Skip to content

Instantly share code, notes, and snippets.

Avatar
👨‍💻
Doing stuff

Alexandre Dulaunoy adulau

👨‍💻
Doing stuff
View GitHub Profile
@adulau
adulau / facebook-533m-analysis.md
Last active Apr 6, 2021
Facebook 533m leak - analysis
View facebook-533m-analysis.md

Warning: Analysis is based on the data leaked and subject to interpretation

Format

The original leak contains a zip with various files Zip per "country" with typographic errors and geographic errors. Some files are rar and 7z too.

CSV headers

There are multiple inconsistencies of position and size in the various contry files (merged from different sources?).

@adulau
adulau / automatic-analysis-suspicious-binaries.md
Created Mar 20, 2021
Notes for automatic analysis suspicious binaries
View automatic-analysis-suspicious-binaries.md

Tools

capa (from fireeye)

capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.

Papers

View NLP-notes.md

Install pipe module for spacy.io

export CPPFLAGS="-std=c++98"; pip3 install textpipe

@adulau
adulau / cve-search-fun.md
Created Jun 10, 2020
How to use cve-search - funny command lines
View cve-search-fun.md

Generate PDFs from a set of CVE found by CPE

curl "http://127.0.0.1:5000/api/search/smiths-medical" | jq -r ".[] | .[].id" | parallel --gnu "python3 cve_doc.py -a http://127.0.0.1:5000/ -c {} >/tmp/{}.asc; cd /tmp; asciidoctor-pdf {}.asc"
@adulau
adulau / misp-galaxy-analysis.md
Created Jun 9, 2020
MISP threat-actor galaxy - usage from the command line
View misp-galaxy-analysis.md

Extract all names and synonyms

cat threat-actor.json | jq --raw-output ".values | [.[].value, .[].meta.synonyms] | flatten | .[] " | grep -v "null"

View notes-unix.md

Poetry falling back to Python 2

alias poetry="python3 $HOME/.poetry/bin/poetry"

@adulau
adulau / tweetanalysis.md
Last active Jul 7, 2020
Tweet analysis.md
View tweetanalysis.md

Tweet analysis

Issues Unicode spaces

Tweets are in Unicode format and different languages. You might want to convert all the different kind of spaces into a single type of space.

If you are curious about all the different kind of spaces in Unicode, you might want to read Unicode spaces

 CHARS=$(printf "%b" "\U00A0\U1680\U180E\U2000\U2001\U2002\U2003\U2004\U2005\U2006\U2007\U2008\U2009\U200A\U200B\U202F\U205F\U3000\UFEFF")
@adulau
adulau / misp-toolset.md
Created Sep 20, 2019
Toolset for MISP taxonomies, objects and alike
View misp-toolset.md

a list to a sane default

cat /tmp/lang.txt | awk -F'\\\\n' '{ printf "\"%s\", \n", $1 }'