Furkan ÇALIŞKAN caliskanfurkan

## macOS Internals.md

      
              1 file
            
          
              87 forks
            
          
              4 comments
            
          
              1605 stars
            
          
                kconner
                / macOS Internals.md
            
            
              Last active
              July 7, 2024 19:42
            
              
                macOS Internals
              
          
    macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.
Starting Points

How to use this gist

You've got two main options:

  
## Cobalt Strike Named Pipe Regex.csv

          
            Regex
            Source

            
              MSSE-[0-9a-f]{3}-server
              Default Cobalt Strike Artifact Kit binaries

            
              status_[0-9a-f]{2}
              Default psexec_psh

            
              postex_ssh_[0-9a-f]{4}
              Default SSH beacon

            
              msagent_[0-9a-f]{2}
              Default SMB beacon

            
              postex_[0-9a-f]{4}
              Default Post Exploitation job (v4.2+)

            
              mojo.5688.8052.183894939787088877[0-9a-f]{2}
              jquery-c2.4.2.profile

            
              mojo.5688.8052.35780273329370473[0-9a-f]{2}
              jquery-c2.4.2.profile

            
              wkssvc[0-9a-f]{2}
              jquery-c2.4.2.profile

            
              ntsvcs[0-9a-f]{2}
              trick_ryuk.profile

## Macro_Scrambler.py
import sys
import zipfile
import random

def get_zip_file_header_offset(zip_filename, target_filename):
	"""
	Parse the file header offset for a target_filename.

	:param zip_filename: The name of the zip file to read.
	:param target_filename: The name of the file to find the header of.

## iranian_apit_groups_possible_commands.md

      
              1 file
            
          
              36 forks
            
          
              0 comments
            
          
              98 stars
            
          
                MSAdministrator
                / iranian_apit_groups_possible_commands.md
            
            
              Last active
              April 10, 2024 14:30
            
              
                Iranian APT Groups & Possible Commands Used By These Groups
              
          
    Overview

The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:

APT33
APT34
APT39
Charming Kitten


## iddqd.yar
/*
WARNING:

the newest version of this rule is now hosted here:
https://github.com/Neo23x0/god-mode-rules/blob/master/godmode.yar
*/


/*
      _____        __  __  ___        __

## yara-spliter.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-

import os
import sys
import uuid

from collections import deque

# Motify this as the number of rules per file

## gist:606c41ac6ec40bf5c69d4db96d9312e3
From: http://redteams.net/bookshelf/
Techie

    Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
    Social Engineering: The Art of Human Hacking by Christopher Hadnagy
    Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
    The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
    Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
    Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
    The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors

## Get-InjectedThread.ps1
function Get-InjectedThread
{
    <#

    .SYNOPSIS

    Looks for threads that were created as a result of code injection.

    .DESCRIPTION


## Kredi Kartı BIN Listesi - CSV
bin,banka_kodu,banka_adi,type,sub_type,virtual,prepaid
413226,10,T.C. ZİRAAT BANKASI A.Ş.,VISA,PLATINUM
444676,10,T.C. ZİRAAT BANKASI A.Ş.,VISA,CLASSIC
444677,10,T.C. ZİRAAT BANKASI A.Ş.,VISA,GOLD
444678,10,T.C. ZİRAAT BANKASI A.Ş.,VISA,PLATINUM
453955,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, CLASSIC
453956,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, GOLD
454671,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, CLASSIC
454672,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, CLASSIC
454673,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, BUSINESS

## install_w3af.sh
#!/bin/bash

# Attempts to install the web application vulnerability scanner w3af and it's prerequisites.
# For more information about w3af, see: http://w3af.sourceforge.net/

# USAGE: pypi_install package_name version_number md5_checksum
#        checksum is optional; package and version are required
function pypi_install() {
  name=$1
  version=$2
	Regex	Source
	MSSE-[0-9a-f]{3}-server	Default Cobalt Strike Artifact Kit binaries
	status_[0-9a-f]{2}	Default psexec_psh
	postex_ssh_[0-9a-f]{4}	Default SSH beacon
	msagent_[0-9a-f]{2}	Default SMB beacon
	postex_[0-9a-f]{4}	Default Post Exploitation job (v4.2+)
	mojo.5688.8052.183894939787088877[0-9a-f]{2}	jquery-c2.4.2.profile
	mojo.5688.8052.35780273329370473[0-9a-f]{2}	jquery-c2.4.2.profile
	wkssvc[0-9a-f]{2}	jquery-c2.4.2.profile
	ntsvcs[0-9a-f]{2}	trick_ryuk.profile
	import sys
	import zipfile
	import random

	def get_zip_file_header_offset(zip_filename, target_filename):
	"""
	Parse the file header offset for a target_filename.

	:param zip_filename: The name of the zip file to read.
	:param target_filename: The name of the file to find the header of.
	/*
	WARNING:

	the newest version of this rule is now hosted here:
	https://github.com/Neo23x0/god-mode-rules/blob/master/godmode.yar
	*/


	/*
	_____ __ __ ___ __
	#!/usr/bin/env python
	# -- coding: utf-8 --

	import os
	import sys
	import uuid

	from collections import deque

	# Motify this as the number of rules per file
	From: http://redteams.net/bookshelf/
	Techie

	Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
	Social Engineering: The Art of Human Hacking by Christopher Hadnagy
	Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
	The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
	Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
	Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
	The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
	function Get-InjectedThread
	{
	<#

	.SYNOPSIS

	Looks for threads that were created as a result of code injection.

	.DESCRIPTION
	bin,banka_kodu,banka_adi,type,sub_type,virtual,prepaid
	413226,10,T.C. ZİRAAT BANKASI A.Ş.,VISA,PLATINUM
	444676,10,T.C. ZİRAAT BANKASI A.Ş.,VISA,CLASSIC
	444677,10,T.C. ZİRAAT BANKASI A.Ş.,VISA,GOLD
	444678,10,T.C. ZİRAAT BANKASI A.Ş.,VISA,PLATINUM
	453955,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, CLASSIC
	453956,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, GOLD
	454671,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, CLASSIC
	454672,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, CLASSIC
	454673,10,T.C. ZİRAAT BANKASI A.Ş.,VISA, BUSINESS
	#!/bin/bash

	# Attempts to install the web application vulnerability scanner w3af and it's prerequisites.
	# For more information about w3af, see: http://w3af.sourceforge.net/

	# USAGE: pypi_install package_name version_number md5_checksum
	# checksum is optional; package and version are required
	function pypi_install() {
	name=$1
	version=$2