Skip to content

Instantly share code, notes, and snippets.

View Rurik's full-sized avatar

Brian Baskin Rurik

205 followers · 22 following
View GitHub Profile
@Rurik
Rurik / apricorn_keep_alive.py
Created July 7, 2015 16:32
Apricorn Padlock Keep-Alive
import os
import time
while True:
os.mkdir('F:\\A')
time.sleep(10)
os.rmdir('F:\\A')
@Rurik
Rurik / Noriben_06_Feb_17__14_33_33_281000.txt
Last active February 6, 2017 19:52
Noriben 1.7.0 Example Output (ZA)
-=] Sandbox Analysis Report generated by Noriben v1.7.0
-=] Developed by Brian Baskin: brian @@ thebaskins.com @bbaskin
-=] The latest release can be found at https://github.com/Rurik/Noriben
-=] Analysis time: 61.84 seconds
Processes Created:
==================
[CreateProcess] python.exe:2420 > "C:\malware\hehda.exe" [Child PID: 1764]
[CreateProcess] hehda.exe:1764 > "%WinDir%\system32\cmd.exe" [Child PID: 692]
@Rurik
Rurik / parse_procmon_filters.py
Last active December 5, 2021 16:55
Quick tool to find and extract filters from Procmon configuration files
# Procmon Rule Parser v0.02
# Brian Baskin - @bbaskin
# Reads default rules from an exported Procmon Configuration (.PMC) or Procmon Filter (.PMF) file
# Example output:
"""
12:09:59-bbaskin@~/Development/Noriben$ python parse_procmon_filters.py -f ProcmonConfiguration.pmc
[Exclude] Process Name is Procmon64.exe
[Exclude] Operation is QueryStandardInformationFile
[Exclude] Operation is RegOpenKey
[Exclude] Operation is NotifyChangeDirectory
@Rurik
Rurik / slack_twitter_follow.py
Created June 27, 2018 16:55
Tracks a public Twitter List and posts updates to a given Slack channel
### Tracks a public Twitter List and posts updates to a given Slack channel
### Example: https://i.imgur.com/RMQB27N.png
import datetime
import time
import twitter
from slackclient import SlackClient
slack_bot_id = '<FILL OUT>'
slack_channel = '<FILL OUT>'