DissectMalware

from oletools.olevba import VBA_Parser, TYPE_OLE, TYPE_OpenXML, TYPE_Word2003_XML, TYPE_MHTML
import sys
import re

vbaparser = VBA_Parser(sys.argv[1])

replace_regex = r"\s*([^=]+)\s*=\s*Replace\(\s*([^,]+)\s*,\s*\"([^,]*)\"\s*,\s*\"([^,]*)\"\s*\)"
replace = re.compile(replace_regex, re.MULTILINE)

regex_url = "http(s)?://[^,\"]+"

0xmachos

• Sarah Edwards (@iamevltwin)

  • mac4n6.com
  • SANS FOR518: Mac and iOS Forensic Analysis and Incident Response
  • Apple Pattern of Life Lazy Output'er

• Unified Log

  • Howard Oakley @howardnoakley
    • Unified log: 1 why, what and how
    • Unified log: 2 content and extraction

• Unified log: 3 finding your way

MHaggis

### Related to MalwareBytes LazyScripter https://blog.malwarebytes.com/malwarebytes-news/2021/02/lazyscripter-from-empire-to-double-rat
reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtime

ag-michael

timestamp convert:

 convert ctime(timestamp/1000)

.top,.club,.xyz,.ru domain lookups where the amount of lookup for the domain is more than 1 and less than 4 per computer

aid=* event_simpleName=DnsRequest | regex DomainName=".*\.top$|.*\.club$|.*\.xyz$|.*\.ru$|[0-9]+.*\.\w$" | stats values(ComputerName) count by DomainName| where count <4 | sort – count

Neo23x0

Search Engine Shortcuts

Use Manage Search Engines in your browser to add these search engines. You can then use the 'keyword' in the URL bar to do a quick lookup. Find more details about managing your search engines in Chrome here.

e.g. Type

v dad8ebcbb5fa6721ccad45b81874e22c

bradtraversy

# GET VERSION
npm -v (or --version)

# GET HELP
npm help
npm

# CREATE PACKAGE.JSON
npm init
npm init -y (or --yes)

gokulkrishh

/* 
  ##Device = Desktops
  ##Screen = 1281px to higher resolution desktops
*/

@media (min-width: 1281px) {
  
  /* CSS */
  

PurpleBooth

Project Title

One Paragraph of project description goes here

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.

Prerequisites

mycodeschool

/* Merge sort in C */
#include<stdio.h>
#include<stdlib.h>

// Function to Merge Arrays L and R into A. 
// lefCount = number of elements in L
// rightCount = number of elements in R. 
void Merge(int *A,int *L,int leftCount,int *R,int rightCount) {
	int i,j,k;

rxaviers

People

:bowtie:	😄 :smile:	😆 :laughing:
😊 :blush:	😃 :smiley:	☺️ :relaxed:
😏 :smirk:	😍 :heart_eyes:	😘 :kissing_heart:
😚 :kissing_closed_eyes:	😳 :flushed:	😌 :relieved:
😆 :satisfied:	😁 :grin:	😉 :wink:
😜 :stuck_out_tongue_winking_eye:	😝 :stuck_out_tongue_closed_eyes:	😀 :grinning:
😗 :kissing:	😙 :kissing_smiling_eyes:	😛 :stuck_out_tongue: