jenkins_url + /api/json?tree=jobs[name,color]
jenkins_url + /job/${job_name}/api/json?tree=builds[number,status,timestamp,id,result]
Karib0u
Neo23x0
/ yara_performance_guidelines.md
Last active
April 30, 2024 10:39
YARA Performance Guidelines
This Gist has been transfered into a Github Repo. You'll find the most recent version here.
When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.
- Revision 1.4, October 2020, applies to all YARA versions higher than 3.7
pkfrom
/ List_of_ENV_in_Windows.md
Last active
January 11, 2024 15:12
List of Environment Variables in Windows Operating System.
| Environment Variable | Path |
|---|---|
%ALLUSERSPROFILE% |
C:\Documents and Settings\All Users |
%APPDATA% |
C:\Documents and Settings{username}\Application Data |
%COMMONPROGRAMFILES% |
C:\Program Files\Common Files |
%COMMONPROGRAMFILES(x86)% |
C:\Program Files (x86)\Common Files |
mgeeky
/ complete-api-filters-list.xml
Created
July 9, 2016 15:07
API Filters list for Rohitab API Monitor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <!-- | |
| API Monitor Filter | |
| (c) 2010-2013, Rohitab Batra <rohitab@rohitab.com> | |
| http://www.rohitab.com/apimonitor/ | |
| --> | |
| <ApiMonitor> | |
| <CaptureFilter> | |
| <Module Name="Advapi32.dll"> | |
| <Api Name="ControlService"/> |
Neo23x0
/ annotations.xml
Last active
October 22, 2023 12:14
Sources for APT Groups and Operations Search Engine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <Annotations start="0" num="171" total="171"> | |
| <Annotation about="www.bussink.net/*" timestamp="0x0005d7bc4022b026" href="ChF3d3cuYnVzc2luay5uZXQvKhCm4IqBxPf1Ag"> | |
| <Label name="_cse_turlh5vi4xc"/> | |
| <AdditionalData attribute="original_url" value="https://www.bussink.net/"/> | |
| </Annotation> | |
| <Annotation about="*.thedfirreport.com/*" timestamp="0x0005d76dd5f8679d" href="ChUqLnRoZWRmaXJyZXBvcnQuY29tLyoQnc_hr93t9QI"> | |
| <Label name="_cse_turlh5vi4xc"/> | |
| <AdditionalData attribute="original_url" value="https://thedfirreport.com/"/> | |
| </Annotation> |
notalentgeek
/ file_type_sorter.py
Last active
March 4, 2024 13:47
My Python script to sort file based on its MIME type into separate folders.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a Python script that let you arrange | |
| # files into a folder for each extension. Actually | |
| # I lied, this script is not about file extension | |
| # but about a file's mime type. So, in case there | |
| # are files that has no extension this script can | |
| # predict what the file's extension could be. | |
| # However, the only requirement is that file need | |
| # to be able to be read by the computer's OS. For | |
| # example image files usually has no problem with | |
| # this script also with other media files. But, |
Get De-XRAY from Hexacorn:
## at least these or just CPAN
netbiosX
/ FodhelperUACBypass.ps1
Last active
April 27, 2024 00:14
Bypass UAC via Fodhelper binary in Windows 10 systems
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| This script can bypass User Access Control (UAC) via fodhelper.exe | |
| It creates a new registry structure in: "HKCU:\Software\Classes\ms-settings\" to perform UAC bypass and starts | |
| an elevated command prompt. | |
| .NOTES | |
| Function : FodhelperUACBypass | |
| File Name : FodhelperUACBypass.ps1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Rough summary of developing BadRabbit info | |
| ------------------------------------------ | |
| BadRabbit is locally-self-propagating ransomware (ransom: 0.05 BTC), spreading via SMB once inside. | |
| Requires user interaction. | |
| Mostly targeting Russia and Ukraine so far, with a few others (Germany, Turkey, Bulgaria, Montenegro ...) | |
| Not globally self-propagating, but could be inflicted on selected targets on purpose. | |
| May be part of same group targeting Ukraine generally (BACKSWING) (per FireEye) | |
| Confirmed to use ETERNALROMANCE exploit, and same source code and build chain as NotPetya (per Talos) | |
| Mitigations are similar to Petya/NotPetya resistance. An inoculation is also available (see below). |
herrcore
/ ida_memdump.py
Created
November 13, 2017 03:38
Dump a blob of memory into a file - IDA Pro script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import idautils | |
| import idaapi | |
| def memdump(ea, size, file): | |
| data = idc.GetManyBytes(ea, size) | |
| with open(file, "wb") as fp: | |
| fp.write(data) | |
| print "Memdump Success!" |
OlderNewer