rhaist

#!/bin/bash
(strings -a -td "$@" | sed 's/^\(\s*[0-9][0-9]*\) \(.*\)$/\1 A \2/' ; strings -a -td -el "$@" | sed  's/^\(\s*[0-9][0-9]*\) \(.*\)$/\1 W \2/') | sort -n

andrisasuke

$> brew install openssl
$> brew install swig
$> env LDFLAGS="-L$(brew --prefix openssl)/lib" \
CFLAGS="-I$(brew --prefix openssl)/include" \
SWIG_FEATURES="-cpperraswarn -includeall -I$(brew --prefix openssl)/include" \
pip install m2crypto

HarmJ0y

Windows version:
	reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion

Users who have authed to the system:
	ls C:\Users\

System env variables:
	reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

Saved outbound RDP connections:

Blevene

#Source Blog Post
https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a
---

#Yara Rules
---
rule WinntiLinux_Dropper : azazel_fork
{
    meta:
        desc = "Detection of Linux variant of Winnti"

primaryobjects

How to remote desktop from Linux Mint to Windows 10 with AzureAD

The following steps detail how to connect over Remote Desktop from Linux Mint or Ubuntu to Windows 10 with an AzureAD username and password login account.

1. In Windows 10, right-click This PC or My Computer and select Properties.
2. Click Remote Settings.
3. Check the option Allow remote connections to this computer.
4. Uncheck the option Allow connections only from computers running Remote Desktop with Network Level Authentication.
5. Click OK.

W3ndige

Strings decoded from the newer version of #EKANS ransomware.

import re
import sys
import pefile
import struct
import binascii