Dave Hull davehull

Work Accounts: https://github.com/davehull-wiz https://github.com/davehull-rc

272 followers · 71 following

Various and sundry
I am from enternetz
http://trustedsignal.blogspot.com/

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

davehull / davehull.sh

Created May 3, 2011 05:17 — forked from errzey/davehull.sh

Example script to show how to do an intelligent merge-sort in parallel

	#!/bin/bash

	# determines number of proccessors, splits a large file into sizes that
	# can be consumed by n-1 sort processes (where n is the number of processors)
	#
	# After the file has been split up properly, it will run a sort on each split
	# file in parallel. Once all processes have completed, a merge sort is executed.
	#
	# mthomas@n2o:~/words [100%] $ du -h big
	# 1.7G big

davehull / meta-outliers.py

Created September 12, 2011 03:56

This script takes output from The Sleuth Kit's fls command (specifically fls -arp), calculates the average metadata address for all files per directory, calculates the standard deviation for each directory, then returns a list of files with outlier metada

	#!/usr/bin/env python
	#
	# script name: meta-outliers.py
	#
	# In the spirit of release early, release often, here's a script
	# that's part of a larger project I'm working on.
	#
	# What does it do?
	# Parses the output from the Sleuth Kit's fls command.
	# More specifically fls -arp run against a disk image or dev.

davehull / get_meta.py

Created December 11, 2011 23:37

This Python function builds a dictionary from the lines of a bodyfile as produced by The Sleuth Kit's fls command

	def get_meta(bodyfile):
	fname_skip_cnt = bad_line = total_lines = 0
	meta = {}

	fi = open(bodyfile, 'rb')
	for line in fi:
	total_lines += 1
	try:
	md5,ppath,inode,mode,uid,gid,size,atime,mtime,ctime,crtime = line.rstrip().split("\|")
	except:

davehull / uid_dist.py

Created December 12, 2011 01:16

This Python function analyzes the distribution of uids on a per directory basis.

	Give this method the output of git://gist.github.com/1464048.git and it will go through the list
	and calculate the distribution of uids on a per directory basis. It could be easily modified to do
	the same for gids and permissions.

	This may be useful to find malicious files in a file system that have unusual uids, say for instance
	in a directory like /usr/lib where everything is normally uid 0, an attacker may have an archive that
	drops files in the directory with different uids. Yes, I've seen this before.

	def get_uid_freq_by_dir(items):
	for path_name, file_name in items:

davehull / get_meta_by_dir.py

Created December 12, 2011 01:23

Convert dictionary of file system metadata to a sorted list of dictionaries.

	Takes the unsorted Python dictionary of file system metadata created by
	git://gist.github.com/1463512.git and converts it to a sorted list of dictionaries containing
	files and their metadata elements.

	def get_meta_by_dir(dictionary):
	# Sort the dictionary, return a list of dictionaries
	items = [(pname, fname) for pname, fname in dictionary.items()]
	items.sort()
	return items

davehull / Resolve-KnownFolderGUID

Last active October 27, 2024 04:02

Need to resolve a Windows "known folder guid" to it's human-readable value?

	[CmdletBinding()]
	Param(
	[Parameter(Mandatory=$True,Position=0)]
	[String]$GUID
	)

	function Resolve-KnownFolderGuid {
	Param(
	[Parameter(Mandatory=$True,Position=0)]
	[String]$GUID

davehull / Resolve-WindowsGUID.ps1

Last active July 12, 2024 22:28

Useful for resolving some Windows GUIDs to human friendly values

	<#
	.SYNOPSIS
	Resolves many Windows GUIDs to human friendly values.

	.DESCRIPTION
	Resolve-WindowsGUID.ps1 takes a GUID from a Windows system and attempts
	to return a human friendly value from either a static list or from a
	dynamically generated list of LogProvider GUIDs. There are undoubtedly
	other GUIDs in use throughout Windows that will not fall into either of
	these sets. If you encounter a GUID that you can't resolve via this

davehull / XOR-Decrypt.ps1

Last active August 29, 2015 14:20

MCCS1C4

	<#
	.SYNOPSIS
	XOR-Decrypt.ps1 takes a hexadecimal encoded string and uses the English
	alpha and numeric characters as a key space, XORing the string with
	each single character and returning a XOR decrypted string.
	.PARAMETER hexString
	A required argument -- the hexadecimal encoded string to be decoded.
	.PARAMETER AllResults
	An optional switch that causes the script to return the all decrypted
	objects, by default the script will only return the object with the

davehull / XOR-Encrypt.ps1

Created May 6, 2015 05:37

MCCS1C5

	<#
	.SYNOPSIS
	XOR-Encrypt.ps1 takes a string of text to be encrypted and a key. Each
	byte of the input string will be XOR'd with a byte from the key. If
	the key is not as long as the input string, the key will repeat.
	.PARAMETER String
	A required parameter, the string to be encoded.
	.PARAMETER key
	A required parameter, the key that the string will be XOR'd with.
	.EXAMPLE

davehull / XOR Brutr Output

Last active March 30, 2022 14:15

eatoin shrdlu: XOR Encryption and Hamming Distance

	I've been playing around with Matasano Crypto Challenges for my own edification.
	It's been fun and insightful. I've learned a number of new things and enjoyed
	doing so. If you're a mediocre programmer like me and have an interest in crypto,
	I highly recommend checking out the challenges -- http://cryptopals.com/.

	A few of the exercises in set 1 have you playing around with XOR for encryption.
	You create a script that can brute force single key decryption and if you're
	ambitious you'll write a function that will examine letter frequencies of the
	output and score the results, returning the one that is most likely to be
	English. I wrote multiple scoring functions for this, one that counts English

OlderNewer