https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA
PeterG75
PeterG75
/ resources.md
Created
November 12, 2020 00:12
— forked from muff-in/resources.md
A curated list of Assembly Language / Reversing / Malware Analysis -resources
PeterG75
/ HexCopy.py
Created
June 2, 2020 16:57
— forked from herrcore/HexCopy.py
IDA Plugin for quickly copying disassembly as encoded hex bytes (updated for IDA 7xx)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################################ | |
| ## | |
| ## One-Click Hex Copy! | |
| ## | |
| ## Updated for IDA 7.xx | |
| ## | |
| ## All credit for actual IOCTL decode logic: | |
| ## http://www.osronline.com/article.cfm?article=229 | |
| ## | |
| ## Big thanks to @gaasedelen for the IDA 7 update ideas: |
PeterG75
/ revil_strings.py
Created
January 27, 2020 23:11
— forked from OALabs/revil_strings.py
Decrypt REvil ransomware strings with IDA Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idaapi, idc, idautils | |
| class DecryptorError(Exception): | |
| pass | |
| def rc4crypt(key, data): | |
| x = 0 | |
| box = range(256) |
PeterG75
/ netgear-private-key-disclosure.md
Created
January 21, 2020 11:05
— forked from nstarke/netgear-private-key-disclosure.md
Netgear TLS Private Key Disclosure through Device Firmware Images
There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.
These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.
The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.
PeterG75
/ 01-reversing-cisco-ios-raw-binary-firmware-images-with-ghidra.md
Created
August 28, 2019 10:54
— forked from nstarke/01-reversing-cisco-ios-raw-binary-firmware-images-with-ghidra.md
Reversing Cisco IOS Raw Binary Firmware Images with Ghidra
This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.
I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.
While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.
PeterG75
/ boxstarter_oalabs_x86vm.ps1
Created
April 7, 2019 14:37
— forked from OALabs/boxstarter_oalabs_x86vm.ps1
Boxstarter - One click malware analysis tools installer for 32bit VM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-ExecutionPolicy Unrestricted; | |
| iex ((New-Object System.Net.WebClient).DownloadString('http://boxstarter.org/bootstrapper.ps1')); | |
| get-boxstarter -Force; | |
| Install-BoxstarterPackage -PackageName 'https://gist.github.com/OALabs/afb619ce8778302c324373378abbaef5/raw/4006323180791f464ec0a8a838c7b681f42d238c/oalabs_x86vm.ps1'; |
PeterG75
/ ftp_check.py
Created
April 7, 2019 13:49
— forked from tg12/ftp_check.py
Fast Multi-threaded FTP Scanner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from datetime import datetime | |
| import time | |
| import threading | |
| import random | |
| ########################### | |
| import dns.resolver | |
| import dns.reversename | |
| import ftplib | |
| import ipaddress |
PeterG75
/ uac_bypass.c
Created
November 14, 2018 11:29
— forked from Cr4sh/uac_bypass.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void TestCopy() | |
| { | |
| BOOL cond = FALSE; | |
| IFileOperation *FileOperation1 = NULL; | |
| IShellItem *isrc = NULL, *idst = NULL; | |
| BIND_OPTS3 bop; | |
| SHELLEXECUTEINFOW shexec; | |
| HRESULT r; | |
| do { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * fork.c | |
| * Experimental fork() on Windows. Requires NT 6 subsystem or | |
| * newer. | |
| * | |
| * Copyright (c) 2012 William Pitcock <[email protected]> | |
| * | |
| * Permission to use, copy, modify, and/or distribute this software for any | |
| * purpose with or without fee is hereby granted, provided that the above | |
| * copyright notice and this permission notice appear in all copies. |
PeterG75
/ ida_memdump.py
Created
November 9, 2018 18:50
— forked from herrcore/ida_memdump.py
Dump a blob of memory into a file - IDA Pro script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idautils | |
| import idaapi | |
| def memdump(ea, size, file): | |
| data = idc.GetManyBytes(ea, size) | |
| with open(file, "wb") as fp: | |
| fp.write(data) | |
| print "Memdump Success!" |
NewerOlder