I hereby claim:
- I am am1ru1 on github.
- I am am1ru1 (https://keybase.io/am1ru1) on keybase.
- I have a public key ASC8kZvfU36mpW7wtIIisFE0POLhq85lecaSnjBTrgGWOgo
To claim this, I am signing this object:
#!/bin/bash | |
HOST=$(hostname) | |
function install_postfix() { | |
echo | sudo debconf-set-selections <<__EOF | |
postfix postfix/root_address string | |
postfix postfix/rfc1035_violation boolean false | |
postfix postfix/mydomain_warning boolean | |
postfix postfix/mynetworks string 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 |
-----BEGIN PGP PUBLIC KEY BLOCK----- | |
Version: BCPG v1.47 | |
mQGiBFGPW60RBADSRdukOufvUs90Cvp88m5jGK0P+qQsxcJtlA+yAp8wdtVW1AQw | |
gBXE6hbVCXSmvcrJbL0DTv+dHA80mJlKypWyHg4TI/gEZ8YSwpeW4KiEZUKMJYdi | |
4Y/o3/ReJGesAeOsVLCc4MxU/2sa3/2mWoG+Nz+Yv2LN+lmec5NeVaKpLQCgvWWz | |
f7Ga5SDrW2Pk6UEe0GoES+MD/RE0/sDCfHBkVPS8uBj9jTfpbi9YtIx687rN0RRl | |
CF32rPwK18+NePzaunBcuCP3IsLBsFadmqicdx5aWgsMpt3rPD/ImqGqmTFJXPQ4 | |
fXRkwW6LUeNi76ok+oK93iXi2uZJY4uZzZOxIhD/4ntOMunqxt+CDRuW8+mUmfxT | |
/EcHA/9o4RjAYN/mtl5w0zWbC43zx0+Xz4VhGcuMcleSK+Qllv6Uzk/FnP3+SHge |
# Signatures for detecting Microsoft Word Intruder | |
# https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.html | |
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"FOX-SRT - Trojan - Microsoft Word Intruder payload request"; content:"GET"; depth:3; flowbits:set,wmi; content:!"Referer|3a| "; content:!"Cookie|3a| "; uricontent:"&act=1"; fast_pattern: only; pcre:"/\/webstat\/image\.php\?id=[0-9]{8}/"; threshold: type limit, track by_src, count 1, seconds 3600; classtype:trojan-activity; reference:url,https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.html; sid:21001609; rev:1;) | |
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"FOX-SRT - Trojan - Microsoft Word Intruder payload response"; flowbits:isset,mwi; content:"Content-Type|3a| application/octet-stream"; content:"Content-Description|3a| File Transfer"; pcre:"/filename=[0-9]{8}\.exe/"; threshold: type limit, track by_src, count 1, seconds 3600; classtype:trojan-activity; reference:url,https://www.fir |
import os | |
import struct | |
import shutil | |
import subprocess | |
class macho_intel32_shellcode(): | |
""" | |
Mach-O Intel x32 shellcode class | |
""" |
# Get original data | |
$data = @{ | |
First = 'Justin'; | |
Last = 'Dearing'; | |
Resume = @{ | |
Experience = [HashTable[]]@( | |
@{ | |
StartDate = [DateTime] (Get-Date '2002-03-23'); | |
EndDate = [DateTime] (Get-Date '2007-05-15'); | |
Company = 'ACME ISP'; |
# credential file path | |
$CredentialPath = "$PSScriptRoot\credential.clixml" | |
# get and export credential | |
$credential = Get-Credential | |
$credential | Export-Clixml -LiteralPath $CredentialPath | |
# import credential | |
$credential = Import-Clixml -LiteralPath $CredentialPath | |
$credential |
# =================== YOUR DATA ======================== | |
SERVER_NAME="some-server-name" | |
SERVER_IP="111.111.11.11" | |
USER="someuser" | |
SUDO_PASSWORD="secret-password-one" | |
MYSQL_ROOT_PASSWORD="secret-password-two" |
I hereby claim:
To claim this, I am signing this object:
#!/usr/bin/env python3 | |
# tweak up from https://github.com/mgp25/classesMD5-64/blob/master/dexMD5.py | |
# build AXML library from https://github.com/mikusjelly/axmlparser | |
# add xml manifest parse for getting WhatsApp Version | |
# to use this $ python3 dexMD5.py apk/WhatsApp.apk | |
# Output : | |
# WhatsApp Version : 2.17.296 | |
# WhatsApp ClassesDEX MD5 : b'YrJNPljM3TuNFPIOZ+jziw==' | |
# | |
# @MasBog |