OS: Rocky Linux 9.5 Kernel: 5.14 Auditctl: version 3.1.5
Rules for monitoring the exit, exit_group and kill syscalls can be used to monitor process termination.
Matt Ehrnschwender MEhrn00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cmake_minimum_required(VERSION 3.24) | |
| project(Stardust | |
| LANGUAGES CXX | |
| ) | |
| # Build option for generating the final shellcode.bin file | |
| option(STARDUST_BUILD_SHELLCODE "Build the final shellcode.bin file" OFF) | |
| # Add nasm for the Stardust.asm source if building shellcode | |
| if(${STARDUST_BUILD_SHELLCODE}) |
MEhrn00
/ bin2coff.py
Last active
October 21, 2025 16:14
Small Python script for generating COFFs with data embedded from arbitrary binary files.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """bin2coff.py | |
| usage: bin2coff.py [-h] [-s SYMBOL] [-m {amd64,i386,arm,arm64}] input [output] | |
| Converts an arbitrary file into a linkable COFF. | |
| positional arguments: | |
| input Input file for generating the COFF | |
| output Output for the generated COFF (defaults to the input file name with a '.o' extension) |
MEhrn00
/ CMakeLists.txt
Created
January 12, 2025 03:59
Generating COFFs for embedding files in C/C++ programs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cmake_minimum_required(VERSION 3.18) | |
| project(example LANGUAGES C) | |
| find_package(Python REQUIRED COMPONENTS Interpreter) | |
| add_custom_command( | |
| OUTPUT hello.o | |
| COMMAND | |
| ${Python_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/bin2coff.py |
MEhrn00
/ telemetry.md
Created
December 18, 2024 05:16
List of examples for collecting telemetry from various telemetry categories with auditd.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // clang -target x86_64-pc-windows-gnu --sysroot=/usr/x86_64-w64-mingw32 -fuse-ld=lld main_asm.c -o main.exe -L/usr/lib/gcc/x86_64-w64-mingw32/13.2.0/ -static | |
| #include <windows.h> | |
| int main() { | |
| asm volatile(".intel_syntax noprefix;" | |
| "mov rax, 8;" | |
| ".att_syntax;"); | |
| return 0; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from pwn import * | |
| from time import sleep | |
| context.binary = binary = './target' | |
| if args.REMOTE: | |
| p = remote('pwnremote.threatsims.com', 9003) | |
| libc = ELF('./libc-2.31.so', checksec = False) | |
| else: | |
| p = process(binary, env = {'LD_PRELOAD': './libc-2.31.so'}) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BITS 32 | |
| global _start | |
| section .text | |
| _start: | |
| xor eax, eax | |
| push eax | |
| push eax | |
| push eax |