Amit Serper aserper

## gist:94ce1b762259b6c5cacedb4dd666e2a7
from bcc import BPF

# BPF program that instruments setenv function
prog = """
#include <uapi/linux/ptrace.h>

int trace_setenv(struct pt_regs *ctx) {
    // Assuming the first argument to setenv is a pointer to the environment variable name
    char env_var_name[256];
    bpf_probe_read_user(&env_var_name, sizeof(env_var_name), (void *)PT_REGS_PARM1(ctx));

## gist:7b629de0272483c8ff5d5682a126d44a
from bcc import BPF

# eBPF program
prog = """
#include <uapi/linux/ptrace.h>

// Instrument the fchdir syscall entry
TRACEPOINT_PROBE(syscalls, sys_enter_fchdir) {
    // args is a built-in structure provided by the tracepoint
    // It contains all the arguments of the syscall being traced

## gist:d495b119395bf8352558d4b824f46f93
from bcc import BPF

# eBPF program
prog = """
#include <uapi/linux/ptrace.h>

// Instrument the chdir syscall entry
TRACEPOINT_PROBE(syscalls, sys_enter_chdir) {
    // args is a built-in structure provided by the tracepoint
    // It contains all the arguments of the syscall being traced

## gist:20a0e129ac8781ff946b1bd517b1b723
from bcc import BPF

# Define the eBPF program
prog = """
#include <uapi/linux/ptrace.h>

// Instrument the chmod syscall entry
TRACEPOINT_PROBE(syscalls, sys_enter_chmod) {
    // args is a built-in structure provided by the tracepoint
    // It contains all the arguments of the syscall being traced

## gist:53c70e2ff26c1fc656ac31b514253475
/tmp/exp

## gist:e36d382668c6cf2c996c5143025097c0
AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Sdr0tIIL8yPhKTLzVMnRKj1zzGqtR4tKpM2bfBEx+AHyvBL8jDZDJ6fuVwEB+aZ8bl/pA5qhFWRRWhONLnLN9RWFx/880msXITwOXjCT3Qa6VpAFPPMazJpbppIg+LTkbOEjdDHvdZ8RhEt7tTXc2DoTDcs73EeepZbJmDFP8TCY7hwgLi0XcG8YHkDFoKFUhvSHPkzAsQd9hyOWaI1taLX2VZHAk8rOaYqaRG3URWH3hZvk8Hcgggm2q/IQQa9VLlX4cSM4SifM/ZNbLYAJhH1x3ZgscliZVmjB55wZWRL5oOZztOKJT2oczUuhDHM1qoUJjnxopqtZ5DrA76WH user@localhost"

## dropped_port_scanner.py
#! /usr/bin/env python
#coding: utf-8

import threading
import socket
from re import findall
import httplib
import os
from random import randrange
import random

## gist:cbcd0c8ecbda9398911ecaa1c7f2f71b
 http://printofcenter.pl/media/system/info.php?url=
http://printofcenter.pl/media/system/log.php?url=
http://moippo.org.ua/media/system/log.php?url=
http://moippo.org.ua/media/system/info.php?url=
 http://nihir.org/wp-includes/rest-api/info.php?url=
 http://nihir.org/wp-includes/rest-api/log.php?url=
 http://airsoft.monokpeti.xyz/wp-includes/js/log.php?url=
 http://airsoft.monokpeti.xyz/wp-includes/js/info.php?url=
 http://asoftel.east.3cx.us/wp-includes/js/log.php?url=
 http://asoftel.east.3cx.us/wp-includes/js/info.php?url=

## gist:d0f1f2eb66b582ca04f195707a8d0126
using ;
using ;
using ;
using ;
using ;
using IWshRuntimeLibrary;
using SmartAssembly.Delegates;
using SmartAssembly.HouseOfCards;
using System;
using System.Collections.Generic;

## gist:43664a1daf7d309c46edc2f739d78ecd
handbrakestore.com
handbrake.cc
luwenxdsnhgfxckcjgxvtugj.com
6gmvshjdfpfbeqktpsde5xav.com
kjfnbfhu7ndudgzhxpwnnqkc.com
yaxw8dsbttpwrwlq3h6uc9eq.com
qrtfvfysk4bdcwwwe9pxmqe9.com
fyamakgtrrjt9vrwhmc76v38.com
kcdjzquvhsua6hlfbmjzkzsb.com
ypu4vwlenkpt29f95etrqllq.com
	from bcc import BPF

	# BPF program that instruments setenv function
	prog = """
	#include <uapi/linux/ptrace.h>

	int trace_setenv(struct pt_regs *ctx) {
	// Assuming the first argument to setenv is a pointer to the environment variable name
	char env_var_name[256];
	bpf_probe_read_user(&env_var_name, sizeof(env_var_name), (void *)PT_REGS_PARM1(ctx));
	from bcc import BPF

	# eBPF program
	prog = """
	#include <uapi/linux/ptrace.h>

	// Instrument the fchdir syscall entry
	TRACEPOINT_PROBE(syscalls, sys_enter_fchdir) {
	// args is a built-in structure provided by the tracepoint
	// It contains all the arguments of the syscall being traced
	from bcc import BPF

	# Define the eBPF program
	prog = """
	#include <uapi/linux/ptrace.h>

	// Instrument the chmod syscall entry
	TRACEPOINT_PROBE(syscalls, sys_enter_chmod) {
	// args is a built-in structure provided by the tracepoint
	// It contains all the arguments of the syscall being traced
	#! /usr/bin/env python
	#coding: utf-8

	import threading
	import socket
	from re import findall
	import httplib
	import os
	from random import randrange
	import random
	http://printofcenter.pl/media/system/info.php?url=
	http://printofcenter.pl/media/system/log.php?url=
	http://moippo.org.ua/media/system/log.php?url=
	http://moippo.org.ua/media/system/info.php?url=
	http://nihir.org/wp-includes/rest-api/info.php?url=
	http://nihir.org/wp-includes/rest-api/log.php?url=
	http://airsoft.monokpeti.xyz/wp-includes/js/log.php?url=
	http://airsoft.monokpeti.xyz/wp-includes/js/info.php?url=
	http://asoftel.east.3cx.us/wp-includes/js/log.php?url=
	http://asoftel.east.3cx.us/wp-includes/js/info.php?url=
	using ;
	using ;
	using ;
	using ;
	using ;
	using IWshRuntimeLibrary;
	using SmartAssembly.Delegates;
	using SmartAssembly.HouseOfCards;
	using System;
	using System.Collections.Generic;
	handbrakestore.com
	handbrake.cc
	luwenxdsnhgfxckcjgxvtugj.com
	6gmvshjdfpfbeqktpsde5xav.com
	kjfnbfhu7ndudgzhxpwnnqkc.com
	yaxw8dsbttpwrwlq3h6uc9eq.com
	qrtfvfysk4bdcwwwe9pxmqe9.com
	fyamakgtrrjt9vrwhmc76v38.com
	kcdjzquvhsua6hlfbmjzkzsb.com
	ypu4vwlenkpt29f95etrqllq.com