counting objects: 8996, done. | |
| remote: Compressing objects: 100% (6843/6843), done. | |
| remote: Total 8996 (delta 7179), reused 2812 (delta 2010) | |
| Receiving objects: 100% (8996/8996), 43.16 MiB | 1.46 MiB/s, done. | |
| error: RPC failed; curl 56 SSLRead() return error -9806 | |
| Resolving deltas: 100% (7179/7179), done. |
strazzere
/ Api2$ApiPhoneCall.smali
Last active
November 2, 2015 21:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .class public final Lcom/google/grandcentral/api2/Api2$ApiPhoneCall; | |
| .super Lcom/google/protobuf/GeneratedMessageLite; | |
| .source "Api2.java" | |
| # annotations | |
| .annotation system Ldalvik/annotation/EnclosingClass; | |
| value = Lcom/google/grandcentral/api2/Api2; | |
| .end annotation |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # | |
| # Decompling something being loaded in through powershell | |
| # | |
| # | |
| # diff <diff@sentinalone.com> | |
| # | |
| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LOCAL_PATH := $(call my-dir) | |
| include $(CLEAR_VARS) | |
| LOCAL_SRC_FILES := \ | |
| uree_toy.c | |
| LOCAL_C_INCLUDE := ${ANDROID_NDK_ROOT}/platforms/android-14/arch-arm/usr/include/ | |
| LOCAL_MODULE := uree_toy | |
| LOCAL_MODULE_TAGS := optional |