I hereby claim:
- I am schwartz1375 on github.
- I am schwartz1375 (https://keybase.io/schwartz1375) on keybase.
- I have a public key whose fingerprint is 8EC0 8278 AB19 F5E0 90C5 1D84 8CDB 4AF3 8FD9 C834
To claim this, I am signing this object:
schwartz1375
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Tracking Malware with Import Hashing | |
| # https://www.mandiant.com/resources/blog/tracking-malware-import-hashing | |
| import pefile | |
| import argparse | |
| import sys | |
| def Main(file): | |
| print("Interrogating file: '%s'" % file) | |
| try: |
schwartz1375
/ peComplexityAnalyzer.py
Created
March 3, 2024 12:41
peComplexityAnalyzer.py is a Python script designed to estimate the cyclomatic complexity of PE (Portable Executable) files, commonly used in Windows environments.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __author__ = 'Matthew Schwartz' | |
| ''' | |
| This script utilizes pefile for parsing PE file structures and capstone for disassembling the binary code. The primary focus is on accurately extracting and analyzing the assembly code from executable sections of the PE file to calculate cyclomatic complexity, a metric that provides insight into the code's complexity and potential maintainability issues. | |
| ''' | |
| import sys | |
| import pefile | |
| import capstone | |
| def disassemble_pe(input_file): |
schwartz1375
/ estimateComplexity.py
Created
March 3, 2024 12:39
This script estimates the cyclomatic complexity of a binary file by analyzing the assembly code extracted using objdump.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __author__ = 'Matthew Schwartz' | |
| import argparse | |
| import subprocess | |
| def get_assembly_code(binary_file): | |
| try: | |
| output = subprocess.check_output(["objdump", "-d", binary_file], text=True) | |
| return output | |
| except Exception as e: |
schwartz1375
/ ec2-ip-rotate.sh
Last active
June 27, 2023 19:28
Bash script rotates the public IP address of an Amazon EC2 instance.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| function error_exit | |
| { | |
| echo "$1" 1>&2 | |
| exit 1 | |
| } | |
| case $1 in | |
| 'start') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GuardDuty detects common pen testing distros (i.e. Kali, Parrot, etc) and reports PenTest Findings | |
| # https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html#pentest-iam-kalilinux | |
| # This done by the awsCLI/botocore package in the sessions.py code. | |
| # platform.system() and platform.release() this script attempts to replace both of these | |
| import inspect | |
| import sys | |
| try: | |
| from botocore import session | |
| except ModuleNotFoundError: |
schwartz1375
/ keybase.md
Created
December 1, 2016 15:06