Skip to content

Instantly share code, notes, and snippets.

View wesinator's full-sized avatar

Wes wesinator

122 followers · 163 following
View GitHub Profile
@wesinator
wesinator / ICS-ALERT-17-206-01.yara
Created November 6, 2019 20:17
ICS-CERT YARA rules for CRASHOVERRIDE - https://www.us-cert.gov/sites/default/files/file_attach/ICS-ALERT-17-206-01.yara
// https://www.us-cert.gov/sites/default/files/file_attach/ICS-ALERT-17-206-01.yara
// YARA 3.6.0 or higher is required to use this signature
import "pe"
private global rule coi_is_pe {
condition:
uint16(0) == 0x5a4d and uint32(uint32(0x3c)) == 0x00004550
}
@wesinator
wesinator / fix_sendmail.sh
Created October 22, 2019 15:03
fix sendmail-bin failed to install/upgrade error - https://bugs.launchpad.net/ubuntu/+source/sendmail/+bug/1822866/comments/9
# https://bugs.launchpad.net/ubuntu/+source/sendmail/+bug/1822866/comments/9
sudo rm -v /var/run/sendmail/mta/sendmail.pid
@wesinator
wesinator / tql_queries.md
Last active October 21, 2019 23:38 — forked from fhightower/tql_queries.md
List of helpful TQL (ThreatConnect Query Language) Queries and Browse Screen Views for ThreatConnect

View tasks assigned to me that are not completed or deferred:

typeName in ("Task") and taskAssignee = me and taskStatus != "Completed" and taskStatus != "Deferred"

View internationalized domains:

typeName in ("Host", "URL") and summary contains "xn--"

View over 50 security blogs in ThreatConnect:

@wesinator
wesinator / move_no_extension.md
Created October 19, 2019 02:48
Add extension to files with no extension

Add extension to files with no extension

find . -not -name "*.*" -exec mv -v "{}" "{}.ext" \;

[0]

@wesinator
wesinator / retrieving_dom_page_js.md
Last active November 24, 2019 21:13
Techniques and caveats for retrieving full browser DOM page content using Javascript

text file

(appears to work on rendered plaintext, does not work on json response type (e.g. https://api.github.com) - browser JSON rendering controls get included in text).

i.e. document.contentType == "text/plain" :

  • document.documentElement.textContent
  • document.documentElement.innerText

html

(full html but not hash equivalent, changes case "!DOCTYPE"):

@wesinator
wesinator / some_vba_notes.md
Last active March 3, 2020 19:07 — forked from adricnet/some_vba_notes.md
Some notes on VBA analysis

Some VBA notes

Tools

  • Unix(Remnux): viper.li, oletools, & Didier's tools
  • Windows: Office Excel (VBE) & Visual Studio Community (VSC), officemalscanner
  • Editors: scite, VS Code
  • d-scan
  • Vba2Graph
@wesinator
wesinator / py_install_user.sh
Created September 11, 2019 20:03
Working install Python package under user
# avoid 'error: can't combine user with prefix, exec_prefix/home, or install_(plat)base'
# https://stackoverflow.com/questions/4495120/combine-user-with-prefix-error-with-setup-py-install/4495175#4495175
python setup.py install --user --prefix=
@wesinator
wesinator / HE_2020-02-18T14-52-00Z.json
Last active April 26, 2023 22:58
[Header editor](https://addons.mozilla.org/firefox/addon/header-editor/) rule to redirect old McAfee Virusprofile links to Threat Intelligence page.
{
"request": [
{
"enable": true,
"name": "McAfee Virusprofile",
"ruleType": "redirect",
"matchType": "regexp",
"pattern": "https://home.mcafee.com/virusinfo/virusprofile.aspx\\?key=.*?",
"exclude": "",
"group": "Ungrouped",
@wesinator
wesinator / git_upstream.sh
Created August 26, 2019 13:05
Fetch and merge changes from an upstream git repo
git remote add upstream $1
git fetch upstream
git merge upstream/master
@wesinator
wesinator / update_jupyter_packages.sh
Last active August 9, 2019 22:51
Update all packages for ipython / jupyter
# update all packages for ipython / jupyter
pip install -U ipython ipykernel jupyter jupyter-client notebook jupyter-console jupyter-core
pip install -U jupyter-dashboards
pip install -U jupyterlab jupyterlab-server