Christian Bagley ChristianBagley

Tools

Metaspoit: Penetration testing software
BeEF: The Browser Exploitation Framework
PTF: Penetration Testers Framework
Bettercap: MITM framework
Nessus: Vulnerability scanner
AutoNessus: Auto Nessus
BDFProxy: Patch Binaries via MITM (BackdoorFactory)
Xplico: Network Forensic Analysis Tool (eg. parse pcap file)

"Give Me CRX" (https://chrome.google.com/webstore/detail/give-me-crx/acpimoebmfjpfnbhjgdgiacjfebmmmci) contains a virus hidden in the source code.

Hidden Virus

Reviewer "Adam Carbonell" (link) first discovered existence of the malware. He mentioned that icon2.png contains malicious code.

bg.js (last modified 11/11/2016) extracts the code by reading icon2.png (last modified 11/10/2016) as text, extracting data between init> and <end strings (I assume a PNG comment), and xor-ing it with char ^ 77.

The resulting text is then run as Javascript. I think around 24 hours after extension installation, every tab will have <script src='hXXp//s3.eu-central-1.amazonaws.com/forton/give_me_crx.js'> injected whenever "chrome.tabs.onUpdated".

Securely free up space in Macbook harddrive by using SD card

We used Niftydrive with Sandisk 128gb UHS-I Micro SD Card and this config to allocate more space for Macbooks with small ssd drives. For 128gb and 256gb models this is a lot more space.

Save yourself the trouble and don't try to buy UHS-II cards since they don't have better performance vs UHS-I in Mac.

Please use Filevault encryption in your main hard-drive. This setup makes it easy to use Time machine backups to the contents of the SD card too.

	####################################################################
	#Python program to convert temperature from either Fahrenheit to #
	#Celsius or vise-versa. This is a very simple function example. #
	# #
	####################################################################


	def convert(temp, unit):
	unit = unit.lower()
	if unit == "c":

	#!/bin/bash
	#
	# CloudyGamerLauncher by Larry Gadea
	# Easily start/stop Paperspace and Parsec instances
	#
	# Make sure to fill out the variables below. For the machine name, use the
	# 8-letter identifier for the machine on Paperspace (ex. PS8RGDUY)

	PAPERSPACE_EMAIL=''
	PAPERSPACE_PASSWORD=''

	function transfer
	if test (count $argv) -eq 0
	echo "No arguments specified. Usage:\necho transfer /tmp/test.md\ncat /tmp/test.md \| transfer test.md"
	return 1
	end

	## get temporarily filename, output is written to this file show progress can be showed
	set tmpfile ( mktemp -t transferXXX )

	## upload stdin or file

	#!/bin/zsh

	# Defines transfer alias and provides easy command line file.
	#
	# Authors:
	# Remco Verhoef <[email protected]>
	# Prajjwal Singh <[email protected]>
	#
	# Dependencies:
	# * curl

	import requests
	import re
	from glob import glob # Google this. It's really good!
	from os.path import basename, join # Basename removes the path part of a file, returning only the filename. Can also handle urls.
	from concurrent.futures import ThreadPoolExecutor # For our concurrent downloads in download_many.

	def get_urls(data, pattern):
	urls = pattern.findall(data.text)
	endings = ['.pdf', '.mobi', '.epub']

	#!/bin/bash

	if [ "$1" = "-h" -o "$1" = "--help" -o -z "$1" ]; then cat <<EOF
	appify v3.0.1 for Mac OS X - http://mths.be/appify
	Creates the simplest possible Mac app from a shell script.

	Appify takes a shell script as its first argument:

	`basename "$0"` my-script.sh

	" Use Vim settings, rather then Vi settings (much better!).
	" This must be first, because it changes other options as a side effect.
	set nocompatible

	" ================ General Config ====================

	set number "Line numbers are good
	set backspace=indent,eol,start "Allow backspace in insert mode
	set history=1000 "Store lots of :cmdline history
	set showcmd "Show incomplete cmds down the bottom

Christian Bagley ChristianBagley

Tools

Hidden Virus

Securely free up space in Macbook harddrive by using SD card

Setup