Skip to content

Instantly share code, notes, and snippets.

View adulau's full-sized avatar
👨‍💻
Doing stuff

Alexandre Dulaunoy adulau

👨‍💻
Doing stuff
1.4k followers · 2.9k following
View GitHub Profile
@adulau
adulau / compression-algorithms.md
Last active August 30, 2021 14:50
List of compression algorithms
@adulau
adulau / gist:27b93f85d58f336167833181b9f22e35
Last active December 18, 2021 16:47
Bloomfilter-like papers

Bloom filter papers

Bloom filter is a space-efficient probabilistic data structure, conceived by Burton Howard Bloom in 1970, that is used to test whether an element is a member of a set. False positive matches are possible, but false negatives are not – in other words, a query returns either "possibly in set" or "definitely not in set".

Counting bloom filter

A counting Bloom filter (CBF) generalizes a Bloom filter data structure so as to allow membership queries on a set that can bechanging dynamically via insertions and deletions. As with a Bloom filter,a CBF obtains space savings by allowing false positives. We provide asimple hashing-based alternative based ond-left hashing called ad-leftCBF (dlCBF). The dlCBF offers the same functionality as a CBF, butuses less space, generally saving a factor of two or more. We describethe construction of dlCBFs, provide an analysis, and demonstrate theireffectiveness experimentally

@adulau
adulau / cpe-mapping.md
Last active March 11, 2024 02:14
Product Name to CPE naming

CPE mapping with the product or software name

Problem

IdentifyingNumber : {D307B5CF-D1F0-48A4-8DA3-54765F535208}
Name              : SQL Server 2012 SQL Data Quality Common
Vendor            : Microsoft Corporation
Version           : 11.2.5058.0
Caption : SQL Server 2012 SQL Data Quality Common
@adulau
adulau / hashlookup-circl-lu.md
Last active September 3, 2024 17:03
hashlookup.circl.lu - examples

hashlookup.circl.lu

CIRCL hash lookup is a public API to lookup hash values against known database of files. NSRL RDS database is included. More database will be included in the future. The API is accessible via HTTP ReST API and the API is also described as an OpenAPI.

Get information about the hash lookup database (via ReST)

curl -X 'GET' \
  'https://hashlookup.circl.lu/info' \
 -H 'accept: application/json'
@adulau
adulau / facebook-533m-analysis.md
Last active March 26, 2025 05:21
Facebook 533m leak - analysis

Warning: Analysis is based on the data leaked and subject to interpretation

Format

The original leak contains a zip with various files Zip per "country" with typographic errors and geographic errors. Some files are rar and 7z too.

CSV headers

There are multiple inconsistencies of position and size in the various contry files (merged from different sources?).

@adulau
adulau / automatic-analysis-suspicious-binaries.md
Created March 20, 2021 07:53
Notes for automatic analysis suspicious binaries

Tools

capa (from fireeye)

capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.

Papers

@adulau
adulau / API-Matrix-references.md
Last active January 27, 2021 09:12
API Matrix.org references and notes
@adulau
adulau / NLP-notes.md
Created August 10, 2020 14:27
NLP

Install pipe module for spacy.io

export CPPFLAGS="-std=c++98"; pip3 install textpipe

@adulau
adulau / cve-search-fun.md
Created June 10, 2020 15:07
How to use cve-search - funny command lines

Generate PDFs from a set of CVE found by CPE

curl "http://127.0.0.1:5000/api/search/smiths-medical" | jq -r ".[] | .[].id" | parallel --gnu "python3 cve_doc.py -a http://127.0.0.1:5000/ -c {} >/tmp/{}.asc; cd /tmp; asciidoctor-pdf {}.asc"
@adulau
adulau / misp-galaxy-analysis.md
Created June 9, 2020 14:38
MISP threat-actor galaxy - usage from the command line

Extract all names and synonyms

cat threat-actor.json | jq --raw-output ".values | [.[].value, .[].meta.synonyms] | flatten | .[] " | grep -v "null"