Skip to content

Instantly share code, notes, and snippets.

View wesinator's full-sized avatar

Wes wesinator

110 followers · 152 following
View GitHub Profile
@dm0-
dm0- / utcbios.bat
Created July 18, 2016 20:58
Set Windows to expect UTC system time (save file, right-click, run as administrator)
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation" /v RealTimeIsUniversal /d 1 /t REG_DWORD /f
@dnetguru
dnetguru / HelloWorld_inline.c
Last active May 23, 2019 20:22
Sample ASM code to do a call and simple arithmatics for my R/E presentation
// Defines the entry point for the console application.
// $author: @dNetGuru
// TConsole.cpp : Defines the entry point for the console application.
//
#include <stdio.h>
#include <stdlib.h>
#include<time.h>
char message[] = "Hello World!\n";
@Diviei
Diviei / apks_related.py
Last active August 9, 2019 02:41
Simple script using Koodous anon API to find related samples of one search
@shanomurphy
shanomurphy / background.js
Last active August 15, 2020 02:45
Chrome Extension Boilerplate – Toggle Using Browser Action
var toggle = false;
var status = 'off';
var the_tab_id = '';
function set_status() {
toggle = !toggle;
status = 'off';
if(toggle) { status = 'on'; }
}
@Diviei
Diviei / amtrckr_koodous.py
Created October 22, 2016 08:30
Mergin amtrckr.info API with Koodous API to find samples
import requests
r = requests.get("https://amtrckr.info/json/live")
matches = []
for row in r.json():
koodous_r = requests.get("https://api.koodous.com/apks?search=network.hosts:'%s'" % row.get("ip"))
for apk in koodous_r.json().get("results"):
matches.append(apk.get("sha256"))
@Diviei
Diviei / feed-apk.sh
Last active August 9, 2019 02:41
curl -s -g -O -J -L -H "Authorization: Token $1" https://api.koodous.com/feed/apks
unzip -o apk*.zip
rm apk*.zip
mkdir downloads
while read p; do
IFS=';' read -r -a array <<< "$p"
echo "Downloading ${array[0]}"
curl -s ${array[1]} > downloads/${array[0]}.apk
done < samples
@adricnet
adricnet / yara_ole_vba.md
Last active March 3, 2020 18:59
Trying to automate clustering some vba in OLE in DOCX

Some DOCX samples today had the VBA script payload embedded into OLE objects in the DOCX. To a user this looks like document icons in the Word file, and for file analysis they are in the DOCX zip under word/embeddings (Thanks Brian!). After doing a few of these manaully, and then dynamically fighting with the Office debugger to get the indicators out of them individually, I took a moment to try and automate at least part of the process.

Loop through samples in a directory, yank all of the embedded OLE objects, and scan them for likely VBA script with Yara

$ for file in efax/*.docx ; do unzip -qq -o -j $file "word/embeddings*" ; \
  for y in `ls oleObject*`; do echo -n "$file  "; \
    yara -f -w vbaoleobj.yara $y;done; rm -f oleObject* ; done
@dteoh
dteoh / macos_no_sleep.md
Created February 23, 2017 23:23
Preventing macOS from sleeping

There is a built-in command line utility caffeinate that can be used to prevent macOS from sleeping.

To prevent macOS from sleeping before a process with given PID exits:

$ caffeinate -w PID

To prevent macOS from sleeping for the next N seconds:

@briantd
briantd / abbrv_centos_install_docker.sh
Last active November 26, 2019 20:21
Scripts to spin up VMs running RHEL, Centos, and Ubuntu on Azure; Setup Docker; and install REX-Ray
sudo yum remove docker \
docker-common \
container-selinux \
docker-selinux \
docker-engine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
@daemin-hwang
daemin-hwang / gist:e8f48bd24e054215f2f468e69bd58916
Last active December 28, 2017 16:03
리눅스 프린터 자동감지 설정 disable
sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed
출처 : https://askubuntu.com/questions/873399/disable-cups-and-cups-browsed-in-16-04