| #!/bin/sh | |
| print_usage() { | |
| echo "usage: compress_video <input_file>" | |
| echo "supported formats: mp4, webm, mkv, mov, avi, flv" | |
| } | |
| get_extension() { | |
| f="${1##*/}" | |
| case "$f" in |
| id: suspicious-extensions-rce | |
| info: | |
| name: Suspicious File Extensions - Potential RCE | |
| author: Nullenc0de | |
| severity: medium | |
| description: Detects files with potentially suspicious extensions that could be used for Remote Code Execution (RCE). Scan your AppData folder. | |
| file: | |
| - extensions: |
| XZ Backdoor symbol deobfuscation. Updated as i make progress |
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.
Some notes, tools, and techniques for reverse engineering Golang binaries.
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <vector> | |
| RECT gUsableAreaCoords = {0}; | |
| RECT gCurrentPos = {0}; | |
| INT gVelocityX = 5; | |
| INT gVelocityY = 5; | |
| DWORD gLast = 0; |
Note: I have moved this list to a proper repository. I'll leave this gist up, but it won't be updated. To submit an idea, open a PR on the repo.
Note that I have not tried all of these personally, and cannot and do not vouch for all of the tools listed here. In most cases, the descriptions here are copied directly from their code repos. Some may have been abandoned. Investigate before installing/using.
The ones I use regularly include: bat, dust, fd, fend, hyperfine, miniserve, ripgrep, just, cargo-audit and cargo-wipe.
| Base64 Code | Mnemonic Aid | Decoded* | Description |
|---|---|---|---|
JAB |
🗣 Jabber | $. |
Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env: |
TVq |
📺 Television | MZ |
MZ header |
SUVY |
🚙 SUV | IEX |
PowerShell Invoke Expression |
SQBFAF |
🐣 Squab favorite | I.E. |
PowerShell Invoke Expression (UTF-16) |
SQBuAH |
🐣 Squab uahhh | I.n. |
PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz |
PAA |
💪 "Pah!" | <. |
Often used by Emotet (UTF-16) |
