Olivier Le Moal olivierlemoal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import base64 | |
| custom_b64 = "CDEFGHIJKLMNOPQRSTUVWXYZABcdefghijklmnopqrstuvwxyzab0123456789+/" | |
| original_b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" | |
| def encode(clear_text): | |
| b64 = base64.b64encode(clear_text) |
olivierlemoal
/ decrypt_lorobot.py
Created
August 11, 2015 22:02
Decrypt files encoded with LoroBot malware
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| from itertools import cycle | |
| import binascii | |
| key = binascii.unhexlify("C9936BCADFBFC0614649334746AE8FCC") | |
| key = bytearray(key) | |
| def xor(data, key): | |
| return bytearray([a ^ b for (a, b) in zip(data, cycle(key))]) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap | |
| # verify : | |
| getcap /usr/bin/dumpcap | |
olivierlemoal
/ Windbg
Last active
August 29, 2015 14:26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| List driver objects : | |
| kd> !object \Driver | |
| Display driver structure : | |
| kd> dt nt!_DRIVER_OBJECT 0x000000 | |
| Display SSDT: | |
| kd> dd dwo(KeServiceDescriptorTable) L100 | |
| Driver : |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [global] | |
| font = Monospace 8 | |
| # Allow a small subset of html markup in notifications and formats: | |
| # <b>bold</b> | |
| # <i>italic</i> | |
| # <s>strikethrough</s> | |
| # <u>underline</u> | |
| # | |
| # For a complete reference see |
olivierlemoal
/ i3pystatus_config.py
Last active
August 29, 2015 14:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| import subprocess | |
| from i3pystatus import Status | |
| status = Status(standalone=True) | |
| # Displays clock like this: | |
| # Tue 30 Jul 11:59:46 PM KW31 | |
| # ^-- calendar week |
olivierlemoal
/ config.base
Last active
August 29, 2015 14:25
i3 base config, gen with j4-make-config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file has been auto-generated by i3-config-wizard(1). | |
| # It will not be overwritten, so edit it as you like. | |
| # | |
| # Should you change your keyboard layout some time, delete | |
| # this file and re-run i3-config-wizard(1). | |
| # | |
| # i3 config file (v4) | |
| # | |
| # Please see http://i3wm.org/docs/userguide.html for a complete reference! |
olivierlemoal
/ remote wireshark
Last active
August 29, 2015 14:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Remote wireshark : | |
| with tshark | |
| ssh <REMOTE HOST> sudo tshark -w - not tcp port 22 | wireshark -k -i - | |
| with tcpdump | |
| ssh <REMOTE HOST> sudo tcpdump -U -s0 -w - -i eth0 'not port 22' | wireshark -k -i - | |
| rwireshark () { ssh $1 sudo tcpdump -U -s0 -w - -i eth0 'not port 22' | wireshark -k -i - } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://talky.io | |
| http://vmux.co | |
| http://vline.com | |
| http://tokbox.com | |
| https://appear.in/ | |
| https://jumpch.at/ | |
| https://www.gruveo.com/ | |
| http://hibuddy.monkeypatch.me/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # We first download the certificate to check | |
| openssl s_client -connect olivierlemoal.fr:443 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' > cert.pem | |
| # We get the OCSP URI from the certificate | |
| openssl x509 -in cert.pem -noout -ocsp_uri | |
| # Get the Issuer URI : | |
| openssl x509 -in cert.pem -noout -text | grep "CA Issuers" | |
| # Download... | |
| wget http://aia.startssl.com/certs/sub.class1.server.ca.crt | |
| # Convert to PEM format from DER | |
| openssl x509 -in sub.class1.server.ca.crt -inform DER -out sub.class1.server.ca.crt |