| """ | |
| https://en.wikipedia.org/wiki/Conway%27s_Game_of_Life | |
| conway's game of life | |
| """ | |
| from random import randint | |
| def gameOfLife(grid): | |
| state = {} | |
| rows = len(grid) |
Step 1) Start an AMSI ETW trace from an elevated command prompt
logman start trace AMSITrace -p Microsoft-Antimalware-Scan-Interface (Event1) -o amsi.etl -ets
Step 2) Run your evil maldoc or script. Note: AMSI can capture runtime context of VBA, Excel4, JScript, VBScript, PowerShell, WMI, and .NET (4.8+) in-mem assembly loads
Step 3) Stop the AMSI trace
| ID | Name | MitigatedByAppControl | Notes | |
|---|---|---|---|---|
| T1001 | Data Obfuscation | Not Applicable | Relevant sub-techniques addressed below | |
| T1001.001 | Junk Data | No | Technique is not necessarily related to the execution of arbitrary code on an endpoint. | |
| T1001.002 | Steganography | Limited | If custom attacker code were necessary to perform this technique, it would be prevented. | |
| T1001.003 | Protocol Impersonation | Limited | If custom attacker code were necessary to perform this technique, it would be prevented. | |
| T1003 | OS Credential Dumping | Not Applicable | Relevant sub-techniques addressed below | |
| T1003.001 | LSASS Memory | Limited | Built-in utilities exist to perform this technique. They would have to be explicitly blocked. | |
| T1003.002 | Security Account Manager | Limited | Built-in utilities exist to perform this technique. They would have to be explicitly blocked. | |
| T1003.003 | NTDS | Limited | Built-in utilities exist to perform this technique. They would have to be explicitly blocked. | |
| T1003.004 | LSA Secrets | Limited | Built-in utilities exist to perform this technique. |
These scripts use fzf and sqlite to efficiently query your firefox history and bookmarks.
This is heavily inspired by a post from the creator of fzf: https://junegunn.kr/2015/04/browsing-chrome-history-with-fzf/.
fzf allows you to select multiple items and the results returned will be the URLs.
| import requests | |
| import matplotlib.pyplot as plt | |
| response = requests.get("https://oooverflow.io/dc-ctf-2020-finals/final_tick.json") | |
| data = response.json() | |
| teams = {e["id"]: e["name"] for e in data["teams"]} | |
| services = {e["id"]: e["name"] for e in data["services"]} |
| #!/usr/bin/awk -f | |
| # This program is a copy of guff, a plot device. https://github.com/silentbicycle/guff | |
| # My copy here is written in awk instead of C, has no compelling benefit. | |
| # Public domain. @thingskatedid | |
| # Run as awk -v x=xyz ... or env variables for stuff? | |
| # Assumptions: the data is evenly spaced along the x-axis | |
| # TODO: moving average |
| asax | |
| ascv | |
| ashx | |
| asmx | |
| aspx | |
| axd | |
| browser | |
| cd | |
| compile | |
| config |
| // Mozilla User Preferences | |
| // To change a preference value, you can either: | |
| // - modify it via the UI (e.g. via about:config in the browser); or | |
| // - set it within a user.js file in your profile (create it if it doesn't exist). | |
| // | |
| // Profile folder location on different systems: | |
| // Windows: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default | |
| // Mac OS X: Users/<username>/Library/Application Support/Firefox/Profiles/xxxxxxxx.default | |
| // Linux: /home/<username>/.mozilla/firefox/xxxxxxxx.default |
| function exportSpreadsheet() { | |
| //All requests must include id in the path and a format parameter | |
| //https://docs.google.com/spreadsheets/d/{SpreadsheetId}/export | |
| //FORMATS WITH NO ADDITIONAL OPTIONS | |
| //format=xlsx //excel | |
| //format=ods //Open Document Spreadsheet | |
| //format=zip //html zipped | |
