I hereby claim:
- I am iidx on github.
- I am extr (https://keybase.io/extr) on keybase.
- I have a public key whose fingerprint is 375E 3646 C3B3 66B6 D354 AB3A 06AA D146 AB5D 8B26
To claim this, I am signing this object:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| import urllib2 as u | |
| import re | |
| def GetDataFromURL(url): | |
| req = u.Request(url) | |
| stream = u.urlopen(req).read() | |
| return stream | |
| def GetHarim(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('b(f("%h%g%2%4%e%5%2%d%1%6%c%0%8%3%1%6%q%0%3%1%7%7%a%o%5%p%i%2%m%4%9%j%0%8%k%0%9%l%1%a%3%n"));',27,27,'30|69|72|3B|28|61|3D|2D|31|22|29|eval|34|20|76|unescape|6F|66|65|32|36|2B|74|7D|7B|6C|3E'.split('|'),0,{})) |
iidx
/ μμΈμ½λ©μ§μ§μ’κ°λ€.py
Created
April 6, 2016 12:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| import re, json | |
| import urllib2 as u | |
| bmsurl = "http://www.dream-pro.info/~lavalse/LR2IR/search.cgi?mode=ranking&bmsid=" | |
| def urlreq(url): | |
| try: | |
| return u.urlopen(u.Request(url)).read() | |
| except Exception as e: |
iidx
/ LR2IRLog_20160321224723627927_20160522180636453785.csv
Created
May 28, 2016 12:08
LR2 IR Connection Log (2016-03-21 22:47:23 - 2016-05-22 18:06:36)
We can't make this file beautiful and searchable because it's too large.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Time, Total BMS, Total Player, Now Playing, Total Score | |
| 2016-03-21 22:47:23.627927,225408,78743,175,13876362 | |
| 2016-03-21 22:48:27.966975,225408,78743,170,13876372 | |
| 2016-03-21 22:49:31.414692,225408,78743,166,13876380 | |
| 2016-03-21 22:50:35.234392,225408,78743,161,13876393 | |
| 2016-03-21 22:51:40.339887,225408,78743,164,13876403 | |
| 2016-03-21 22:52:45.966743,225408,78743,162,13876409 | |
| 2016-03-21 22:53:50.267170,225408,78743,157,13876417 | |
| 2016-03-21 22:54:55.721988,225408,78743,165,13876426 | |
| 2016-03-21 22:55:59.270184,225408,78743,160,13876437 |
iidx
/ asdasdasdasdasd
Created
October 12, 2018 13:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AFSEnvironment" : 0, | |
| "AFSUrl" : "https://activity.windows.com", | |
| "ActivityStoreInfo" : [ | |
| { | |
| "active" : true, | |
| "activityStoreId" : "D2A9DE73-67FE-B86E-A51D-C069D0A2EF6A", | |
| "stableUserId" : "98b5534bd174e8e1" | |
| }, | |
| { |
iidx
/ Keybase.md
Created
May 22, 2020 06:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @import "https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700"; | |
| @font-face { | |
| font-family: 'neon_tubes_2regular'; | |
| src: url('/static/font/neontubes2-webfont.woff2') format('woff2'), | |
| url('/static/font/neontubes2-webfont.woff') format('woff'); | |
| font-weight: normal; | |
| font-style: normal; | |
| } |
iidx
/ 2020 BingoCTF - Disassembled Solution.md
Last active
November 14, 2020 05:46
To solve the problem, focus on what malware did to the registry after 2020 November 7 14:00 (UTC+9) .Therefore, it is intended to be found using the 'last modification time' of the subkey.
λ¬Έμ λ₯Ό ν΄κ²°νκΈ° μν΄μ , 2020λ 11μ 7μΌ 14μ(UTC+9) μκ° μ΄νμ μ€νλ μ μ±μ½λκ° λ μ§μ€νΈλ¦¬μ μ΄λ€ νμλ₯Ό μννμλκ°μ μ΄μ μ λ§μΆλ©΄ λ©λλ€. λ°λΌμ, λ μ§μ€νΈλ¦¬μ λ§μ§λ§ ν€ μμ μκ°μ μ΄μ©ν΄ μ°Ύμ μ μλλ‘ μλνμμ΅λλ€.
The registry hive file in problem is not analyzed by normal registry analysis tools. the analysis tool should be able to load the registry transaction log file with the hive.
ν΄λΉ λ¬Έμ μ λ μ§μ€νΈλ¦¬ νμ΄λΈ νμΌμ μΌλ°μ μΈ λ μ§μ€νΈλ¦¬ λΆμ λκ΅¬λ‘ λΆμλμ§ μμ΅λλ€. λΆμ λκ΅¬κ° λ μ§μ€νΈλ¦¬ νΈλμ μ λ‘κ·Έ νμΌμ νμ΄λΈμ ν¨κ» λ‘λ©ν μ μμ΄μΌν©λλ€.
Registry transaction log files serve as a journal to temporarily store data before it is written to the registry hive. If the registry hive is locked, it cannot be written directly, so use that method. You can check the transaction log format from the following link.
λ μ§μ€νΈλ¦¬ νΈλμμ λ‘κ·Έ νμΌμ λ°μ΄ν°κ° λ μ§μ€νΈλ¦¬ νμ΄λΈμ κΈ°λ‘λκΈ° μ μ μμμ μΌλ‘ λ°μ΄ν°λ₯Ό μ μ₯νλ μ λ μν μ ν©λλ€. λ μ§μ€νΈλ¦¬ νμ΄λΈκ° μ κΉ μνμΌ κ²½μ° μ§μ μΈ μ μκΈ° λλ¬Έμ ν΄λΉ λ°©μμ μ¬μ©ν©λλ€. νΈλμ μ λ‘κ·Έ νμμ λ€μ λ§ν¬μμ νμΈνμ€ μ μμ΅λλ€
iidx
/ pbctf_vaccine_stealer.md
Last active
April 1, 2024 13:42
[PBCTF 2020] Vaccine Stealer Write-up
- Challenge Author: extr(@bemusicscript)
- Download Link: https://drive.google.com/file/d/10XZD5S2FCdPyugSvoIkWD8s3pH20hQS2/view
- Solver: 2
An employee's PC at a COVID-19 vaccine manufacturer was infected with a malware.
- Name: Nyong Coin
- Author: extr
- Category: Forensics
- Point: 140
- Download: https://1drv.ms/u/s!At0nZXK3fObIgoQAMtilBAZd017Klg?e=7VKBqz
- Scenario
OlderNewer