My OBDLink SX data:
>AT I
ELM327 v1.3a
>ST DI (HARDWARE ID STRING)
OBDLink SX r4.2
>ST I (FIRMARE ID STRING)
akpotter akpotter
akpotter
/ elf_sigs.sh
Created
July 31, 2019 09:31
— forked from colatkinson/elf_sigs.sh
A Bash script to sign and verify ELF executables with embedded GPG signatures
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| function verify_file { | |
| unsig_exe_tmp=`mktemp`; | |
| # Remove the signature from the file and save to disk | |
| objcopy --remove-section=sigdata $1 $unsig_exe_tmp; | |
| # Extract the signature and verify it against the unsigned executable | |
| objcopy --dump-section sigdata=/dev/stdout $1 | gpg --verify - $unsig_exe_tmp; |
akpotter
/ uid_awk.sh
Created
July 18, 2019 06:14
— forked from staaldraad/uid_awk.sh
Get the uid, gid and user groups without touching /etc/passwd or running the `id` command
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| awk -F: 'END {print "uid:"u" gid:"g" groups:"gg}{if($1=="Uid"){split($2,a," ");u=a[1]}if($1=="Gid"){split($2,a," ");g=a[1]}if($1=="Groups"){gg=$2}}' /proc/self/status |
akpotter
/ awk_netstat.sh
Created
July 18, 2019 06:14
— forked from staaldraad/awk_netstat.sh
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Gawk version | |
| # Remote | |
| grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}' | |
| # Local | |
| grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}' | |
| # No Gawk | |
| # Local | |
| grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){ |
akpotter
/ Get-InjectedThread.ps1
Created
May 23, 2019 08:36
— forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |
akpotter
/ IOCs
Created
May 16, 2019 08:05
— forked from Blevene/IOCs
Winnit: More than Just Windows and Gates, IOCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Source Blog Post | |
| https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a | |
| --- | |
| #Yara Rules | |
| --- | |
| rule WinntiLinux_Dropper : azazel_fork | |
| { | |
| meta: | |
| desc = "Detection of Linux variant of Winnti" |
akpotter
/ iddqd.yar
Created
May 16, 2019 03:41
— forked from Neo23x0/iddqd.yar
IDDQD - Godmode YARA Rule
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| _____ __ __ ___ __ | |
| / ___/__ ___/ / / |/ /__ ___/ /__ | |
| / (_ / _ \/ _ / / /|_/ / _ \/ _ / -_) | |
| \___/\___/\_,_/_/_/__/_/\___/\_,_/\__/ | |
| \ \/ / _ | / _ \/ _ | / _ \__ __/ /__ | |
| \ / __ |/ , _/ __ | / , _/ // / / -_) | |
| /_/_/ |_/_/|_/_/ |_| /_/|_|\_,_/_/\__/ | |
| Florian Roth - v0.3 May 2019 | |
akpotter
/ honda-fit-sport-2013-obd2-notes.md
Created
April 18, 2019 08:31
— forked from JamesHagerman/honda-fit-sport-2013-obd2-notes.md
Sniffing OBDII on 2013 Honda Fit Sport
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Text; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.ComponentModel; | |
| using System.Linq; | |
| using System.Net; | |
| using System.Net.Sockets; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Text; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.ComponentModel; | |
| using System.Net; | |
| using System.Net.Sockets; | |
| using System.Workflow.Activities; | |
| public class Program : SequentialWorkflowActivity |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <CompilerInput xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.datacontract.org/2004/07/Microsoft.Workflow.Compiler"> | |
| <files xmlns:d2p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays"> | |
| <d2p1:string>Rev.Shell</d2p1:string> | |
| </files> | |
| <parameters xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Workflow.ComponentModel.Compiler"> | |
| <assemblyNames xmlns:d3p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" /> | |
| <compilerOptions i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" /> | |
| <coreAssemblyFileName xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler"></coreAssemblyFileName> | |
| <embeddedResources xmlns:d3p1="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns="http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler" /> |