Evan McBroom EvanMcBroom
☕
todbot
/ espnow_simple_hacky_receiver.py
Last active
November 28, 2025 13:30
Simple demo of ESPnow broadcast function on CircuitPython
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # espnow-simple_hacky_receiver.py -- show ESPnow working broadcast on CircuitPython | |
| # 9 Jul 2025 - @todbot | |
| # tested on QTPY ESP32-S2 and FunHouse (ESP32-S2) | |
| import time | |
| import wifi | |
| import espnow | |
| # https://github.com/adafruit/circuitpython/issues/9380#issuecomment-2463013607 | |
| # hack to switch channel that is used for ESPNow | |
| # this takes just a few milliseconds, so doesn't waste a lot of power |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // onexit.h | |
| // | |
| // Defines ON_EXIT macro to create finalizer objects. | |
| // These objects execute specified code when they go out of scope. | |
| // | |
| // Useful when you can't be bothered writing RAII wrappers for every little thing in 3rd-party code, | |
| // but still want to reduce cognitive load by not tracking stuff you might need to cleanup. | |
| // | |
| // Usage example: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Pseudocode and structs for nt!PsSyscallProviderDispatch. | |
| // For ntosknrl win11 24H2 10.0.26100.1742. | |
| // Restored by Cyra, adjusted by @sixtyvividtails. | |
| // | |
| // See actual research: | |
| // by @gal_kristal: https://gist.github.com/Kristal-g/eec050b3fcea2a77715ef0cff4acf841 | |
| // by @0xfluxsec: https://fluxsec.red/alt-syscalls-for-windows-11 | |
| // name's mine // @gal_kristal: _PS_SYSCALL_PROVIDER_SERVICE_DESCRIPTOR_GROUP |
smx-smx
/ XZ Backdoor Analysis
Last active
June 2, 2025 22:53
[WIP] XZ Backdoor Analysis and symbol mapping
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| XZ Backdoor symbol deobfuscation. Updated as i make progress |
rbmm
/ gist:380b16773949b82beb17d0969c609ff2
Created
February 15, 2024 14:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void RemapSelfInternal(PVOID ImageBase, PVOID TempBase, ULONG SizeOfImage, HANDLE hSection) | |
| { | |
| if (UnmapViewOfFile(ImageBase)) | |
| { | |
| PVOID BaseAddress = ImageBase; | |
| SIZE_T ViewSize = SizeOfImage; | |
| // for x64 only, because we not pass address of ZwMapViewOfSection | |
| if (0 <= ZwMapViewOfSection(hSection, NtCurrentProcess(), &BaseAddress, | |
| 0, 0, 0, &ViewSize, ViewUnmap, 0, PAGE_EXECUTE_READWRITE) && ImageBase == BaseAddress) |
rbmm
/ gist:0a9b675e675175b739a3b45bc9817e71
Created
February 6, 2024 18:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BOOL UnhookNT() | |
| { | |
| BOOL fOk = FALSE; | |
| if (HMODULE hmod = GetModuleHandleW(L"ntdll")) | |
| { | |
| if (PIMAGE_NT_HEADERS pinth = RtlImageNtHeader(hmod)) | |
| { | |
| PVOID BaseAddress = (PBYTE)hmod + pinth->OptionalHeader.BaseOfCode; |
rbmm
/ gist:f6fb914e74b5a81b448889a25e500365
Created
May 30, 2023 09:54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| _NT_BEGIN | |
| NTSTATUS CreatePlaceHolder(PCWSTR lpFileName, ULONG SizeOfImage) | |
| { | |
| struct SEF : IMAGE_DOS_HEADER, IMAGE_NT_HEADERS, IMAGE_SECTION_HEADER | |
| { | |
| } y {}; |
monoxgas
/ urbandoor.cs
Created
April 10, 2023 22:58
Minimal PoC code for Kerberos Unlock LPE (CVE-2023-21817)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using NtApiDotNet; | |
| using NtApiDotNet.Ndr.Marshal; | |
| using NtApiDotNet.Win32; | |
| using NtApiDotNet.Win32.Rpc.Transport; | |
| using NtApiDotNet.Win32.Security.Authentication; | |
| using NtApiDotNet.Win32.Security.Authentication.Kerberos; | |
| using NtApiDotNet.Win32.Security.Authentication.Kerberos.Client; | |
| using NtApiDotNet.Win32.Security.Authentication.Kerberos.Server; | |
| using NtApiDotNet.Win32.Security.Authentication.Logon; | |
| using System; |
antonioCoco
/ TcbElevation.cpp
Last active
December 1, 2025 05:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // TcbElevation - Authors: @splinter_code and @decoder_it | |
| #define SECURITY_WIN32 | |
| #include <windows.h> | |
| #include <sspi.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "Secur32.lib") | |
| void EnableTcbPrivilege(BOOL enforceCheck); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| meta: | |
| id: coff | |
| title: Common Object Format File | |
| file-extension: | |
| - obj | |
| license: CC0-1.0 | |
| ks-version: 0.9 | |
| endian: le | |
| doc-ref: https://wiki.osdev.org/COFF | |
| seq: |
NewerOlder