Ankur Tyagi 7h3rAm
7h3rAm
/ dga_ramnit.py
Last active
August 29, 2015 14:21
DGA of Ramnit - http://johannesbader.ch/2014/12/the-dga-of-ramnit/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| class RandInt: | |
| def __init__(self, seed): | |
| self.seed = seed | |
| def rand_int_modulus(self, modulus): | |
| ix = self.seed | |
| ix = 16807*(ix % 127773) - 2836*(ix / 127773) & 0xFFFFFFFF |
7h3rAm
/ dga_newGOZ.py
Created
May 19, 2015 09:16
DGA of Zeus Gameover Variant - newGOZ - http://www.johannesbader.ch/2014/12/the-dga-of-newgoz/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| from datetime import datetime, timedelta | |
| import struct | |
| import argparse | |
| def get_seed(seq_nr, date): | |
| key = "\x01\x05\x19\x35" | |
| seq_nr = struct.pack('<I', seq_nr) | |
| year = struct.pack('<H', date.year) | |
| month = struct.pack('<H', date.month) |
7h3rAm
/ dga_shiz.py
Last active
August 29, 2015 14:21
— forked from baderj/dga_shiz.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| def get_domains(nr, how_many): | |
| bases = { | |
| 1: { | |
| 'length': 7, | |
| 'tld': 'com', | |
| 'key': '1676d5775e05c50b46baa5579d4fc7', | |
| 'base': 0x45AE94B2 | |
| }, |
7h3rAm
/ dga_symmi.py
Last active
August 29, 2015 14:21
— forked from baderj/dga_symmi.py
DGA of symmi - http://johannesbader.ch/2015/01/the-dga-of-symmi/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| from datetime import datetime | |
| seed_const = 42 | |
| days_period = 16 | |
| nr_of_domains = 64 | |
| third_lvl_min_len = 8 | |
| third_lvl_max_len = 15 | |
| class Rand: |
7h3rAm
/ dga.py
Last active
August 29, 2015 14:21
— forked from baderj/dga.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| generate domains according to: | |
| - https://www.endgame.com/blog/malware-with-a-personal-touch.html | |
| - http://www.rsaconference.com/writable/presentations/file_upload/br-r01-end-to-end-analysis-of-a-domain-generating-algorithm-malware-family.pdf | |
| requires words1.txt and words2.txt | |
| """ | |
| import time | |
| from datetime import datetime | |
| import argparse |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import datetime, re, difflib | |
| def k10(stack): | |
| if len(stack) <= 1: | |
| return | |
| checkHashes, checkDuplicates, checkDelta, checkName = True, True, True, True | |
| score, dCount, fCount, deltaScore, fnameScore, chainAverage = 65, 0, 0, 0, 0, 0 | |
| duplicates, dChain, fChain, features = [], [], [], [ 'valid_filenames' ] |
7h3rAm
/ gist:350463abeeb1edc85ee2
Created
October 4, 2014 17:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Verifying that +7h3ram is my Bitcoin username. You can send me #bitcoin here: https://onename.io/7h3ram |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [defaults] | |
| search = dos | |
| pgtpath = /home/ankur/toolbox/PCAP-Generation-Tools/pgt.py | |
| shellstormpath = /home/ankur/scripts/shell-storm-api.py | |
| exploitdbpath = | |
| metasploitpath = | |
| emuprofilesize = 10240 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| import re | |
| import datetime, time | |
| import argparse | |
| import nids | |
| end_states = (nids.NIDS_CLOSE, nids.NIDS_TIMEOUT, nids.NIDS_RESET) |
7h3rAm
/ shell.c
Created
September 1, 2013 19:39
— forked from parse/shell.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Compile with: g++ -Wall –Werror -o shell shell.c */ | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <ctype.h> | |
| #include <unistd.h> | |
| #include <sys/types.h> | |
| #include <sys/wait.h> |