Seclib seclib
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let valid_logons = (OfficeActivity | |
| | where TimeGenerated > ago(30d) | |
| | where Operation == 'UserLoggedIn' | |
| | summarize by ClientIP); | |
| let only_invalid_logons = (OfficeActivity | |
| | where TimeGenerated > ago(30d) | |
| | where Operation == 'UserLoginFailed' | |
| | summarize by ClientIP) | |
| | join kind=anti (valid_logons) on ClientIP; | |
| OfficeActivity |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| from __future__ import print_function | |
| import os | |
| import sys | |
| debug = 0 | |
| def excepthook(exception_type, exception, traceback): |
seclib
/ shellcode.xlsm
Created
November 20, 2019 13:00
XLM (Excel 4.0 macro) to execute a shellcode into Excel (32 bits) - French Macro code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BEWARE: THIS WILL ONLY WORK IN A FRENCH VERSION OF MS-OFFICE/EXCEL | |
| 1. Open Excel | |
| 2. Click on the active tab | |
| 3. Select "Insérer" | |
| 4. Click on "Macro MS Excel 4.0". | |
| 5. This will create a new worksheet called "Macro1" | |
| ================================================================================ | |
| In the Macro1 worksheet, paste the following block in cells in column A, starting in cell A1: |
seclib
/ VbaProject.OTM
Created
November 20, 2019 13:04
Malicious OTM file 7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4 related to a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| olevba 0.54.2 on Python 3.7.2 - http://decalage.info/python/oletools | |
| =============================================================================== | |
| 7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4\7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4 | |
| Type: OLE | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO ThisOutlookSession.cls | |
| 7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4\7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4 - OLE stream: 'OutlookVbaData/VBA/ThisOutlookSession' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
seclib
/ c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740.bas
Created
November 20, 2019 13:08
VBA Excel Macro threat PoC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| olevba 0.54.2 on Python 3.7.3 - http://decalage.info/python/oletools | |
| =============================================================================== | |
| FILE: a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740 | |
| Type: OpenXML | |
| ------------------------------------------------------------------------------- | |
| VBA MACRO ThisWorkbook.cls | |
| in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook' | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
| (empty macro) | |
| ------------------------------------------------------------------------------- |
seclib
/ ca4f62279d6c7b7f8f7f37b97391f
Created
November 20, 2019 13:16
Python exploit script found on VT
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import subprocess | |
| import re | |
| import binascii | |
| import socket | |
| import struct | |
| import threading | |
| import os | |
| import random | |
| import platform | |
| import decimal |
OlderNewer