| 0810 b' from ' | |
| 0678 b' ssh2' | |
| 00d8 b'%.48s:%.48s():%d (pid=%ld)\x00' | |
| 0708 b'%s' | |
| 0108 b'/usr/sbin/sshd\x00' | |
| 0870 b'Accepted password for ' | |
| 01a0 b'Accepted publickey for ' | |
| 0c40 b'BN_bin2bn\x00' | |
| 06d0 b'BN_bn2bin\x00' | |
| 0958 b'BN_dup\x00' |
Printing a PDF as a booklet helps reduce the page count needed to print, and also make the PDF able to be travel sized. The size of where it becomes unusable is up to you. However, if it's too big to fold and staple, then you shouldn't do this.
| # Simple script to demo use of yara-python + externals | |
| # think of all the externals you could define! | |
| import os | |
| import sys | |
| import yara | |
| example_rule = ''' | |
| rule demo_externals | |
| { |
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
| play.http.secret.key="ThehiveTestPassword" | |
| ## For test only ! | |
| db.janusgraph { | |
| storage.backend: berkeleyje | |
| storage.directory: /tmp/ | |
| berkeleyje.freeDisk: 200 | |
| } | |
| storage { |
brew install mingw-w64rustup target add x86_64-pc-windows-gnu.cargo/config.cargo/config[target.x86_64-pc-windows-gnu]
| ''' | |
| IDAPython script that generates a YARA rule to match against the | |
| basic blocks of the current function. It masks out relocation bytes | |
| and ignores jump instructions (given that we're already trying to | |
| match compiler-specific bytes, this is of arguable benefit). | |
| If python-yara is installed, the IDAPython script also validates that | |
| the generated rule matches at least one segment in the current file. | |
| author: Willi Ballenthin <[email protected]> |
| ### | |
| ### | |
| ### UPDATE: For Win 11, I recommend using this tool in place of this script: | |
| ### https://christitus.com/windows-tool/ | |
| ### https://github.com/ChrisTitusTech/winutil | |
| ### https://www.youtube.com/watch?v=6UQZ5oQg8XA | |
| ### iwr -useb https://christitus.com/win | iex | |
| ### | |
| ### |
This Gist has been transfered into a Github Repo. You'll find the most recent version here.
When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.
| #!/bin/bash | |
| # This is the 'mover' script used for moving files from the cache disk to the | |
| # main array. It is typically invoked via cron. | |
| # After checking if it's valid for this script to run, we check each of the top-level | |
| # directories (shares) on the cache disk. If, and only if, the 'Use Cache' setting for the | |
| # share is set to "yes", we use 'find' to process the objects (files and directories) of | |
| # that directory, moving them to the array. |