y0ug

#!/usr/bin/env python2
# -*- coding: utf-8 -*-
# 2014-11-15 17:33 CET
# y0ug
import sys
import argparse

if __name__ == "__main__":
    data = open(sys.argv[1]).read()
    data = data.split('\n')

y0ug

y0ug@h4ze ~ % irma.py list
Available analysis : ComodoCAVL, StaticAnalyzer, ClamAV, VirusTotal, McAfeeVSCL, GData, Kaspersky
y0ug@h4ze ~ % irma.py scan --filename ~/Downloads/eicar.com               
scanid 3287c1e0-7fbb-40be-91c7-492a0d752f27 launched
y0ug@h4ze ~ % irma.py results 3287c1e0-7fbb-40be-91c7-492a0d752f27 
Scan status : finished
eicar.com
[SHA256: 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f]
	VirusTotal   No result
	Comodo Antivirus for Linux ApplicUnwnt

y0ug

# After full update of all the repo and subrepo
# in config with export VM_ENV=allinone_dev

# current patch for the issue with rabbitmq
sudo rabbitmqctl add_user frontend frontend
sudo rabbitmqctl add_user probe probe
sudo rabbitmqctl add_user brain brain
sudo rabbitmqctl change_password frontend frontend
sudo rabbitmqctl change_password probe probe
sudo rabbitmqctl change_password brain brain

y0ug

$filename = "service_disabled.txt"
foreach ($line in get-content $filename) {
	$line = $line.trim()
	if($line.StartsWith("#")){ continue }
	$elems = $line.split("#")
	$srv = $elems[0].trim()
	$desc = $elems[1].trim()
	write-host "Disabled:" $srv "|" $desc
	set-service $srv -startuptype disabled
}

y0ug

AeLookupSvc # Application Experience
BITS # Background Intelligent Transfer Service
Browser # Computer Browser
DPS # Diagnostic Policy Service
fdPHost # Function Discovery Provider Host
SharedAccess # Internet Connection Sharing (ICS)
clr_optimization_v2.0.50727_64 # Microsoft .NET Framework NGEN v2.0.50727_X64
clr_optimization_v2.0.50727_32 # Microsoft .NET Framework NGEN v2.0.50727_X86
MMCSS # Multimedia Class Scheduler
NetTcpPortSharing # Net.Tcp Port Sharing Service

y0ug

[2014-11-10 20:48:21,102: ERROR/MainProcess] consumer: Cannot connect to amqp://probe:**@172.16.1.30:5672/mqprobe: timed out.
Trying again in 2.00 seconds...

[2014-11-10 20:48:23,150: INFO/MainProcess] Connected to amqp://probe:**@172.16.1.30:5672/mqprobe
[2014-11-10 20:48:23,227: INFO/MainProcess] mingle: searching for neighbors
[2014-11-10 20:48:24,305: INFO/MainProcess] mingle: sync with 2 nodes
[2014-11-10 20:48:24,305: INFO/MainProcess] mingle: sync complete
[2014-11-10 20:48:24,352: WARNING/MainProcess] celery@irma-probe-win-kav ready.

y0ug

REM disable all the shitz
REM set LIST=(helpsvc ERSvc FastUserSwitchingCompatibility RDSessMgr WZCSVC Dot3scv VSS Themes LmHosts srservice SSDPSRV SCardSvr wscsvc Spooler wuauserv CiSvc SwPrv Win32Time)
REM for %%i in %LIST% do CALL sc config %%i start= disabled


set LIST=(HKCU HKLM)

REM classic theme
CALL rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"C:\Windows\Resources\Ease of Access Themes\classic.theme"

y0ug

# Clean temp folder
$tempfolders = @("C:\Windows\Temp\*", "C:\Windows\Prefetch\*", "C:\Documents and Settings\*\Local Settings\temp\*", "C:\Users\*\Appdata\Local\Temp\*")
Remove-Item $tempfolders -force -recurse

# Clean windows update folder
Stop-Service wuauserv
dir $env:windir\SoftwareDistribution\Download -Recurse | Remove-Item 'Recurse
#Start-Service wuauserv

# Remove hybernation file

y0ug

#!/bin/bash
# 2014-10-09 17:49 CEST
# y0ug
BIF=br0
EIF=enp0s25
ip link add name $BIF type bridge
ip link set dev $BIF up

ip link set dev $EIF down
ip link set dev $EIF promisc on

y0ug

$path_irma = $env:SystemDrive + '\irma'
$path_probe = $path_irma + '\irma-probe'

If(Test-Path $path_irma) {
  cd $path_probe
  git pull
  git fetch --recurse-submodules
} Else {
  New-Item -path $path_irma -type directory
  cd $path_irma