Skip to content

Instantly share code, notes, and snippets.

View wesinator's full-sized avatar

Wes wesinator

110 followers · 152 following
View GitHub Profile
@wesinator
wesinator / ms_hwc_driver_no_info.yara
Created July 30, 2021 11:43
YARA rule that matches MS HWC signed KmdfLibrary driver PE binaries without Product resource info, like the NetFilter rootkit.
import "vt"
rule ms_hwc_sig_kmdf_driver_no_prod_info
{
meta:
license = "4-Clause BSD"
strings:
$ms_hwc_serial = { 33 00 00 00 B5 21 3F CA 1E 4A A0 3D E4 00 00 00 00 00 B5 }
$kmdf_library = "KmdfLibrary" nocase wide ascii
$prod_name = "ProductName" wide
@wesinator
wesinator / jquery_get_cursor.js
Last active June 10, 2021 14:47
jquery way of getting cursor current position (`selectionStart`), without hardcoding element ID. https://www.geeksforgeeks.org/how-to-insert-text-into-the-textarea-at-the-current-cursor-position/
/*
https://www.geeksforgeeks.org/how-to-insert-text-into-the-textarea-at-the-current-cursor-position/
https://stackoverflow.com/questions/4069982/document-getelementbyid-vs-jquery
*/
$(e.selector)[0].selectionStart
// use selectionEnd to get delta of selected text
$(e.selector)[0].selectionEnd
@wesinator
wesinator / 8484.disable_java_in_IE.reg
Created February 16, 2021 23:35
Windows Registry Editor Version 5.00
; First set the URLAction to control APPLET behavior
; Zone 3 is the Internet zone
; 1C00 is the Java invocation policy
; dword:00000000 sets the policy to disable
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1C00"=dword:00000000
; Then set the Internet Explorer kill bit to block OBJECT tag invocation
@wesinator
wesinator / extract_solarwinds_orion.sh
Created December 17, 2020 05:24
Extract Solarwinds Orion package archive from installer file.
7z e CoreInstaller.msi OrionCore.cab
@wesinator
wesinator / mac_brew_python_version.sh
Created December 9, 2020 22:22
Restore previous python version from homebrew upgrade
# If python3.9 was installed, this will revert python3 to use 3.8 (if still present in brew cellar)
brew link --overwrite [email protected]
@wesinator
wesinator / snort.conf
Last active December 10, 2020 08:46
Sane macOS homebrew snort 2.9 config file. (You should really just use suricata anyway)
#--------------------------------------------------
# VRT Rule Packages Snort.conf
#
# For more information visit us at:
# http://www.snort.org Snort Website
# http://vrt-blog.snort.org/ Sourcefire VRT Blog
#
# Mailing list Contact: [email protected]
# False Positive reports: [email protected]
# Snort bugs: [email protected]
@wesinator
wesinator / tlp.conf
Last active October 31, 2020 17:41
/etc/tlp.conf for laptop Nvidia power management settings, disable Bluetooth on startup. https://wiki.archlinux.org/index.php/TLP
# ------------------------------------------------------------------------------
# /etc/tlp.conf - TLP user configuration
# See full explanation: https://linrunner.de/en/tlp/docs/tlp-configuration.html
#
# New configuration scheme (TLP 1.3). Settings are read in the following order:
# 1. Intrinsic defaults
# 2. /etc/tlp.d/*.conf - Drop-in customization snippets
# 3. /etc/tlp.conf - User configuration (this file)
#
@wesinator
wesinator / atom_regex_replacement_defanging.regex
Last active December 30, 2023 16:07
Text editor regex replacement examples
\.(\w{3})\n
[.]$1\n
@wesinator
wesinator / netbox_server_headers.md
Created September 9, 2020 01:01
NetBox (netbox.cn) server header strings

NetBox server header strings

Copied from https://github.com/mojisk/honeypot

  gcserver v2.00 2.8 Build 4128

  Server: NetBox httpd 2.8 Build 4128
  Server: Netbox v3.0 201005
 Server: NetBox Version 1.2 Build 0
@wesinator
wesinator / pip_symlink_linux.sh
Last active September 28, 2023 13:24
Generate persistent symlinks for pip bin to pip3.