Skip to content

Instantly share code, notes, and snippets.

View N3mes1s's full-sized avatar

Giuseppe Massaro N3mes1s

119 followers · 24 following
View GitHub Profile
@davidzhao
davidzhao / cartesia-assistant.py
Last active August 14, 2025 05:08
LiveKit Voice Assistant with Cartesia
import asyncio
import json
from livekit import rtc
from livekit.agents import JobContext, WorkerOptions, cli, JobProcess
from livekit.agents.llm import (
ChatContext,
ChatMessage,
)
from livekit.agents.voice_assistant import VoiceAssistant
@fr0gger
fr0gger / DhashIcon.py
Last active September 30, 2024 11:08
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Thomas Roccia | IconDhash.py
# pip3 install lief
# pip3 install pillow
# resource: https://www.hackerfactor.com/blog/?/archives/529-Kind-of-Like-That.html
import lief
import os
import argparse
@myrtus0x0
myrtus0x0 / hancitor_conf.py
Last active December 3, 2020 08:44
import malduck
import binascii
import sys
import hashlib
from loguru import logger
import collections
import math
import json
import pefile
@w0rk3r
w0rk3r / SharpWMIPersist.cs
Last active September 2, 2020 18:02
using System;
using System.Management;
namespace SharpWMIPersist
{
class Program
{
public static void Main()
{
ManagementObject EventFilter = null;
@baderj
baderj / matiex_keylogger.yara
Created July 21, 2020 17:14
rule win_matiex_keylogger_v1 {
meta:
author = "Johannes Bader @viql"
date = "2020-07-20"
description = "detects the Matiex Keylogger"
tlp = "white"
strings:
$obfuscator_1 = "OiCuntJollyGoodDayYeHavin_____________________________________________________"
@LukeMathWalker
LukeMathWalker / .gitlab-ci.yml
Last active December 9, 2024 18:12
GitLab CI - Rust setup
image: "rust:latest"
default:
before_script:
- rustc --version
- cargo --version
stages:
- test
@0xtornado
0xtornado / 0_CyberChef_CobaltStrike_Shellcode_Decoder_Recipe
Created April 30, 2020 14:11
CyberChef recipe to extract and decode Shellcode from a Cobalt Strike beacon
[{"op":"Conditional Jump","args":["bxor",false,"Decode_Shellcode",10]},{"op":"Label","args":["Decode_beacon"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Decode text","args":["UTF-16LE (1200)"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"Gunzip","args":[]},{"op":"Label","args":["Decode_Shellcode"]},{"op":"Regular expression","args":["User defined","[a-zA-Z0-9+/=]{30,}",true,true,false,false,false,false,"List matches"]},{"op":"Conditional Jump","args":["",false,"",10]},{"op":"From Base64","args":["A-Za-z0-9+/=",true]},{"op":"XOR","args":[{"option":"Decimal","string":"35"},"Standard",false]}]
@hfiref0x
hfiref0x / zam.md
Created February 26, 2020 06:52
MalwareFox ZAM backdoor IOCTL list

ZAM64.SYS (ZAMGUARD64.SYS) most interesting IOCTLs.

All parameters to the functions supplied from user-mode via DeviceIoControl parameters. Everything from this available for any local user on machine where this driver is running.

0x8000202C

Arbitrary file deletion. Resets file attributes via ZwSetInformationFile and then does ZwDeleteFile.

0x80002030

Wrapper around ZwQuerySystemInformation(SystemProcessInformation).

@SwitHak
SwitHak / 20200114-TLP-WHITE_CVE-2020-0601.md
Last active November 11, 2025 11:22
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

  • Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
  • The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
  • The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

  • NSA description:
  • NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
@MSAdministrator
MSAdministrator / iranian_apit_groups_possible_commands.md
Last active December 5, 2025 00:25
Iranian APT Groups & Possible Commands Used By These Groups

Overview

The following content is generated using a preview release of Swimlane's pyattck.

This snippet of data is scoped to the following actor groups:

  • APT33
  • APT34
  • APT39
  • Charming Kitten