Andreas Hunkeler Karneades

Convert unix timestamps in a file using sed and date

Replace unix (epoc) timestamp to other format without changing the file, only print the changes

The /e modifier can be dangerous because it runs the resulting string as code. It is basically an eval() wrapped inside a regex engine. Nonetheless, if you know the content of the file, the sed command is one of the shortest to replace unix timestamps in a file.

# default format used by date
$ sed -E 's/([0-9]{10})/echo ""$(date -d @\1)/e' test.txt
Fri Jan 22 14:00:31 2021 my log entry

	<#
	Requires PowerShell module powershell-yaml (https://github.com/cloudbase/powershell-yaml)

	See https://github.com/swisscom/PowerGRR/wiki/Use-registry-keys-from-Sigma-rules-as-input-for-PowerGRR-registry-flows.

	The first wildcard will be replace by both HKLM and HKCU,
	additional wildcards will be left as they are, e.g. values
	in CurrentControlSet or ControlSet001 would be found.

	PS> Get-SigmaRegistryKeys ..\apt_chafer_mar18_only_one_key.yml.txt

	# Karneades (2019)
	# CyberChef recipe: https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true)Remove_null_bytes()

	import sys
	from base64 import b64encode,b64decode

	if len(sys.argv) < 2:
	print ("Usage: python3 ps-decode.py <encodedCommand>")
	sys.exit(-1)

	; When within PS, use Ctrl-L to perform cls
	#IfWinActive ahk_class ConsoleWindowClass
	^l::SendInput {Esc}cls{Enter}
	; When within PS, use Ctrl-P to perform Arrow-UP
	^p::SendInput {Up}
	; When within PS, use Ctrl-N to perform Arrow-Down
	^n::SendInput {Down}
	; When within PS, use Ctrl-E to perform End
	^e::SendInput {End}
	; When within PS, use Ctrl-A to perform Home

	#!/usr/bin/env python3
	from sys import argv

	def levenshtein(a,b):
	"Calculates the Levenshtein distance between a and b."
	n, m = len(a), len(b)
	if n > m:
	# Make sure n <= m, to use O(min(n,m)) space
	a,b = b,a
	n,m = m,n

	# See https://tio.run/##dU9BboNADDzDK6Y3UEobegQ2L@ipV8TBEkuxcBZ1gVRRk7fT3aVVVTW9WOOxPZ5pqTPndT3quR9bvOiTtpNOqABZS@eKzXxI48jqt4WtnkC4UzCLSBlHx7Hljj3pGm2mxS90oyURDCgK7FEphyrQw7M2r3MPpQ6gemgcwChtQnXyPcvyFBmGJi3jjzg6kYWgUD@nGfJy49nze9e89ywaCbsPkrGzGbFxC0xm3n6zL4ns8vTxqfw1vmmTcbl4JQcHz8kNv5IFi/9p8ZeWCjp/z7djFzCimpt7eEFuQtCAPMNN0PckYxdiX@Prun4C
	method Reverse(a: array<int>)
	requires a != null;
	modifies a;
	ensures forall k :: 0 <= k < a.Length ==> a[k] == old(a[(a.Length-1) - k]);
	{
	var l := a.Length - 1;
	var i := 0;
	while (i < l-i)
	invariant 0 <= i <= (l+1)/2;

	# enable colors
	autoload -U colors && colors

	# vi mode
	bindkey -v

	# default color (white)
	prompt_color="\$reset_color"

	# set color based on current mode

	func! PhrackLevel(elements)
	if getline(v:lnum) =~ '^--[ \d\.\d\.\d .*$'
	return ">3"
	endif
	if getline(v:lnum) =~ '^--[ \d\.\d .*$'
	return ">2"
	endif
	if getline(v:lnum) =~ '^--[ .*$'
	return ">1"
	endif

	" Use :RRFolding in VIM to enable plugin folding
	" fold on <pluginname> v.XXXXXX
	func! SetRegRipper()
	setlocal foldexpr=getline(v:lnum)=~\'^\\w\\+.*\\sv\\.'?'>1':'='
	setlocal foldmethod=expr
	endfunc
	command! RRFolding :call SetRegRipper()

	+ t r & ! t t
	u Zip or unzip selected file
	if [ %x = "zip" ]; then
	unzip %f
	else
	zip %b.zip %f
	fi

	+ t t
	u Zip tagged files