albertzsigovits

# NetAcademia - Petya Zsiros - p1.py
import immlib
def main(args):
	imm = immlib.Debugger()
	addr = imm.getAddress("kernel32.IsDebuggerPresent")
	if (addr <= 0):
		imm.log("kernel32.IsDebuggerPresent CAN NOT BE FOUND")
		return "ERROR"
	imm.log("Patching in progress...")
	imm.log("addr: 0x%08x" % addr)

albertzsigovits

# NetAcademia - Petya Zsiros - p2.txt
GPA "IsDebuggerPresent", "Kernel32.dll"
mov addr, $RESULT
log addr
asm addr,"XOR EAX,EAX"
add addr, $RESULT
asm addr,"RETN"

albertzsigovits

# NetAcademia - Petya Zsiros - p1.txt
GMA "patching", MODULEBASE
mov addr, $RESULT
log addr
add addr, 102E
log addr
mov [addr], #74#

albertzsigovits

# Linux tips & tricks
#####################

- Binding WIN+L or Ctl+Alt+L to xscreensaver-lock:
==================================================
  1. edit ~/.config/openbox/ubuntu-rc.xml
  2. <keybind key="C-A-L">
        <action name="Execute">
          <command>dm-tool lock</command>
        </action>

albertzsigovits

# SPL cheatsheet:
# Additional resource: http://www.bbosearch.com/searches
########################################################

- List users and corresponding roles:
=====================================
  | rest /services/authentication/users splunk_server=?
  | fields title roles realname

- List indexes:

albertzsigovits

# VirusTotal Warzone challenge solutions:
# Additional help on VTi queries: https://www.virustotal.com/intelligence/help/
###############################################################################

- Search files uploaded through the web portal between the following dates from Brazil:
=======================================================================================
    submitter:BR submitter:web fs:2018-12-30+ fs:2019-01-30-

- Search for PE files with subspan 5mins uploaded from Brazil in the last month through the web portal:
=======================================================================================================

albertzsigovits

# Top 100 Favourite English idioms:
###################################

the last straw that broke the camel's back
you beat me to it
blow a gasket
hit me up
for the sake of
started to dawn on me
beating them to the punch

albertzsigovits

# IDA Pro Keyboard shortcuts and tips:
######################################

Ctrl+E - Return to entry point
Alt+M - Set bookmark
Ctrl+M - List bookmarks
Space - Toggle full screen/workflow view
Esc - Backup to parent function
Ctrl+X - Find All X-References
Ctrl+R - Change reference information e.g deltas etc.

albertzsigovits

# Cyber attack maps:
####################

Akamai              https://www.akamai.com/us/en/solutions/intelligent-platform/visualizing-akamai/real-time-web-monitor.jsp
Arbor Networks      https://www.digitalattackmap.com
Bitdefender         https://threatmap.bitdefender.com
BlueLiv             https://community.blueliv.com/map
Cisco Talos         https://www.talosintelligence.com
Checkpoint          https://threatmap.checkpoint.com
Deutsche Telekom    https://sicherheitstacho.eu/start/main

albertzsigovits

# URL reputation checkers:
##########################

AlienVault OTX              https://otx.alienvault.com/browse/pulses
BarracudaCentral            http://www.barracudacentral.org/lookups
BrightCloud                 https://www.brightcloud.com/tools/url-ip-lookup.php
CDRF ThreatCenter           https://threatcenter.crdf.fr
Cisco Talos                 https://www.talosintelligence.com/reputation_center
Checkpoint                  https://urlcat.checkpoint.com/urlcat
Cyren URL                   https://www.cyren.com/security-center/url-category-check