9b

import datetime, re, difflib

def k10(stack):
    if len(stack) <= 1:
        return

    checkHashes, checkDuplicates, checkDelta, checkName = True, True, True, True
    score, dCount, fCount, deltaScore, fnameScore, chainAverage = 65, 0, 0, 0, 0, 0
    duplicates, dChain, fChain, features = [], [], [], [ 'valid_filenames' ]

naiquevin

#!/usr/bin/env python

import os
import yaml
import datetime
from collections import OrderedDict

__doc__ = 'A quick script for converting octopress posts (markdown source files) to pelican posts'

mojobojo

// Clearly the best hello world out there.
#define _ATL_ATTRIBUTES 1
#define _WINDLL 1
#include <atlbase.h>
#include <atlcom.h>
#include <string.h>
#include <comdef.h>
#include <string>
#include <fstream>
#include <iostream>

psx.py

## hacked together by @JohnLaTwC, Nov 2016, v 0.5
## This script attempts to decode common PowerShell encoded scripts. This version handles:
##  * base64 data which encode unicode, gzip, or deflate encoded strings
##  * it can operate on a file or stdin
##  * it can run recursively in the event of multiple layers
## With apologies to @Lee_Holmes for using Python instead of PowerShell
## 
import sys
import zlib
import re

2xyo

#!/usr/bin/python
import json
import bottle
from bottle import static_file, route, run, request, abort, response
import simplejson
import pymongo
from pymongo import Connection
import datetime

2xyo

$ stix2_validator xfe-collection_e6d351c8e832b560eb84be0f89079285.json --version 2.0
================================================================================
[-] Results for: xfe-collection_e6d351c8e832b560eb84be0f89079285.json
[X] STIX JSON: Invalid
    [!] Warning: bundle--a38af589-724f-4e03-98fc-99bf7564a9fe: {101} Custom property 'custom_objects' should have a type that starts with 'x_' followed by a source unique identifier (like a domain name with dots replaced by hyphen), a hyphen and then the name.
    [!] Warning: indicator--00d1e89b-636c-ad69-ad8f-46545b6758b8: {214} labels contains a value not in the indicator-label-ov vocabulary.
    [!] Warning: indicator--268ee28f-bfe9-164e-e626-ea46d24687f1: {214} labels contains a value not in the indicator-label-ov vocabulary.
    [X] bundle--a38af589-724f-4e03-98fc-99bf7564a9fe: objects[0]: {'id': 'indicator--00d1e89b-636c-ad69-ad8f-46545b6758b8', 'type': 'indicator', 'created': '2020-05-05T13:09:07.912Z', 'modified': '2020-05-05T13:09:07.912Z', 'lab

grigorescu

breakpoint_to_pcap

Overview

Given an input PCAP and a location in a Bro script, this script will filter the PCAP into a new file, which contains only the connections that visited that script location. This script can help filter a large PCAP to narrow down problematic connections, such as protocol violations, weirds, etc.

Example

rep

#!/usr/bin/python
# -*- coding: utf8 -*-

import sys
import os
import time
import select
import socket

import pycares

scumjr

/*
 * CVE-2016-5195 dirtypoc
 *
 * This PoC is memory only and doesn't write anything on the filesystem.
 * /!\ Beware, it triggers a kernel crash a few minutes.
 *
 * gcc -Wall -o dirtycow-mem dirtycow-mem.c -ldl -lpthread
 */

#define _GNU_SOURCE

joefitzgerald

param($global:RestartRequired=0,
        $global:MoreUpdates=0,
        $global:MaxCycles=10)

function Check-ContinueRestartOrEnd() {
    $RegistryKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
    $RegistryEntry = "InstallWindowsUpdates"
    switch ($global:RestartRequired) {
        0 {			
            $prop = (Get-ItemProperty $RegistryKey).$RegistryEntry