Stephan Bridger

Let's suppose we’re conducting an offensive security exercise and need to bypass a security appliance--and need to call VirtualAlloc. We could do it in a less than optimal way, like this: #include <windows.h> int main() { void* mem = VirtualAlloc(NULL, 0x1000, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); return 0; } Why is this suboptimal? If we were to load the compiled binary into a tool like PE-bear, or if a security appliance or EDR were monitoring Import Address Table (IAT) entries, the VirtualAlloc function call would be trivial to detect, since the IAT contains pointers to all statically imported functions, making them easy to inspect or hook. Various security solutions and EDRs occasionally inspect these IAT functions by first scanning the binary and seeing what functions are exported. It then hooks those functions. But we can conceal this information (at least from a static point of view) and avoid such hooks. A better idiom is to perform dynam...

It seems like a lot of the previous software wrappers to interact with archive.today (and archive.is, archive.ph, etc) via the command-line are either outdated or broken. So, here's a Python script to automatically submit links from the command-line to archive.today and retrieve their archived URLs. From testing, it seems like it's best to keep the delay around 8 to 10 seconds. If you go too fast, Cloudflare will begin to yell at you and start throwing 429 errors. As long as you've received a "WIP" URL from archive.today, it should be archived shortly after, though it may not appear immediately. Add your own random user-agent. :) ''' % python3 archiveToday.py --help usage: archiveToday.py [-h] --urls URLS [--delay DELAY] [--output OUTPUT] Batch archive URLs with archive.today options: -h, --help show this help message and exit --urls URLS Path to file containing URLs (one per line) --delay DELAY Delay between submissions in...