Skip to content

Instantly share code, notes, and snippets.

@gavz
gavz / enclave.c
Created August 4, 2025 20:21 — forked from whokilleddb/enclave.c
Run shellcode using LdrCallEnclave
#include <stdio.h>
#include <windows.h>
// Shellcode template from: https://gist.github.com/kkent030315/b508e56a5cb0e3577908484fa4978f12
// Compile using: x86_64-w64-mingw32-gcc -m64 enclave.c -o enclace.exe -lntdll
EXTERN_C NTSYSAPI
NTSTATUS
NTAPI LdrCallEnclave(
_In_ PENCLAVE_ROUTINE Routine,
@gavz
gavz / !writeup.md
Created August 4, 2025 20:19 — forked from terjanq/!writeup.md
Positive Players | justCTF2025

Positive Players | Write-up by @terjanq

From justCTF2025

A super secure application generated by the overlords for our positive players. Don't overthink it—it's not too hard—but try to think outside the box!

Vibe coding is the future. Good luck and have fun!

https://g.co/gemini/share/44bdfb8969aa

@gavz
gavz / update_cookie_BambdaCA.java
Created July 3, 2025 20:07 — forked from irsdl/update_cookie_BambdaCA.java
Automatically updates the Cookie header in Burp Repeater requests using Set-Cookie values from responses. This Bambda CustomAction preserves all existing cookies and only updates or adds values when necessary — ensuring session continuity without overwriting unrelated cookies.
#!/usr/bin/env python3
"""
MCP Scanner
Author: Thomas Roccia | @fr0gger_
Packages to install:
- requests
- httpx
- mcp
"""
// author: daax
// 0x4a65 = 19045 (windows version)
int main()
{
PSAPI_WORKING_SET_INFORMATION* w = ( PSAPI_WORKING_SET_INFORMATION* ) malloc( 1 << 20 );
QueryWorkingSet( GetCurrentProcess(), w, 1 << 20 );
for ( u32 i = 0; i < w->NumberOfEntries; i++ )
if ( ( w->WorkingSetInfo[ i ].Flags & 31 ) == 4 )
for ( u8* p = ( u8* ) ( ( w->WorkingSetInfo[ i ].Flags >> 12 ) << 12 ),
@gavz
gavz / decrypt.py
Created April 12, 2025 22:03 — forked from garrettfoster13/decrypt.py
decrypting PDQ creds
import hashlib
import struct
import argparse
from Crypto.Cipher import AES #pip install pycryptodome
def decrypt(blob, key):
"""Decrypt PDQ credential blobs"""
#Format for the blob is [header][ivlen][iv][encdata]
#Example blob: 28656e63727970746564290010644d18eb7817dad6de5f531b1b0b60113087662f3cf0ffdaa7760418c15ee6ea
#Example blob: [28656e637279707465642900][10][644d18eb7817dad6de5f531b1b0b6011][3087662f3cf0ffdaa7760418c15ee6ea]
@gavz
gavz / expmod.cpp
Created April 1, 2025 21:36 — forked from daaximus/expmod.cpp
A simple utility for modifying/adding exports to a PE file
#include <windows.h>
#include <iostream>
#include <fstream>
#include <string>
#include <vector>
#include <ctime>
#include <memory>
#include <optional>
#include <random>
#include <string_view>
@gavz
gavz / extract-uimage.sh
Created March 28, 2025 22:22 — forked from adamvr/extract-uimage.sh
Script for extracting a uimage
#!/bin/sh
#
# Copyright (C) 2010 Matthias Buecher (http://www.maddes.net/)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# http://www.gnu.org/licenses/gpl-2.0.txt

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.

@gavz
gavz / ws.cpp
Created March 17, 2025 22:06 — forked from AndreyBazhan/ws.cpp
Process Explorer: Process Properties->Performance tab performance issue
#include <Windows.h>
#include <psapi.h>
int main()
{
HANDLE ProcessHandle;
ULONG Processes[4096];
ULONG DataSize;
ULONG NumberOfProcesses;