I hereby claim:
- I am neo23x0 on github.
- I am johngalt (https://keybase.io/johngalt) on keybase.
- I have a public key whose fingerprint is 55CB FD26 19E9 BF9E 78C1 D582 FE04 247D 50D1 ACC8
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
I just pushed the rule to "signature-base" | |
https://github.com/Neo23x0/signature-base/blob/master/yara/crime_nopetya_jun17.yar | |
Some of the other rules are running in QS right now. | |
I'll update the 'crime_nopetya_jun17.yar' file frequently. |
--- pluggable.php 2017-05-04 09:37:27.000000000 +0200 | |
+++ pluggable_patched.php 2017-05-04 09:40:39.000000000 +0200 | |
@@ -323,10 +323,7 @@ | |
if ( !isset( $from_email ) ) { | |
// Get the site domain and get rid of www. | |
- $sitename = strtolower( $_SERVER['SERVER_NAME'] ); | |
- if ( substr( $sitename, 0, 4 ) == 'www.' ) { | |
- $sitename = substr( $sitename, 4 ); | |
- } |
open /Applications/Google\ Chrome.app --args --cipher-suite-blacklist=0x000a,0xc013,0xc014,0xc02b,0xc02c,0xc02f,0xc030,0xcca8,0xcca9 |
#!/bin/bash | |
# | |
# Uses slack web hooks to report logons on SSH servers | |
# Webhooks: https://yourslack.slack.com/apps/A0F7XDUAZ-incoming-webhooks | |
# Add this script to /etc/profile or create a ~/.profile for a certain user | |
WEB_HOOK=your_slack_web_hook | |
hostname=$(hostname) | |
source=$(echo "$SSH_CONNECTION" | cut -d' ' -f 1) | |
geo=$(geoiplookup "$source") |
package main | |
import ( | |
"fmt" | |
"os" | |
"syscall" | |
) | |
func main() { | |
if len(os.Args) != 2 { |
[^\x00-\x7E] |
#!/bin/python3 | |
import os | |
import sys | |
import argparse | |
import logging | |
import re | |
import platform | |
MONTHS = { |
# Product Requirements | |
PRODUCT_REQUIREMENTS = { | |
"FireEyeAX": { | |
"maximum_version": "3.4.0", | |
"supported_modules": [], # assumption | |
"with_crypto": True, # assumption | |
}, | |
"FireEyeNX": { | |
"maximum_version": "3.4.0", | |
"supported_modules": [], # assumption |
alert http any any -> any any (msg:"VPNFilter malware User-Agent"; content:"Mozilla/6.1 (compatible|3B| MSIE 9.0|3B| Windows NT 5.3|3B| Trident/5.0)"; http_user_agent; sid:2; rev:1;) |