fariss fariss

## CapaTreeTableDemo.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                fariss
                / CapaTreeTableDemo.md
            
            
              Created
              January 20, 2026 22:34
            
          
    CAPA TreeTable Ghidra Extension

Installation


Copy all four Java files to your Ghidra scripts directory:

macOS/Linux: ~/.ghidra/.ghidra_<version>/scripts/


Run TreeTableGhidraScript.java from the Script Manager


Files Included


## keybase.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                fariss
                / keybase.md
            
            
              Created
              October 21, 2025 17:18
            
          
    Keybase proof

I hereby claim:

I am fariss on github.
I am fariss (https://keybase.io/fariss) on keybase.
I have a public key ASC846tysSlsPA5shFdF78Lv9qfw-8ObJnVEmWi58azD6go

To claim this, I am signing this object:

  
## extract_insn_number_features_via_pcode_script.py
#Extract instruction-level number features with P-code
#@category PCode
#@author Soufiane Fariss
#@menupath
#@toolbar

from ghidra.program.model.pcode import HighParam, PcodeOp, PcodeOpAST
from ghidra.program.model.address import AddressSet
from capa.features.extractors.ghidra.insn import *
from capa.features.address import AbsoluteVirtualAddress

## Makefile
AS=nasm
ASFLAGS=-f elf64 -g -F dwarf
LD=ld
LDFLAGS=-dynamic-linker /lib64/ld-linux-x86-64.so.2 -lc -m elf_x86_64
RM=rm -rf
SOURCES=$(wildcard *.asm)
OBJECTS=$(SOURCES:.asm=.o)
TARGET=out

%.o: %.asm

## APC-inject.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                fariss
                / APC-inject.md
            
            
              Last active
              November 26, 2023 04:35
            
          
  Title
  Date
  Author
  email
  
  
  APC Queue Code Injection
  05 May 2021
  Soufiane Fariss
  soufiane.fariss@um5s.net.ma
  
  
APC Queue Code Injection

Simple APC Queue Code Injection

Injection techniques that rely on creating a remote thread in the target process to execute the shellcode might cause a huge increase in the malware confidence score which will raise a lot of suspicion among security products. Nevertheless, these techniques create a new thread, which causes a lot of overhead because of allocating new resources to get the thread up and running.

  
## wbs.txt
1. Benchmarking +  Encryption + Generation  = 1 unit (Payload build)
  1.1 Payload generators (Study metasploit, Convenant, PoshC2, SharpShooter)
  1.2 Proper Generator

2. Payload/Shellcode Execution
  2.1 Invokation (Distrubtion / Dropper)
    2.1.1. Marcros
    2.1.2. MS HTA
    2.1.3. MSB
    2.1.4. WMI

## RedditFormatter.java
public class RedditFormatter {
	private String[] input;

    public RedditFormatter(String[] input) {
        this.input = input;
   	}

    public String format() {
        String result = String.join(" r/", this.input);
        System.out.println("r/" + result);

## SumSquareDivisors.py
def SumSquareDivisisors(m, n):
   from math import sqrt as sq
   result = []
   f = lambda x: x**2
   for k in range(m, n+1):
      L = [k]
      for i in range(1, k//2 + 1):
         if k % i == 0:
            L.append(i)
      M = list(map(f, L))
	#Extract instruction-level number features with P-code
	#@category PCode
	#@author Soufiane Fariss
	#@menupath
	#@toolbar

	from ghidra.program.model.pcode import HighParam, PcodeOp, PcodeOpAST
	from ghidra.program.model.address import AddressSet
	from capa.features.extractors.ghidra.insn import *
	from capa.features.address import AbsoluteVirtualAddress
	AS=nasm
	ASFLAGS=-f elf64 -g -F dwarf
	LD=ld
	LDFLAGS=-dynamic-linker /lib64/ld-linux-x86-64.so.2 -lc -m elf_x86_64
	RM=rm -rf
	SOURCES=$(wildcard *.asm)
	OBJECTS=$(SOURCES:.asm=.o)
	TARGET=out

	%.o: %.asm
	1. Benchmarking + Encryption + Generation = 1 unit (Payload build)
	1.1 Payload generators (Study metasploit, Convenant, PoshC2, SharpShooter)
	1.2 Proper Generator

	2. Payload/Shellcode Execution
	2.1 Invokation (Distrubtion / Dropper)
	2.1.1. Marcros
	2.1.2. MS HTA
	2.1.3. MSB
	2.1.4. WMI
	public class RedditFormatter {
	private String[] input;

	public RedditFormatter(String[] input) {
	this.input = input;
	}

	public String format() {
	String result = String.join(" r/", this.input);
	System.out.println("r/" + result);
	def SumSquareDivisisors(m, n):
	from math import sqrt as sq
	result = []
	f = lambda x: x**2
	for k in range(m, n+1):
	L = [k]
	for i in range(1, k//2 + 1):
	if k % i == 0:
	L.append(i)
	M = list(map(f, L))