Given an input PCAP and a location in a Bro script, this script will filter the PCAP into a new file, which contains only the connections that visited that script location. This script can help filter a large PCAP to narrow down problematic connections, such as protocol violations, weirds, etc.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import datetime, re, difflib | |
def k10(stack): | |
if len(stack) <= 1: | |
return | |
checkHashes, checkDuplicates, checkDelta, checkName = True, True, True, True | |
score, dCount, fCount, deltaScore, fnameScore, chainAverage = 65, 0, 0, 0, 0, 0 | |
duplicates, dChain, fChain, features = [], [], [], [ 'valid_filenames' ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import os | |
import yaml | |
import datetime | |
from collections import OrderedDict | |
__doc__ = 'A quick script for converting octopress posts (markdown source files) to pelican posts' | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Clearly the best hello world out there. | |
#define _ATL_ATTRIBUTES 1 | |
#define _WINDLL 1 | |
#include <atlbase.h> | |
#include <atlcom.h> | |
#include <string.h> | |
#include <comdef.h> | |
#include <string> | |
#include <fstream> | |
#include <iostream> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## hacked together by @JohnLaTwC, Nov 2016, v 0.5 | |
## This script attempts to decode common PowerShell encoded scripts. This version handles: | |
## * base64 data which encode unicode, gzip, or deflate encoded strings | |
## * it can operate on a file or stdin | |
## * it can run recursively in the event of multiple layers | |
## With apologies to @Lee_Holmes for using Python instead of PowerShell | |
## | |
import sys | |
import zlib | |
import re |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import json | |
import bottle | |
from bottle import static_file, route, run, request, abort, response | |
import simplejson | |
import pymongo | |
from pymongo import Connection | |
import datetime | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ stix2_validator xfe-collection_e6d351c8e832b560eb84be0f89079285.json --version 2.0 | |
================================================================================ | |
[-] Results for: xfe-collection_e6d351c8e832b560eb84be0f89079285.json | |
[X] STIX JSON: Invalid | |
[!] Warning: bundle--a38af589-724f-4e03-98fc-99bf7564a9fe: {101} Custom property 'custom_objects' should have a type that starts with 'x_' followed by a source unique identifier (like a domain name with dots replaced by hyphen), a hyphen and then the name. | |
[!] Warning: indicator--00d1e89b-636c-ad69-ad8f-46545b6758b8: {214} labels contains a value not in the indicator-label-ov vocabulary. | |
[!] Warning: indicator--268ee28f-bfe9-164e-e626-ea46d24687f1: {214} labels contains a value not in the indicator-label-ov vocabulary. | |
[X] bundle--a38af589-724f-4e03-98fc-99bf7564a9fe: objects[0]: {'id': 'indicator--00d1e89b-636c-ad69-ad8f-46545b6758b8', 'type': 'indicator', 'created': '2020-05-05T13:09:07.912Z', 'modified': '2020-05-05T13:09:07.912Z', 'lab |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# -*- coding: utf8 -*- | |
import sys | |
import os | |
import time | |
import select | |
import socket | |
import pycares |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* CVE-2016-5195 dirtypoc | |
* | |
* This PoC is memory only and doesn't write anything on the filesystem. | |
* /!\ Beware, it triggers a kernel crash a few minutes. | |
* | |
* gcc -Wall -o dirtycow-mem dirtycow-mem.c -ldl -lpthread | |
*/ | |
#define _GNU_SOURCE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param($global:RestartRequired=0, | |
$global:MoreUpdates=0, | |
$global:MaxCycles=10) | |
function Check-ContinueRestartOrEnd() { | |
$RegistryKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" | |
$RegistryEntry = "InstallWindowsUpdates" | |
switch ($global:RestartRequired) { | |
0 { | |
$prop = (Get-ItemProperty $RegistryKey).$RegistryEntry |
OlderNewer