Skip to content

Instantly share code, notes, and snippets.

View Te-k's full-sized avatar

Tek Te-k

792 followers · 152 following
View GitHub Profile
@Te-k
Te-k / threat_types.json
Created August 4, 2022 12:50
Google Safe Browsing Threat Types
{
"threatLists": [
{
"threatType": "MALWARE",
"platformType": "ANY_PLATFORM",
"threatEntryType": "URL"
},
{
"threatType": "MALWARE",
"platformType": "WINDOWS",
@Te-k
Te-k / threat_intel.md
Last active September 12, 2024 07:23
Threat Intelligence platforms
@Te-k
Te-k / amnesty_reports.md
Last active May 2, 2024 19:31
List of Amnesty Tech threat reports
@Te-k
Te-k / oceanlotus.md
Created March 10, 2021 15:49
Ocean lotus reports

Ocean Lotus

aka Cobalt Kitty, APT-C-00, SeaLotus, Sea Lotus, APT-32, APT 32, Ocean Buffalo, POND LOACH, TIN WOODLAWN, BISMUTH

Reports

@Te-k
Te-k / pdf_metadata.md
Created November 26, 2020 10:31
How to remove metadata from PDFs

Many tools do not fully remove metadata, but just remove the link with in the metadata table. The data are thus still available in the PDF file itself.

While a lot of people rely on Exiftool to remove metadata, it actually does the same in PDFs. If you remove metadata with exiftool -all= some.pdf, you can always restore the data with exiftool -pdf-update:all= some.pdf.

There are several options to remove PDF metadata safely:

Option 1 : Exiftool with qpdf

  • Remove metadata with exiftool : exiftool -all= some.pdf
  • Then remove ununsed objects with qpdf : qpdf --linearize some.pdf - > some.cleaned.pdf
@Te-k
Te-k / gist:0aed1bb64d1708b463952cd543685df2
Last active March 19, 2021 01:31 — forked from jaredsburrows/gist:9e121d2e5f1147ab12a696cf548b90b0
full English translation of Phineas Fisher's account of how he took down HackingTeam - https://www.reddit.com/r/netsec/comments/4f3e6p/full_english_translation_of_phineas_fishers/
_ _ _ ____ _ _
| | | | __ _ ___| | __ | __ ) __ _ ___| | _| |
| |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / |
| _ | (_| | (__| < | |_) | (_| | (__| <|_|
|_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)
A DIY Guide
@Te-k
Te-k / Maltego.py
Created January 11, 2019 13:38
Paterva official tranform library for Maltego
#
# Updated Maltego Python library
# 2013/03/30
# See TRX documentation
#
# RT
import sys
from xml.dom import minidom
@Te-k
Te-k / gist:4215e539b93418b4f2fcd9102c569747
Created November 28, 2018 13:22 — forked from peterclemenko/gist:97f92f61845af3844733
Hacking team client renewal
Originally posted at: http://pastebin.com/MP8zpQ26
HACKING TEAM CLIENT RENEWAL DATES
From: Client List_Renewal date.xlsx
Name Country Name Maintenance Status
AFP Australia Australian Federal Police - Expired
AZNS Azerbaijan Ministry of National Defence 6/30/2015 Active
BHR Bahrain Bahrain 5/5/2015 Not Active
PHANTOM Chile Policia de Investigation 12/10/2018 Delivery scheduled (end of november)
@Te-k
Te-k / parse_apache_access.py
Last active November 22, 2018 15:04
Parse Apache access logs
import re
from urllib.parse import parse_qs
regex = re.compile('^(?P<ip>\S+)\s+-\s*(?P<userid>\S+)\s+\[(?P<datetime>[^\]]+)\]\s+"(?P<method>[A-Z]+)\s*(?P<request>[^ "]+)?\s*(HTTP/(?P<http_version>[0-9.]+))?"\s+(?P<status>[0-9]{3})\s+(?P<size>[0-9]+|-)\s+"(?P<referer>[^"]*)"\s+"(?P<user_agent>[^"]*)"')
def parse_log(log):
res = regex.match(line)
if not res:
raise(ValueError('Invalid log format'))
res = res.groupdict()
@Te-k
Te-k / pastebin.py
Last active October 17, 2018 12:07
Download information from a paste on pastebin
import requests
from bs4 import BeautifulSoup
def get_info(key):
# Returns the date and raw data
if key.startswith('http'):
r = requests.get(key)
else:
r = requests.get('https://pastebin.com/' + key)
soup = BeautifulSoup(r.text, 'html.parser')