Skip to content

Instantly share code, notes, and snippets.

Keybase proof

I hereby claim:

  • I am schwartz1375 on github.
  • I am schwartz1375 (https://keybase.io/schwartz1375) on keybase.
  • I have a public key whose fingerprint is 8EC0 8278 AB19 F5E0 90C5 1D84 8CDB 4AF3 8FD9 C834

To claim this, I am signing this object:

@schwartz1375
schwartz1375 / gdBypass.py
Created July 22, 2022 16:20
GuardDuty awsCLI/botocore bypass
# GuardDuty detects common pen testing distros (i.e. Kali, Parrot, etc) and reports PenTest Findings
# https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux
# This done by the awsCLI/botocore package in the sessions.py code.
# platform.system() and platform.release() this script attempts to replace both of these
import inspect
import sys
try:
from botocore import session
except ModuleNotFoundError:
@schwartz1375
schwartz1375 / ec2-ip-rotate.sh
Last active June 27, 2023 19:28
Bash script rotates the public IP address of an Amazon EC2 instance.
#!/usr/bin/env bash
function error_exit
{
echo "$1" 1>&2
exit 1
}
case $1 in
'start')
@schwartz1375
schwartz1375 / estimateComplexity.py
Created March 3, 2024 12:39
This script estimates the cyclomatic complexity of a binary file by analyzing the assembly code extracted using objdump.
__author__ = 'Matthew Schwartz'
import argparse
import subprocess
def get_assembly_code(binary_file):
try:
output = subprocess.check_output(["objdump", "-d", binary_file], text=True)
return output
except Exception as e:
@schwartz1375
schwartz1375 / peComplexityAnalyzer.py
Created March 3, 2024 12:41
peComplexityAnalyzer.py is a Python script designed to estimate the cyclomatic complexity of PE (Portable Executable) files, commonly used in Windows environments.
__author__ = 'Matthew Schwartz'
'''
This script utilizes pefile for parsing PE file structures and capstone for disassembling the binary code. The primary focus is on accurately extracting and analyzing the assembly code from executable sections of the PE file to calculate cyclomatic complexity, a metric that provides insight into the code's complexity and potential maintainability issues.
'''
import sys
import pefile
import capstone
def disassemble_pe(input_file):
@schwartz1375
schwartz1375 / imphash.py
Created March 23, 2024 10:53
Tracking Malware with Import Hashing
# Tracking Malware with Import Hashing
# https://www.mandiant.com/resources/blog/tracking-malware-import-hashing
import pefile
import argparse
import sys
def Main(file):
print("Interrogating file: '%s'" % file)
try: