Skip to content

Instantly share code, notes, and snippets.

View wesinator's full-sized avatar

Wes wesinator

111 followers · 157 following
View GitHub Profile
@wesinator
wesinator / tql_queries.md
Last active October 21, 2019 23:38 — forked from fhightower/tql_queries.md
List of helpful TQL (ThreatConnect Query Language) Queries and Browse Screen Views for ThreatConnect

View tasks assigned to me that are not completed or deferred:

typeName in ("Task") and taskAssignee = me and taskStatus != "Completed" and taskStatus != "Deferred"

View internationalized domains:

typeName in ("Host", "URL") and summary contains "xn--"

View over 50 security blogs in ThreatConnect:

@wesinator
wesinator / move_no_extension.md
Created October 19, 2019 02:48
Add extension to files with no extension

Add extension to files with no extension

find . -not -name "*.*" -exec mv -v "{}" "{}.ext" \;

[0]

@wesinator
wesinator / retrieving_dom_page_js.md
Last active November 24, 2019 21:13
Techniques and caveats for retrieving full browser DOM page content using Javascript

text file

(appears to work on rendered plaintext, does not work on json response type (e.g. https://api.github.com) - browser JSON rendering controls get included in text).

i.e. document.contentType == "text/plain" :

  • document.documentElement.textContent
  • document.documentElement.innerText

html

(full html but not hash equivalent, changes case "!DOCTYPE"):

@wesinator
wesinator / some_vba_notes.md
Last active March 3, 2020 19:07 — forked from adricnet/some_vba_notes.md
Some notes on VBA analysis

Some VBA notes

Tools

  • Unix(Remnux): viper.li, oletools, & Didier's tools
  • Windows: Office Excel (VBE) & Visual Studio Community (VSC), officemalscanner
  • Editors: scite, VS Code
  • d-scan
  • Vba2Graph
@wesinator
wesinator / py_install_user.sh
Created September 11, 2019 20:03
Working install Python package under user
# avoid 'error: can't combine user with prefix, exec_prefix/home, or install_(plat)base'
# https://stackoverflow.com/questions/4495120/combine-user-with-prefix-error-with-setup-py-install/4495175#4495175
python setup.py install --user --prefix=
@wesinator
wesinator / HE_2020-02-18T14-52-00Z.json
Last active April 26, 2023 22:58
[Header editor](https://addons.mozilla.org/firefox/addon/header-editor/) rule to redirect old McAfee Virusprofile links to Threat Intelligence page.
{
"request": [
{
"enable": true,
"name": "McAfee Virusprofile",
"ruleType": "redirect",
"matchType": "regexp",
"pattern": "https://home.mcafee.com/virusinfo/virusprofile.aspx\\?key=.*?",
"exclude": "",
"group": "Ungrouped",
@wesinator
wesinator / git_upstream.sh
Created August 26, 2019 13:05
Fetch and merge changes from an upstream git repo
git remote add upstream $1
git fetch upstream
git merge upstream/master
@wesinator
wesinator / update_jupyter_packages.sh
Last active August 9, 2019 22:51
Update all packages for ipython / jupyter
# update all packages for ipython / jupyter
pip install -U ipython ipykernel jupyter jupyter-client notebook jupyter-console jupyter-core
pip install -U jupyter-dashboards
pip install -U jupyterlab jupyterlab-server
@wesinator
wesinator / rtf_objw.yara
Created June 25, 2019 21:33
https://www.anomali.com/blog/analyzing-digital-quartermasters-in-asia-do-chinese-and-indian-apts-have-a-shared-supply-chain
// https://www.anomali.com/blog/analyzing-digital-quartermasters-in-asia-do-chinese-and-indian-apts-have-a-shared-supply-chain
rule RTF_weaponizer_objh300
{
meta:
author = "Anomali"
tlp = "GREEN"
version = "1.0"
date = "2018-11-13"
hash = "9d0c4ec62abe79e754eaa2fd7696f98441bc783781d8656065cddfae3dbf503e"
@wesinator
wesinator / ExportHashesToIDC.py
Last active May 26, 2019 20:12
https://www.openrce.org/blog/view/681/Shellcode_Analysis
# https://www.openrce.org/repositories/users/RolfRolles/ExportHashesToIDC.py
import pefile
import sys
import os
# Convenience functions
def rol32(val, amt):
return ( (val << amt) & 0xffffffff ) | ( ( val >> (32 - amt) ) & 0xffffffff )
def ror32(val, amt):