This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
____ _ _ | |
| _ \ __ _| |_ ___| |__ | |
| |_) / _` | __/ __| '_ \ | |
| __/ (_| | || (__| | | | | |
|_| \__,_|\__\___|_| |_| | |
_____ _ _ | |
| ____|_ _| |_ _ __ __ _ ___| |_ | |
| _| \ \/ / __| '__/ _` |/ __| __| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import base64 | |
import hashlib | |
import zlib | |
from ctypes import ( | |
CDLL, | |
POINTER, | |
LittleEndianStructure, | |
c_size_t, | |
c_ubyte, | |
c_uint64, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param ( | |
[string]$DesktopDeploymentCab, | |
[string]$PsfFile, | |
[string]$OutPath, | |
[switch]$Verbose = $false | |
) | |
mkdir -Force $OutPath | Out-Null | |
$OutPath = Resolve-Path $OutPath | |
$oldpath = $env:PATH |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <iostream> | |
#include <set> | |
#include <string> | |
#include <vector> | |
#include <utility> | |
#include <iterator> | |
#include <algorithm> | |
#include <cstdio> | |
#include <cstdarg> | |
#include <cstdlib> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
drcov version 3 isn't supported by lighthouse :( | |
convert drcov version 3 with module table version 5 to drcov version 2 | |
with module table version 2 so lighthouse will eat it! | |
""" | |
import sys | |
import re | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <iostream> | |
#include <set> | |
#include <string> | |
#include <vector> | |
#include <utility> | |
#include <iterator> | |
#include <algorithm> | |
#include <cstdio> | |
#include <cstdarg> | |
#include <cstdlib> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
from __future__ import print_function | |
import argparse | |
import json | |
import os | |
import sys | |
import threading | |
import functools |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# requires keystone-engine, capstone, prompt_toolkit, and pygments | |
import keystone as ks | |
import unicorn as uc | |
import math | |
import sys | |
from pygments.lexers.asm import NasmLexer | |
from pygments.styles import get_style_by_name | |
from prompt_toolkit.shortcuts import prompt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'''asm console via keystone for python 2.7 | |
pip install keystone-engine | |
python asmconsole.py -a ARM -m LITTLE_ENDIAN -f escape -b 0x000086e4 | |
Little endian arm print escape codes and make base address 0x000086e4 | |
''' | |
from __future__ import print_function | |
import keystone | |
import argparse | |
from sys import exit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$argss = @{Name="MonitorMalwareFilt";QueryLanguage="WQL";Query="select * from __instancecreationevent within 5 where targetinstance isa 'Malware'";EventNamespace="root\Microsoft\SecurityClient"} | |
$filt = Set-WmiInstance -Namespace root/subscription -Class __EventFilter -Arguments $argss | |
$argss = @{Name="MonitorMalwareCons";CommandLineTemplate="msg * Malware: %TargetInstance.ThreatName% from %TargetInstance.User% at %TargetInstance.Path% (Severity: %TargetInstance.SeverityID%)"} | |
$cons = Set-WmiInstance -Namespace root/subscription -Class CommandLineEventConsumer -Arguments $argss | |
$argss = @{Filter=$filt;Consumer=$cons} | |
Set-WmiInstance -Namespace root/subscription -Class __FilterToConsumerBinding -Arguments $argss |
NewerOlder