Experimental attempt at getting organized ...
Cheat sheet that covers tools, common commands, and other information for analyzing malicious documents, such as Word, OneNote and PDF:
Johan van der Knijff bitsgalore
bitsgalore
/ scratchpad.md
Last active
April 10, 2024 10:15
When used from the command line, the xmllint tool doesn't accept namespaces in xpath expressions. This makes it difficult to process XML documents like the one below (file demo.xml):
<?xml version="1.0" standalone="yes"?>
<svrl:schematron-output xmlns:svrl="http://purl.oclc.org/dsdl/svrl" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:schold="http://www.ascc.net/xml/schematron" xmlns:sch="http://www.ascc.net/xml/schematron" xmlns:iso="http://purl.oclc.org
bitsgalore
/ createWindowsShortcut.py
Last active
December 1, 2023 10:32
Create Windows Desktop shortcut to executable in Python Scripts directory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| import os | |
| import sys | |
| import shutil | |
| import sysconfig | |
| import winreg | |
| from win32com.client import Dispatch | |
| def get_reg(name,path): | |
| # Read variable from Windows Registry |
bitsgalore
/ loggingGUI.py
Created
January 31, 2017 13:43
Minimal threaded GUI application with logging to both text file and ScrolledText widget
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| import time | |
| import threading | |
| import logging | |
| try: | |
| import tkinter as tk # Python 3.x | |
| import tkinter.scrolledtext as ScrolledText | |
| except ImportError: | |
| import Tkinter as tk # Python 2.x | |
| import ScrolledText |
bitsgalore
/ jpylyzer-create-testfiles-profiles.sh
Created
October 3, 2023 14:23
Create Jpylyzer testfiles with different profiles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Location of Kakadu binaries | |
| kduPath=/Applications/kakadu | |
| # Add Kakadu path to LD_LIBRARY_PATH | |
| export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$kduPath | |
| # Create TIFF from existing JP2 | |
| /Applications/kakadu/kdu_expand -i aware.jp2 -o aware.tif |
bitsgalore
/ tweet-example.json
Created
November 20, 2022 13:32
Example of JSON format used in Twitter archive for one single Tweet (from tweets.js)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "tweet" : { | |
| "edit_info" : { | |
| "initial" : { | |
| "editTweetIds" : [ | |
| "1588159317974319106" | |
| ], | |
| "editableUntil" : "2022-11-03T13:51:02.000Z", | |
| "editsRemaining" : "5", | |
| "isEditEligible" : false |
bitsgalore
/ partitionsHomePC.md
Last active
October 9, 2022 15:22
Partition scheme home PC (Linux Mint)
bitsgalore
/ ht2jk-jpylyzer.xnl
Created
August 3, 2022 18:52
Jpylyzer output for High Throughput JPEG 2000 codestream downloaded from https://chafey.github.io/openjphjs/test/browser/index.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version='1.0' encoding='UTF-8'?> | |
| <jpylyzer xmlns="http://openpreservation.org/ns/jpylyzer/v2/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://openpreservation.org/ns/jpylyzer/v2/ http://jpylyzer.openpreservation.org/jpylyzer-v-2-0.xsd"> | |
| <toolInfo> | |
| <toolName>jpylyzer</toolName> | |
| <toolVersion>2.0.0</toolVersion> | |
| </toolInfo> | |
| <file> | |
| <fileInfo> | |
| <fileName>6e3Gf8Mu</fileName> | |
| <filePath>/home/johan/test/6e3Gf8Mu</filePath> |
bitsgalore
/ readme.md
Last active
June 14, 2022 15:20
Storage media type detection using the Windows API and Python
The script that was originally included here is now superseded by:
https://github.com/KBNLresearch/detectStorageMediaType
See also my blog post:
Identification of physical storage media and devices with Python and the Windows API
bitsgalore
/ iso9660-withschema.xml
Created
April 19, 2022 16:54
Isolyzer output with added namespace and XSD schema definitions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" ?> | |
| <isolyzer xmlns="http://kb.nl/ns/isolyzer/v1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://kb.nl/ns/isolyzer/v1/ https://raw.githubusercontent.com/KBNLresearch/isolyzer/xsd/xsd/isolyzer-v-1-0.xsd"> | |
| <toolInfo> | |
| <toolName>cli.py</toolName> | |
| <toolVersion>1.4.0a2</toolVersion> | |
| </toolInfo> | |
| <image> | |
| <fileInfo> | |
| <fileName>iso9660.iso</fileName> | |
| <filePath>/home/johan/isolyzer/testFiles/iso9660.iso</filePath> |
NewerOlder