This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <iostream> | |
#include <set> | |
#include <string> | |
#include <vector> | |
#include <utility> | |
#include <iterator> | |
#include <algorithm> | |
#include <cstdio> | |
#include <cstdarg> | |
#include <cstdlib> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
drcov version 3 isn't supported by lighthouse :( | |
convert drcov version 3 with module table version 5 to drcov version 2 | |
with module table version 2 so lighthouse will eat it! | |
""" | |
import sys | |
import re | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
from __future__ import print_function | |
import argparse | |
import json | |
import os | |
import sys | |
import threading | |
import functools |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# requires keystone-engine, capstone, prompt_toolkit, and pygments | |
import keystone as ks | |
import unicorn as uc | |
import math | |
import sys | |
from pygments.lexers.asm import NasmLexer | |
from pygments.styles import get_style_by_name | |
from prompt_toolkit.shortcuts import prompt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
____ ______ ______ ____ __ __ | |
/\ _`\ /\ _ \ /\__ _\/\ _`\ /\ \/\ \ | |
\ \ \L\ \\ \ \L\ \\/_/\ \/\ \ \/\_\\ \ \_\ \ | |
\ \ ,__/ \ \ __ \ \ \ \ \ \ \/_/_\ \ _ \ | |
\ \ \/ \ \ \/\ \ \ \ \ \ \ \L\ \\ \ \ \ \ | |
\ \_\ \ \_\ \_\ \ \_\ \ \____/ \ \_\ \_\ | |
\/_/ \/_/\/_/ \/_/ \/___/ \/_/\/_/ | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ctypes import (windll, wintypes, c_uint64, cast, POINTER, Union, c_ubyte, | |
LittleEndianStructure, byref, c_size_t) | |
import zlib | |
# types and flags | |
DELTA_FLAG_TYPE = c_uint64 | |
DELTA_FLAG_NONE = 0x00000000 | |
DELTA_APPLY_FLAG_ALLOW_PA19 = 0x00000001 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This script is a simple script to locate functions within a program | |
# that are on the Microsoft "banned functions list" inside of banned.h | |
#@author Jaime Geiger | |
#@category Vulnerability Research | |
#@keybinding Ctrl-Shift-Alt-B | |
#@menupath Tools.Plugins.Banned Functions | |
banned = ["strcpy","strcpyA","strcpyW","wcscpy","_tcscpy","_mbscpy","StrCpy","StrCpyA","StrCpyW","lstrcpy","lstrcpyA","lstrcpyW","_tccpy","_mbccpy","_ftcscpy","strcat","strcatA","strcatW","wcscat","_tcscat","_mbscat","StrCat","StrCatA","StrCatW","lstrcat","lstrcatA","lstrcatW","StrCatBuff","StrCatBuffA","StrCatBuffW","StrCatChainW","_tccat","_mbccat","_ftcscat","wvsprintf","wvsprintfA","wvsprintfW","vsprintf","_vstprintf","vswprintf","strncpy","wcsncpy","_tcsncpy","_mbsncpy","_mbsnbcpy","StrCpyN","StrCpyNA","StrCpyNW","StrNCpy","strcpynA","StrNCpyA","StrNCpyW","lstrcpyn","lstrcpynA","lstrcpynW","strncat","wcsncat","_tcsncat","_mbsncat","_mbsnbcat","StrCatN","StrCatNA","StrCatNW","StrNCat","StrNCatA","StrNCatW","lstrncat","lstrcatnA","lstrcatnW" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from sqlalchemy import create_engine, Column, Integer, String, func | |
from sqlalchemy.orm import sessionmaker | |
from sqlalchemy.ext.declarative import declarative_base | |
from reportlab.lib.pagesizes import letter | |
from reportlab.lib.units import cm | |
from reportlab.pdfgen import canvas | |
from reportlab.pdfbase.pdfmetrics import stringWidth | |
import sys | |
try: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$argss = @{Name="MonitorMalwareFilt";QueryLanguage="WQL";Query="select * from __instancecreationevent within 5 where targetinstance isa 'Malware'";EventNamespace="root\Microsoft\SecurityClient"} | |
$filt = Set-WmiInstance -Namespace root/subscription -Class __EventFilter -Arguments $argss | |
$argss = @{Name="MonitorMalwareCons";CommandLineTemplate="msg * Malware: %TargetInstance.ThreatName% from %TargetInstance.User% at %TargetInstance.Path% (Severity: %TargetInstance.SeverityID%)"} | |
$cons = Set-WmiInstance -Namespace root/subscription -Class CommandLineEventConsumer -Arguments $argss | |
$argss = @{Filter=$filt;Consumer=$cons} | |
Set-WmiInstance -Namespace root/subscription -Class __FilterToConsumerBinding -Arguments $argss |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) Microsoft Corporation. All rights reserved. | |
# For personal use only. Provided AS IS and WITH ALL FAULTS. | |
# Set-WmiNamespaceSecurity.ps1 | |
# Example: Set-WmiNamespaceSecurity root/cimv2 add steve Enable,RemoteAccess | |
# https://blogs.msdn.microsoft.com/wmi/2009/07/27/scripting-wmi-namespace-security-part-3-of-3/ | |
function Set-WmiNamespaceSecurity { | |
Param ( |
NewerOlder