jenkins_url
+ /api/json?tree=jobs[name,color]
jenkins_url
+ /job/${job_name}/api/json?tree=builds[number,status,timestamp,id,result]
This Gist has been transfered into a Github Repo. You'll find the most recent version here.
When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.
Environment Variable | Path |
---|---|
%ALLUSERSPROFILE% |
C:\Documents and Settings\All Users |
%APPDATA% |
C:\Documents and Settings{username}\Application Data |
%COMMONPROGRAMFILES% |
C:\Program Files\Common Files |
%COMMONPROGRAMFILES(x86)% |
C:\Program Files (x86)\Common Files |
<?xml version="1.0"?> | |
<!-- | |
API Monitor Filter | |
(c) 2010-2013, Rohitab Batra <rohitab@rohitab.com> | |
http://www.rohitab.com/apimonitor/ | |
--> | |
<ApiMonitor> | |
<CaptureFilter> | |
<Module Name="Advapi32.dll"> | |
<Api Name="ControlService"/> |
<?xml version="1.0" encoding="UTF-8"?> | |
<Annotations start="0" num="171" total="171"> | |
<Annotation about="www.bussink.net/*" timestamp="0x0005d7bc4022b026" href="ChF3d3cuYnVzc2luay5uZXQvKhCm4IqBxPf1Ag"> | |
<Label name="_cse_turlh5vi4xc"/> | |
<AdditionalData attribute="original_url" value="https://www.bussink.net/"/> | |
</Annotation> | |
<Annotation about="*.thedfirreport.com/*" timestamp="0x0005d76dd5f8679d" href="ChUqLnRoZWRmaXJyZXBvcnQuY29tLyoQnc_hr93t9QI"> | |
<Label name="_cse_turlh5vi4xc"/> | |
<AdditionalData attribute="original_url" value="https://thedfirreport.com/"/> | |
</Annotation> |
# This is a Python script that let you arrange | |
# files into a folder for each extension. Actually | |
# I lied, this script is not about file extension | |
# but about a file's mime type. So, in case there | |
# are files that has no extension this script can | |
# predict what the file's extension could be. | |
# However, the only requirement is that file need | |
# to be able to be read by the computer's OS. For | |
# example image files usually has no problem with | |
# this script also with other media files. But, |
Get De-XRAY from Hexacorn:
## at least these or just CPAN
<# | |
.SYNOPSIS | |
This script can bypass User Access Control (UAC) via fodhelper.exe | |
It creates a new registry structure in: "HKCU:\Software\Classes\ms-settings\" to perform UAC bypass and starts | |
an elevated command prompt. | |
.NOTES | |
Function : FodhelperUACBypass | |
File Name : FodhelperUACBypass.ps1 |
Rough summary of developing BadRabbit info | |
------------------------------------------ | |
BadRabbit is locally-self-propagating ransomware (ransom: 0.05 BTC), spreading via SMB once inside. | |
Requires user interaction. | |
Mostly targeting Russia and Ukraine so far, with a few others (Germany, Turkey, Bulgaria, Montenegro ...) | |
Not globally self-propagating, but could be inflicted on selected targets on purpose. | |
May be part of same group targeting Ukraine generally (BACKSWING) (per FireEye) | |
Confirmed to use ETERNALROMANCE exploit, and same source code and build chain as NotPetya (per Talos) | |
Mitigations are similar to Petya/NotPetya resistance. An inoculation is also available (see below). |
import idautils | |
import idaapi | |
def memdump(ea, size, file): | |
data = idc.GetManyBytes(ea, size) | |
with open(file, "wb") as fp: | |
fp.write(data) | |
print "Memdump Success!" |