Skip to content

Instantly share code, notes, and snippets.

rule GenericPowershell
{
strings:
$a = "PS>function"
$b = "Invoke-Expression"
$c = "<MS><S N="
$d = "</MS></Obj>"
$e = "CompileAssemblyFromSource"
$f = "Remoting.RemoteHostMethodId"
$g = "<resp:Arguments"
@atcuno
atcuno / gist:3425484ac5cce5298932
Last active November 8, 2024 00:20
HowTo: Privacy & Security Conscious Browsing

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents

@atcuno
atcuno / gist:4228600
Created December 6, 2012 21:23
parseI.py
# Written By: Andrew Case / andrew [ @ ] memoryanalysis.net
# Script based off file structure documented at:
# http://www.forensicfocus.com/downloads/forensic-analysis-vista-recycle-bin.pdf
# prints CSV list of file size, delete time in local time, and full path on disk of deleted file
import sys, struct, datetime, os
def parse_i_file(i_file_path):
try: