Fred Frey fryguy04
fryguy04
/ vti_summarize.py
Last active
March 11, 2019 14:11
Given VirusTotal API Key & Malware Hash, summarize key words that AntiVirus companies used to describe it .. Example output for PWdump hash: d1337b9e8bac0ee285492b89f895cadb pwdump trojan pswtool hacktool malicious riskware virus malware pwdump7 pwcrack 001b9ce61 hktl orsam unsafe genericpmf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # File: vti_summarize.py | |
| # Description: Given VirusTotal API Key & Malware Hash, summarize key words that AntiVirus companies used to describe it | |
| # Author: Fred Frey | |
| # Date: 3/10/2019 | |
| import requests | |
| import json | |
| import re |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Scrapes pfSense DHCP Leases into List of (IP, MAC, Hostname) format. | |
| # Change URL/Username/Password below ... pip install lxml ... then you are all set. | |
| # | |
| # Modified 6/23/2019 (FryGuy) | |
| # Edits: Aligned IP/MAC/Hostname into struct accounting for blank lines | |
| # Minor: Cleaned up spacing, created global url/user/password vars, removed write to file | |
| # Original Code/Inspiration: https://gist.github.com/pletch/037a4a01c95688fff65752379534455f | |
| import sys |
fryguy04
/ Sysmon-AllVersions_Parser_SnapAttack.txt
Created
May 6, 2022 15:08
Improved Sysmon Sentinel Kusto parser - Extracts ProcessName, ParentProcessName, MD5, SHA256, IMPHASH for easier searching.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // KQL Sysmon Event Parser - Customized for SnapAttack use | |
| // | |
| // Heavily based on: https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/Sysmon/Sysmon-AllVersions_Parser.txt | |
| // Usage Instruction : | |
| // Paste below query in log analytics, click on Save button and select as Function from drop down by specifying function name and alias (e.g. Sysmon_Normalized). | |
| // Function usually takes 10-15 minutes to activate. You can then use function alias from any other queries (e.g. Sysmon_Normalized | take 10). | |
| // Reference : | |
| // Using functions in Azure monitor log queries : https://docs.microsoft.com/azure/azure-monitor/log-query/functions | |
| // Tech Community Blog on KQL Functions : https://techcommunity.microsoft.com/t5/Azure-Sentinel/Using-KQL-functions-to-speed-up-analysis-in-Azure-Sentinel/ba-p/712381 | |
| // |