Skip to content

Instantly share code, notes, and snippets.

View Dump-GUY's full-sized avatar

Dump-GUY

580 followers · 56 following
View GitHub Profile
@susMdT
susMdT / Program.cs
Created March 1, 2023 18:55
haha funny jit go brrrr
using System;
using System.Runtime.CompilerServices;
using System.Reflection;
using System.Reflection.Emit;
namespace FunkyJit
{
class Program
{
public static void Nothing() { Console.WriteLine(); }
static void Main(string[] args)
@richinseattle
richinseattle / DtraceOnWindows.md
Created December 22, 2021 00:09

DTrace for Windows

https://github.com/microsoft/DTrace-on-Windows

Overview

DTrace for Windows is a port of the opensource release of DTrace originally developed by Sun for Solaris in 2005. DTrace allows for high performance function tracing with access to typed arguments and statistical event collection. DTrace utilizes several types of instrumentation or trace frameworks provided by Windows including ETW, a system call tracer, a kernel function tracer, and a userland function tracer.

Installation / Build Notes

@icecr4ck
icecr4ck / idapython_cheatsheet.md
Last active March 11, 2025 14:17
Cheatsheet for IDAPython
@shadyeip
shadyeip / quick-disable-windows-defender.bat
Last active May 18, 2024 03:48
rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!!
rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference
rem To also disable Windows Defender Security Center include this
rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
rem 1 - Disable Real-time protection
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
@stecman
stecman / dump-pyc-with-gdb.md
Last active March 19, 2025 18:22
Dumping all bytecode from a packaged Python application

This is a technique for extracting all imported modules from a packaged Python application as .pyc files, then decompiling them. The target program needs to be run from scratch, but no debugging symbols are necessary (assuming an unmodified build of Python is being used).

This was originally performed on 64-bit Linux with a Python 3.6 target. The Python scripts have since been updated to handle pyc files for Python 2.7 - 3.9.

Theory

In Python we can leverage the fact that any module import involving a .py* file will eventually arrive as ready-to-execute Python code object at this function:

PyObject* PyEval_EvalCode(PyObject *co, PyObject *globals, PyObject *locals);
@mattifestation
mattifestation / CertTBSHash.ps1
Created September 7, 2017 01:13
Calculates a ToBeSigned hash of a certificate, producing the same uniquely identifying hash present in code integrity rule sets.
# Example: ls 'C:\Windows\System32\*' -Include '*.dll' | Get-AuthenticodeSignature | Select -ExpandProperty SignerCertificate | Get-TBSHash
filter Get-TBSHash {
[OutputType([String])]
param (
[Parameter(Mandatory, ValueFromPipeline)]
[Security.Cryptography.X509Certificates.X509Certificate2]
$Certificate
)