Skip to content

Instantly share code, notes, and snippets.

View cyperdev's full-sized avatar

cyperdev

View GitHub Profile
@cyperdev
cyperdev / postmessaged.py
Created June 3, 2025 19:19 — forked from alanEG/postmessaged.py
Detect postmessage
from playwright.async_api import async_playwright
import asyncio, json, hashlib, sys
init_script = """
// Override addEventListener to detect 'message' handlers
const originalAddEventListener = window.addEventListener;
window.addEventListener = function(type, listener, options){
if (typeof type == 'string' && type.toLowerCase() === 'message'){
const stack = new Error();
const stacker = stack.stack.split('\\n');
@cyperdev
cyperdev / watcher-network.cs
Created June 2, 2025 10:09 — forked from 2S1one/watcher-network.cs
using System;
using System.IO;
using System.Net;
using System.Text;
using System.Net.Sockets;
namespace tcp_client_file_write
{
internal class Program
{
@cyperdev
cyperdev / watcher-executor.cs
Created June 2, 2025 10:09 — forked from 2S1one/watcher-executor.cs
using System;
using System.IO;
using System.Text;
using System.Threading;
using System.Diagnostics;
public class FileWatcher
{
static FileSystemWatcher watcher;
static Process p;
@cyperdev
cyperdev / ParentProcessValidator.cpp
Created June 1, 2025 17:59 — forked from WKL-Sec/ParentProcessValidator.cpp
This C++ code snippet demonstrates how to verify if an executable is launched by explorer.exe to enhance security during red team operations.
# White Knight Labs - Offensive Development
# Guardrails - Parent Process Check
#include <windows.h>
#include <tlhelp32.h>
#include <psapi.h>
#include <tchar.h>
#include <iostream>
// Function to get the ID of the parent process
@cyperdev
cyperdev / file_magic_numbers.md
Created August 30, 2024 09:42 — forked from leommoore/file_magic_numbers.md
File Magic Numbers

File Magic Numbers

Magic numbers are the first bits of a file which uniquely identify the type of file. This makes programming easier because complicated file structures need not be searched in order to identify the file type.

For example, a jpeg file starts with ffd8 ffe0 0010 4a46 4946 0001 0101 0047 ......JFIF.....G ffd8 shows that it's a JPEG file, and ffe0 identify a JFIF type structure. There is an ascii encoding of "JFIF" which comes after a length code, but that is not necessary in order to identify the file. The first 4 bytes do that uniquely.

This gives an ongoing list of file-type magic numbers.

Image Files