- Dissecting Go Binaries
- Go: Overview of the Compiler
- Go compiler internals: adding a new statement to Go - Part 1
- Go compiler internals: adding a new statement to Go - Part 2
- Reversing GO binaries like a pro
- How a Go Program Compiles down to Machine Code
- Analyzing Golang Executables
- Go Reverse Engineering Tool Kit
- go-internals book
- [Reconstructing Program Semantics from Go Binaries](http://home.in.tum.de/
kungfulon
/ secret_keeper.py
Created
November 28, 2020 19:09
ASCIS 2020 Final - Secret Keeper (pwn01)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from pwn import * | |
| context.os = 'linux' | |
| context.arch = 'amd64' | |
| context.terminal = ['tmux', 'sp', '-v', '-p', '90'] | |
| b = ELF('./secret_keeper') | |
| l = ELF('/lib/x86_64-linux-gnu/libc-2.31.so') |
alexander-hanel
/ GORE.md
Last active
April 4, 2025 10:48
Go Lang Reverse Engineering Resources/Links
keltecc
/ arnault.sage
Last active
October 17, 2024 08:31
An example of Miller-Rabin primality test breaking
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sage | |
| # François Arnault. 1995. Constructing Carmichael Numbers which are Strong Pseudoprimes to Several Bases | |
| # https://doi.org/10.1006/jsco.1995.1042 | |
| from sys import stderr | |
| from random import choice, getrandbits |
mgeeky
/ vba-windows-persistence.vbs
Last active
September 4, 2021 04:38
VBA Script implementing two windows persistence methods - via WMI EventFilter object and via simple Registry Run.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' | |
| ' SYNOPSIS: | |
| ' This macro implements two windows persistence methods: | |
| ' - WMI Event Filter object creation | |
| ' - simple HKCU Registry Run value insertion. It has to be HKCU to make it work under Win10 x64 | |
| ' | |
| ' WMI Persistence method as originally presented by SEADADDY malware | |
| ' (https://github.com/pan-unit42/iocs/blob/master/seaduke/decompiled.py#L887) | |
| ' and further documented by Matt Graeber. | |
| ' |
mgeeky
/ delete-warning-div-macro.vbs
Created
August 30, 2017 18:21
VBA Macro function to be used as a Social Engineering trick removing "Enable Content" warning message as the topmost floating text box with given name.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Private Sub DeleteWarningPicture(ByVal textBoxName As String, ByVal saveDocAfter As Boolean) | |
| Dim shape As Word.shape | |
| For Each shape In ActiveDocument.Shapes | |
| If StrComp(shape.Name, textBoxName) = 0 Then | |
| shape.Delete | |
| Exit For | |
| End If | |
| Next | |
| If saveDocAfter Then | |
| ActiveDocument.Save |
mgeeky
/ MacroDetectSandbox.vbs
Last active
November 2, 2020 10:04
Visual Basic script responsible for detecting Sandbox environments, as presented in modern Trojan Droppers implemented in Macros.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Private Declare PtrSafe Function isDbgPresent Lib "kernel32" Alias "IsDebuggerPresent" () As Boolean | |
| Public Function IsFileNameNotAsHexes() As Boolean | |
| Dim str As String | |
| Dim hexes As Variant | |
| Dim only_hexes As Boolean | |
| only_hexes = True | |
| hexes = Array("0", "1", "2", "3", "4", "5", "6", "7", _ | |
| "8", "9", "a", "b", "c", "d", "e", "f") |
jaredcatkinson
/ Get-InjectedThread.ps1
Last active
April 24, 2025 15:06
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
jn0
/ rtsp-rtp-sample.py
Created
December 2, 2016 08:43
Sample Python script to employ RTSP/RTP to play a stream from an IP-cam (from stackoverflow)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| http://stackoverflow.com/questions/28022432/receiving-rtp-packets-after-rtsp-setup | |
| A demo python code that .. | |
| 1) Connects to an IP cam with RTSP | |
| 2) Draws RTP/NAL/H264 packets from the camera | |
| 3) Writes them to a file that can be read with any stock video player (say, mplayer, vlc & other ffmpeg based video-players) | |
| Done for educative/demonstrative purposes, not for efficiency..! |
SouhailHammou
/ VM.c
Created
September 22, 2015 17:00
Virtual machine with a custom instruction set.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| VM by Souhail Hammou : custom instruction set | |
| data space and stack space are customizable. | |
| Important : In calculations the VM is using unsigned values. | |
| */ | |
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <conio.h> | |
| #define TRUE 1 | |
| #define FALSE 0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <stdint.h> | |
| #define ROUNDS 8 | |
| #define ACTION_ENCRYPT "-e" | |
| #define ACTION_DECRYPT "-d" | |
| #define MODE_ECB "ecb" |
NewerOlder