brew cask install adoptopenjdk8
brew cask install android-sdk
brew cask install intel-haxm
Hugo Caron y0ug
y0ug
/ irma_gdata_kav
Created
November 14, 2014 19:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| y0ug@h4ze ~ % irma.py list | |
| Available analysis : ComodoCAVL, StaticAnalyzer, ClamAV, VirusTotal, McAfeeVSCL, GData, Kaspersky | |
| y0ug@h4ze ~ % irma.py scan --filename ~/Downloads/eicar.com | |
| scanid 3287c1e0-7fbb-40be-91c7-492a0d752f27 launched | |
| y0ug@h4ze ~ % irma.py results 3287c1e0-7fbb-40be-91c7-492a0d752f27 | |
| Scan status : finished | |
| eicar.com | |
| [SHA256: 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f] | |
| VirusTotal No result | |
| Comodo Antivirus for Linux ApplicUnwnt |
y0ug
/ irma_output_testcase_parser.py
Created
November 15, 2014 16:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # -*- coding: utf-8 -*- | |
| # 2014-11-15 17:33 CET | |
| # y0ug | |
| import sys | |
| import argparse | |
| if __name__ == "__main__": | |
| data = open(sys.argv[1]).read() | |
| data = data.split('\n') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| y0ug@h4ze /tmp % python irma_output_testcase_parser.py out_gdata.txt | |
| expected_results = { | |
| 'eicar.cab': 'Virus: EICAR-Test-File (not a virus)', | |
| 'eicar.com.txt': 'Virus: EICAR-Test-File (not a virus) (Engine A)', | |
| 'eicar_niveau2.zip': 'Virus: EICAR-Test-File (not a virus)', | |
| 'eicar_lha.bin': 'Virus: EICAR-Test-File (not a virus)', | |
| 'eicar_gz.bin': 'Virus: EICAR-Test-File (not a virus)', | |
| 'eicarhqx_binhex.bin': 'Virus: Trojan.Script.135850 (Engine A)', | |
| 'eicar_mime.bin': 'Virus: EICAR-Test-File (not a virus)', | |
| 'eicar_cab.bin': 'Virus: EICAR-Test-File (not a virus)', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " Color | |
| "colo evening | |
| " Enable syntax | |
| syntax on | |
| " Enable smarttab | |
| filetype plugin indent on | |
| " Tab settings |
y0ug
/ pingmon.py
Last active
December 22, 2015 00:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import rrdtool | |
| import os | |
| import sys | |
| import subprocess | |
| import re | |
| import time | |
| import datetime | |
| class GraphPing(object): | |
| def __init__(self, target, reset=False): |
y0ug
/ android_emulator.md
Last active
March 7, 2022 14:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ## -*- coding: utf-8 -*- | |
| from __future__ import print_function | |
| from triton import TritonContext, ARCH, CPUSIZE, MemoryAccess, OPCODE, Instruction | |
| import os | |
| import sys | |
| import string | |
| Triton = TritonContext() |
y0ug
/ _IAT_qiling.py
Last active
December 29, 2021 03:10
Using Qiling to resolve obfuscated import on windows
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Emulate sample to resolv obfuscated import with qiling | |
| # Just one way to do it, this method is kind of slow. | |
| # You need to have all the required DLL in the 'rootfs' | |
| # Classic getprocaddress by hash we hook after the call | |
| # read EAX and resolv the name from ql.loader.import_symbols | |
| # compute the address of the mov operand | |
| # generate the idapython code | |
| # python3 IAT_qiling.py sample.exe | tee addr_ida.py | |
| # idapython is in addr_ida.py at the end |
y0ug
/ parse_reg_file.py
Created
December 23, 2021 09:58
function to write/read from windows reg export
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import zlib | |
| import io | |
| import re | |
| from configparser import ConfigParser | |
| import binascii | |
| import argparse | |
| import struct | |
| import socket | |
| from datetime import datetime |
y0ug
/ daily-wallpaper.py
Created
June 1, 2022 12:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import os | |
| import shutil | |
| import datetime | |
| import json | |
| import base64 | |
| import argparse | |
| import logging | |
| import requests | |
| import random |