Skip to content

Instantly share code, notes, and snippets.

View ThisIsNotMalware's full-sized avatar

Or is it? ThisIsNotMalware

4 followers · 1 following
View GitHub Profile
@thomaspatzke
thomaspatzke / Kill-Ransomware.ps1
Created November 5, 2019 12:29
Ransomware Killer
# Ransomware Killer v0.1 by Thomas Patzke <[email protected]>
# Kill all parent processes of the command that tries to run "vssadmin Delete Shadows"
# IMPORTANT: This must run with Administrator privileges!
Register-WmiEvent -Query "select * from __instancecreationevent within 0.1 where targetinstance isa 'win32_process' and targetinstance.CommandLine like '%vssadmin%Delete%Shadows%'" -Action {
# Kill all parent processes from detected vssadmin process
$p = $EventArgs.NewEvent.TargetInstance
while ($p) {
$ppid = $p.ParentProcessID
$pp = Get-WmiObject -Class Win32_Process -Filter "ProcessID=$ppid"
Write-Host $p.ProcessID
@Neo23x0
Neo23x0 / Base64_CheatSheet.md
Last active November 16, 2025 22:56
Learning Aid - Top Base64 Encodings Table

Base64 Patterns - Learning Aid

Base64 Code Mnemonic Aid Decoded* Description
JAB 🗣 Jabber $. Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env:
TVq 📺 Television MZ MZ header
SUVY 🚙 SUV IEX PowerShell Invoke Expression
SQBFAF 🐣 Squab favorite I.E. PowerShell Invoke Expression (UTF-16)
SQBuAH 🐣 Squab uahhh I.n. PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz
PAA 💪 "Pah!" &lt;. Often used by Emotet (UTF-16)
@danielfaust
danielfaust / samsung_remote.py
Created May 30, 2011 04:12
Samsung TV Remote Control Python Script
import time
import socket
import base64
src = '192.168.1.2' # ip of remote
mac = '00-AB-11-11-11-11' # mac of remote
remote = 'python remote' # remote name
dst = '192.168.1.3' # ip of tv
app = 'python' # iphone..iapp.samsung