Skip to content

Instantly share code, notes, and snippets.

View binlmmhc's full-sized avatar

binlmmhc

18 followers · 53 following
View GitHub Profile
@binlmmhc
binlmmhc / common sections dict
Created December 7, 2021 11:32 — forked from joenorton8014/common sections dict
# Dictionary of common PE file sections and descriptions.
# Taken from here: http://www.hexacorn.com/blog/2016/12/15/pe-section-names-re-visited/
common_sections_dict = {".00cfg":"Control Flow Guard CFG section added by newer versions of Visual Studio", \
".apiset":"a section present inside the apisetschema.dll", \
".arch":"Alpha-architecture section", \
".autoload_text":"cygwin/gcc; the Cygwin DLL uses a section to avoid copying certain data on fork.", \
".bindat":"Binary data also used by one of the downware installers based on LUA", \
".bootdat":"section that can be found inside Visual Studio files; contains palette entries", \
".bss":"Uninitialized Data Section", \
@binlmmhc
binlmmhc / Netfilter-IPTables-Diagrams.md
Created August 30, 2021 09:25 — forked from nerdalert/Netfilter-IPTables-Diagrams.md
Linux NetFilter, IP Tables and Conntrack Diagrams

Linux NetFilter, IP Tables and Conntrack Diagrams

IPTABLES TABLES and CHAINS

IPTables has the following 4 built-in tables.

1) Filter Table

Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.

@binlmmhc
binlmmhc / Get-InjectedThread.ps1
Created April 19, 2018 06:09 — forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION