pedramamini

' Our comments are prefixed with the string "[InQuest]". Other comments are preserved originals from the macro.
' The sample is available for download from InQuest Labs:
'
'   https://labs.inquest.net/dfi/sha256/12d21da9bd0f7d877e04e59ad347b0e8787124c9f0ec170a913451acfb14a3b6
'
' Examining the OLE directory structure with oledump:
'
'   $ oledump.py 12d21da9bd0f7d877e04e59ad347b0e8787124c9f0ec170a913451acfb14a3b6
'     1:       146 '\x01CompObj'
'     2:         6 '\x03ObjInfo'

pedramamini

import sys

if len(sys.argv) != 2:
    sys.stderr.write("usage: %s <input path>\n" % sys.argv[0])
    sys.exit(1)

path  = sys.argv.pop()
data1 = []
data2 = []
data3 = []

pedramamini

#!/usr/bin/env python
# source: https://gist.github.com/pedramamini/54df2648a1b73adf9a0d6d0b1a75ca0a

import os
import re
import sys
import errno
import string

# debug output.

pedramamini

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options]
 "DontUpdateLinks"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options]
 "DontUpdateLinks"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options]
 "DontUpdateLinks"=dword:00000001

pedramamini

import "hash"

private rule Macho
{
    meta:
        description = "private rule to match Mach-O binaries"
    condition:
        uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca

}

pedramamini

'''
IDAPython script that generates a YARA rule to match against the
basic blocks of the current function. It masks out relocation bytes
and ignores jump instructions (given that we're already trying to
match compiler-specific bytes, this is of arguable benefit).

If python-yara is installed, the IDAPython script also validates that
the generated rule matches at least one segment in the current file.

author: Willi Ballenthin <william.ballenthin@fireeye.com>

pedramamini

import sys
import thax
import datetime

y = thax.misc.finance.yahoo()

my_adds = ["ALU", "AMZN", "CMG", "COMS", "DCA", "PLA", "PZZA", "RICK", "UA", "VMW"]
sp_500  = ["BBT", "BDX", "BBBY", "BMS", "BBY", "BIG", "BIIB", "BJS", "BDK", "HRB", "BMC", "BA", "BXP", "BSX", "BMY", "BRCM", "BF.B", "BNI", "CHRW", "CA", "COG", "CAM", "CPB", "COF", "CAH", "CCL", "CAT", "CBG", "CBS", "CELG", "CNP", "CTX", "CTL", "CF", "SCHW", "CHK", "CVX", "CB", "CIEN", "CI", "CINF", "CTAS", "CSCO", "CIT", "C", "CTXS", "CLX", "CME", "CMS", "COH", "KO", "CCE", "CTSH", "CL", "CMCSA", "CMA", "CSC", "CPWR", "CAG", "COP", "CNX", "ED", "STZ", "CEG", "CVG", "CBE", "GLW", "COST", "CVH", "COV", "CSX", "CMI", "CVS", "DHI", "DHR", "DRI", "DVA", "DF", "DE", "DELL", "DDR", "DVN", "DTV", "DFS", "D", "RRD", "DOV", "DOW", "DPS", "DTE", "DD", "DUK", "DYN", "ETFC", "EMN", "EK", "ETN", "EBAY", "ECL", "EIX", "EP", "ERTS", "EQ", "EMC", "EMR", "ESV", "ETR", "EOG", "EFX", "EQR", "EL", "EXC", "EXPE", "EXPD", "ESRX", "XOM", "FDO", "FAST", "FII", "FDX", "FIS", "FITB

pedramamini

#!/usr/bin/env python

# Extract URLs and related contact information from your OSX Messages.app database.
#
# TODO
#   - automatically resolve username and discover contacts database (by largest item count if there is more than one).
#   - make a machine parseable format.
#   - keep track of last found URL (by hash?), allow for periodic run of script and addition to output.
#   - update to latest gruber regex.

pedramamini

#!/usr/bin/env python

"""
blaze through tinder

Setup:
    - proxy / sniff out your auth token and edit constant under imports.
    - API may have changed.
    - it's hard coded to search for girls looking for guys.
    - this was a quick hack, i'm not maintaining it or answering questions about it.

pedramamini

#!/usr/bin/env python

"""
Desktop Background Rotater

Background images:
    http://bitday.me

Crontab entry:
    # min  hr mday month wday command