Tuan T tuantmb
😹
tuantmb
/ pdf_flatedecode.py
Created
December 8, 2021 15:31
— forked from averagesecurityguy/pdf_flatedecode.py
Decompress FlateDecode Objects in PDF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # This script is designed to do one thing and one thing only. It will find each | |
| # of the FlateDecode streams in a PDF document using a regular expression, | |
| # unzip them, and print out the unzipped data. You can do the same in any | |
| # programming language you choose. | |
| # | |
| # This is NOT a generic PDF decoder, if you need a generic PDF decoder, please | |
| # take a look at pdf-parser by Didier Stevens, which is included in Kali linux. | |
| # https://tools.kali.org/forensics/pdf-parser. | |
| # |
tuantmb
/ Threat Hunting for File Hashes as an IOC
Created
November 15, 2021 06:46
— forked from Shivammalaviya/Threat Hunting for File Hashes as an IOC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let MaxAge = ago(7d); | |
| let SHA256_whitelist = pack_array( | |
| 'hhh' // SHA256 that you want to whitelist. | |
| ); | |
| let abuse_ch = (externaldata(sha256_hash: string,signature:string ,vtpercent:string ) | |
| [@"https://bazaar.abuse.ch/export/csv/recent/"] | |
| with (format="txt")) | |
| | where sha256_hash !startswith "#" | |
| | project sha256_hash,signature,vtpercent; | |
| abuse_ch |
tuantmb
/ Threat Hunting with AIP
Created
October 27, 2021 23:16
— forked from Shivammalaviya/Threat Hunting with AIP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let AIPBlacklist = externaldata(Number:string,IP: string,values:dynamic) [@"https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/Todays-Blacklists/AIP_blacklist_for_IPs_seen_last_24_hours.csv", | |
| @"https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/Todays-Blacklists/AIP_historical_blacklist_prioritized_by_newest_attackers.csv",@"https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/Todays-Blacklists/AIP_historical_blacklist_prioritized_by_repeated_attackers.csv"] | |
| with (format="csv",ignoreFirstRecord=true) | |
| | where IP !startswith "#" | |
| | project IP; | |
| AIPBlacklist | |
| | join (DeviceNetworkEvents | |
| | where ActionType in ("ConnectionSuccess","InboundConnectionAccepted","ConnectionFound") | |
| ) | |
| on $left.IP == $right.RemoteIP |
tuantmb
/ List of API endpoints & objects
Created
June 29, 2021 08:51
— forked from yassineaboukir/List of API endpoints & objects
A list of 3203 common API endpoints and objects designed for fuzzing.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0 | |
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 1 | |
| 1.0 | |
| 10 | |
| 100 | |
| 1000 |
tuantmb
/ scrdec18-VC8.exe
Created
June 29, 2021 08:22
— forked from bcse/scrdec18-VC8.exe
Windows Script Decoder 1.8 (Decoding JScript.Encoded)
tuantmb
/ scanning_cobaltstrike_config.csv
Created
June 18, 2021 09:38
— forked from svch0stz/scanning_cobaltstrike_config.csv
scanning_cobaltstrike_config.csv
We can make this file beautiful and searchable if this error is corrected: Unclosed quoted field in line 5.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ip,port,time_scanned,arch,Beacon Type,Port,Polling,Jitter,Max DNS,C2 Server,User Agent,HTTP Method Path 2,Header 1,Header 2,Injection Process,Pipe Name,Year,Month,Day,DNS Idle,DNS Sleep,Method 1,Method 2,Spawn To,Proxy Hostname,Proxy Username,Proxy Password,Proxy Access Type,CreateRemoteThread,Watermark | |
| 185.20.186.108,443,1.62002E+12,x86,8 (HTTPS),443,5000,0,,"185.20.186.108,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",,/N4215/adj/amzn.us.sr.aps,,,,,,,,,,GET,POST,%windir%\syswow64\rundll32.exe,,,,,,1359593325 | |
| 185.20.186.108,443,1.62002E+12,x64,8 (HTTPS),443,5000,0,,"185.20.186.108,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books",,/N4215/adj/amzn.us.sr.aps,,,,,,,,,,GET,POST,%windir%\sysnative\rundll32.exe,,,,,,1359593325 | |
| 213.202.211.246,80,1.62002E+12,x86,0 (HTTP),80,10000,5,,"213.202.211.246,/metro91/admin/1/ppptp.jpg",,/metro91/admin/1/secure.php,,,,,,,,,,GET,POST,%windir%\syswow64\rundll32.exe,,,,,,0 | |
| 213.202.211.246,80,1.62002E+12,x64,0 (HTTP),80,10000,5,,"213.202.211.246,/metr |
tuantmb
/ defenderwatch.ps1
Created
June 18, 2021 09:27
— forked from svch0stz/defenderwatch.ps1
WMI Watcher for Windows Defender RealtimeMonitoring
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $WMI = @{ | |
| Query = "SELECT * FROM __InstanceModificationEvent WITHIN 5 WHERE TargetInstance ISA 'MSFT_MpPreference' AND TargetInstance.DisableRealtimeMonitoring=True" | |
| Action = { | |
| #$Global:Data = $Event | |
| Write-Host "Defender Configuration change - DisableRealtimeMonitoring:"$Event.SourceEventArgs.NewEvent.TargetInstance.DisableRealtimeMonitoring"(Old Value:"$Event.SourceEventArgs.NewEvent.PreviousInstance.DisableRealtimeMonitoring")" | |
| } | |
| Namespace = 'root\microsoft\windows\defender' | |
| SourceIdentifier = "Defender.DisableRealtimeMonitoring" | |
| } | |
| $Null = Register-WMIEvent @WMI |
tuantmb
/ wifi_wordlist_vi.txt
Created
June 17, 2021 07:02
— forked from dieudv/wifi_wordlist_vi.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 12345678 | |
| 123456789 | |
| 88888888 | |
| 99999999 | |
| 1234567890 | |
| 999999999 | |
| 11111111 | |
| khongbiet | |
| hoilamgi | |
| 66668888 |
tuantmb
/ extract.bat
Created
June 12, 2021 04:21
— forked from fuzzmz/extract.bat
Recursively extract archives in nested folders with 7-zip
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FOR /D /r %%F in ("*") DO ( | |
| pushd %CD% | |
| cd %%F | |
| FOR %%X in (*.rar *.zip) DO ( | |
| "C:\Program Files\7-zip\7z.exe" x %%X | |
| ) | |
| popd | |
| ) |
tuantmb
/ info.txt
Created
May 31, 2021 09:18
— forked from hook-s3c/info.txt
Disable Powershell logging
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Logs are held by default in the user profile: | |
| \AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt | |
| this directory also hosts per-application logs | |
| -------------------------------------------------------------- | |
| Disable Logging... | |
| remove-module psreadline |