wizardy0ga
/ TerminateAnalysisTools.c
Last active
June 15, 2024 01:39
T1562.001 - Impair Defenses: Disable or Modify Tools
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: wizardy0ga | |
| Date: June 2024 | |
| Description: Spawns a thread that looks for & terminates processes that could be used for malware analysis | |
| Tactic: TA0005 - Defense Evasion | |
| Technique: T1562.001 - Impair Defenses: Disable or Modify Tools | |
| Note: Nothing that hasn't been done before, just a bare bones PoC i coded for another project. | |
| */ |
wizardy0ga
/ main.c
Last active
June 23, 2024 21:16
Unhook NTDLL using a copy read from disk with indirect syscalls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: | |
| wizardy0ga | |
| Date: | |
| June 2024 | |
| Tested on: | |
| Windows 10 19045.4529 | |
wizardy0ga
/ main.c
Last active
June 23, 2024 21:27
Unhook with fresh NTDLL mapped from disk with indirect syscalls (syswhispers3)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: | |
| wizardy0ga | |
| Date: | |
| June 2024 | |
| Arch: | |
| x64 |
wizardy0ga
/ UnhookNtDllFromKnownDlls.c
Last active
June 18, 2024 03:10
Unhooking NTDLL using a copy from the KnownDlls directory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: | |
| wizardy0ga | |
| Date: | |
| June 2024 | |
| Description: | |
| Unhook ntdll using a copy mapped from the knowndlls directory. | |
| https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order#factors-that-affect-searching |
wizardy0ga
/ NtdllFromLocalPEB.c
Created
June 18, 2024 03:08
Dynamically parsing ntdll from the local process using the process environment block & supporting structures
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: | |
| wizardy0ga | |
| Date: | |
| June 2024 | |
| Arch: | |
| x64 |
wizardy0ga
/ UnhookNtDllFromKnownDllsSyscalls.c
Created
June 18, 2024 13:05
Unhook ntdll with a fresh text section from the knowndlls directory using syscalls generated with syswhispers3.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Author: | |
| wizardy0ga | |
| Date: | |
| June 2024 | |
| Arch: | |
| x64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file has been auto-generated by i3-config-wizard(1). | |
| # It will not be overwritten, so edit it as you like. | |
| # | |
| # Should you change your keyboard layout some time, delete | |
| # this file and re-run i3-config-wizard(1). | |
| # | |
| # i3 config file (v4) | |
| # | |
| # Please see https://i3wm.org/docs/userguide.html for a complete reference! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # i3status configuration file. | |
| # see "man i3status" for documentation. | |
| # It is important that this file is edited as UTF-8. | |
| # The following line should contain a sharp s: | |
| # ß | |
| # If the above line is not correctly displayed, fix your editor first! | |
| general { | |
| colors = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Picom Configuration, courtesy of Xubuntu Developers | |
| # https://raw.githubusercontent.com/Xubuntu/xubuntu-default-settings/master/etc/xdg/xdg-xubuntu/picom.conf | |
| # | |
| # About Picom: https://github.com/yshui/picom | |
| # Heavily based on: https://bit.ly/1l5OrzL | |
| # Sample settings: https://github.com/chjj/compton/blob/master/compton.sample.conf | |
| # --- Backend (OpenGL used by default) | |
| # Related Links | |
| # https://github.com/chjj/compton/wiki/perf-guide |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [font] | |
| size = 12 | |
| [font.normal] | |
| family = "Fira Code" | |
| style = "Regular" | |
| [font.bold] | |
| family = "Fira Code" | |
| style = "Bold" |
OlderNewer