UTC: 2024-01-03 12:01 virtualex-itv/chocolatey-packages
This file is automatically generated by the update_all.ps1 script using the AU module.
Ignored | History | Force Test | [Releases](https:
# URL reputation checkers: | |
########################## | |
AlienVault OTX https://otx.alienvault.com/browse/pulses | |
BarracudaCentral http://www.barracudacentral.org/lookups | |
BrightCloud https://www.brightcloud.com/tools/url-ip-lookup.php | |
CDRF ThreatCenter https://threatcenter.crdf.fr | |
Cisco Talos https://www.talosintelligence.com/reputation_center | |
Checkpoint https://urlcat.checkpoint.com/urlcat | |
Cyren URL https://www.cyren.com/security-center/url-category-check |
# SPL cheatsheet: | |
# Additional resource: http://www.bbosearch.com/searches | |
######################################################## | |
- List users and corresponding roles: | |
===================================== | |
| rest /services/authentication/users splunk_server=? | |
| fields title roles realname | |
- List indexes: |
https://www.bootloaders.io/ | |
https://loldrivers.io | |
https://gtfobins.github.io | |
https://lolbas-project.github.io | |
https://wtfbins.wtf | |
https://lots-project.com | |
https://filesec.io | |
https://malapi.io | |
https://hijacklibs.net | |
https://wadcoms.github.io |
# Cyber attack maps: | |
#################### | |
Akamai https://www.akamai.com/us/en/solutions/intelligent-platform/visualizing-akamai/real-time-web-monitor.jsp | |
Arbor Networks https://www.digitalattackmap.com | |
Bitdefender https://threatmap.bitdefender.com | |
BlueLiv https://community.blueliv.com/map | |
Cisco Talos https://www.talosintelligence.com | |
Checkpoint https://threatmap.checkpoint.com | |
Deutsche Telekom https://sicherheitstacho.eu/start/main |
UTC: 2024-01-03 12:01 virtualex-itv/chocolatey-packages
This file is automatically generated by the update_all.ps1 script using the AU module.
Ignored | History | Force Test | [Releases](https:
Control Flow Flattening | |
Opaque Predicates | |
Mixed Boolean Arithmetic | |
Strings and Code Encryption | |
Instruction substitution |
export HISTFILE=/dev/null | |
export HISTSIZE=0 | |
export HISTFILESIZE=0 | |
/proc/PID/environ | tr '\0' '\n' | |
unset HISTFILE | |
rm $HISTFILE | |
shred $HISTFILE | |
rm .bash_history |
YARA use cases: | |
=============== | |
Conditions: | |
----------- | |
uint16(0) == 0x5A4D // MZ | |
uint32(uint32(0x3C)) == 0x00004550 // PE | |
uint32(0) == 0x464C457F // ELF | |
uint8be(uint32(0x3C)+4) == 0x64 // 64-bit | |
uint32be(uint32(0x3C)+8) == 0x174a505c // Compiled time |
Pre-built VMs: | |
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ | |
Clean Windows ISOs: | |
Windows 7 - https://docs.microsoft.com/en-us/lifecycle/products/windows-7 | |
Windows 8.1 - https://www.microsoft.com/en-us/software-download/windows8ISO | |
Windows 10 - https://www.microsoft.com/en-US/software-download/windows10 | |
Windows 11 - https://www.microsoft.com/en-US/software-download/windows11 |
Case EXE DLL Date Family Type Country | |
PoisonIvy RAT hijacking Samsung RunHelp.exe RunHelp.exe ssMUIDLL.dll 2019.01.01 PoisonIvyRAT APT - | |
Remcos hijacking OpenVPN libcrypto.dll OpenVPNGui.exe libcrypto.dll 2021.03.01 Netwire/Remcos RAT APT - | |
REvil hijacking MsMpEng.exe/ WinDefender DLL MsMpEng.exe mpsvc.dll 2021.03.31 REvil group Cybercrime - | |
NGOs are targeted by APT10 with VLC media player side-loading vlc.exe - 2022.02.01 Cicada group APT10 CN | |
Lockbit ransomware dropping Cobalt-strike w/ DLL-sideloading VMwareXferlogs.exe glib-2.0.dll 2022.04.27 Lockbit group Cybercrime - | |
PlugX Hijacking Bitdefender AV DLLs bdsrv.exe log.dll 2022.05.02 PlugX/ShadowPad RAT APT CN | |
Mustang Panda targets EU entities with phishing Acrobat.exe Acrobat.dll 2022.05.05 PlugX/ShadowPad RAT APT CN | |
Qakbot abusing calc.exe for Sideloading calc.exe WindowsCodecs.dll 2022.07.27 Qakbot trojan Cybercrime - |