Pedram Amini pedramamini
👋
neu5ron
/ dynamic-dns.txt
Last active
September 10, 2022 10:08
This list has moved to the repo https://github.com/neu5ron/dynamic_dns_lists
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 3d-game.com #dtdns.com | |
| 4irc.com #dtdns.com | |
| b0ne.com #dtdns.com | |
| bbsindex.com #dtdns.com | |
| chatnook.com #dtdns.com | |
| darktech.org #dtdns.com | |
| deaftone.com #dtdns.com | |
| dtdns.net #dtdns.com | |
| effers.com #dtdns.com | |
| etowns.net #dtdns.com |
neu5ron
/ dynamic-dns-providers
Last active
May 18, 2024 11:55
This list has moved to the repo https://github.com/neu5ron/dynamic_dns_lists
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dynu.com | |
| dyn.com | |
| no-ip.com | |
| noip.com | |
| changeip.com | |
| afraid.org | |
| duckdns.org | |
| dnsdynamic.org | |
| duiadns.net | |
| myonlineportal.com |
williballenthin
/ yara_fn.py
Last active
December 4, 2020 05:25
generate a yara rule that matches the basic blocks of the current function in IDA Pro
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| IDAPython script that generates a YARA rule to match against the | |
| basic blocks of the current function. It masks out relocation bytes | |
| and ignores jump instructions (given that we're already trying to | |
| match compiler-specific bytes, this is of arguable benefit). | |
| If python-yara is installed, the IDAPython script also validates that | |
| the generated rule matches at least one segment in the current file. | |
| author: Willi Ballenthin <[email protected]> |
wdormann
/ disable_ddeauto.reg
Last active
October 1, 2024 17:10
Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 |
DissectMalware
/ deobfuscate_string_format.py
Last active
January 23, 2022 20:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| import argparse | |
| def deobfuscate(input_str): | |
| regex_str = r"[\(\{]\s*\"(?P<format>[^\)]*?)\"\s*\-f\s*(?P<params>.*?)[\)\}]" | |
| regex = re.compile(regex_str, re.MULTILINE | re.IGNORECASE) | |
| for match in reversed(list(regex.finditer(input_str))): | |
| format_str = match.group('format') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from __future__ import print_function | |
| import idc | |
| import idaapi | |
| import idautils | |
| import flare_emu | |
| import unicorn | |
| # test sample https://www.virustotal.com/gui/file/c7a9609c212f275415e678ac7452f19aa9fbc39f9c1fd2708f43629edfd28a3e/detection | |
| decrypted_blocks = [] |
pedramamini
/ chrome_fetch.py
Last active
March 27, 2024 21:41
CLI tool and library for fetching content via Chrome driven by Selenium. Has some tricks up its sleeve to evade mechanized browser detection.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| CLI tool and library for fetching content via Chrome driven by Selenium. Has some tricks up its sleeve to evade | |
| mechanized browser detection. | |
| Pedram Amini | |
| https://pedramamini.com | |
| Requirements: | |
| pip install selenium | |
| pip install webdriver_manager |