This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if ((Get-Item -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Windows').GetValue('SystemLookup')) {Write-Host "Angelfire found!"} else {Write-Host "Nothing"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
development: | |
adapter: mysql2 | |
encoding: utf8 | |
database: my_database | |
username: root | |
password: | |
apt: | |
- somepackage | |
- anotherpackage |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(function(){ | |
var re = /(^127\.0\.0\.1)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)|localhost/; | |
if(re.test(window.location.hostname)) return; | |
var _gaq=[['_setAccount','UA-23156659-1'],['_trackPageview'],['_trackPageLoadTime']]; | |
(function(d,t){var g=d.createElement(t),s=d.getElementsByTagName(t)[0];g.async=1; | |
g.src=('https:'==location.protocol?'//ssl':'//www')+'.google-analytics.com/ga.js'; | |
s.parentNode.insertBefore(g,s)}(document,'script')); | |
})(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import os | |
from time import sleep | |
FILE_PATH = 'ts.txt' | |
def get_atime_1(): | |
result = os.stat(FILE_PATH, follow_symlinks = False) | |
return result.st_atime |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Uploaded by @JohnLaTwC | |
25b4214da1189fd30d3de7c538aa8b606f22c79e50444e5733fb1c6d23d71fbe.unzip\Basic\Standard\Module1.xml | |
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE script:module PUBLIC "-//OpenOffice.org//DTD OfficeDocument 1.0//EN" "module.dtd"> | |
<script:module xmlns:script="http://openoffice.org/2000/script" script:name="Module1" script:language="StarBasic">REM ***** BASIC ***** | |
Sub OnLoad | |
Dim os as string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import datetime | |
from typing import AnyStr, Generator, Optional, Tuple, Type, Union | |
import uuid | |
from kaitaistruct import BytesIO, KaitaiStream | |
import known_uuids | |
import logging | |
import ShellItemList |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Import-Module HgsDiagnostics | |
$GetHgsTrace = Get-Command Get-HgsTrace | |
$RemoteAttestationCoreReference = $GetHgsTrace.ImplementingType.Assembly.GetReferencedAssemblies() | Where-Object { $_.Name -eq 'Microsoft.Windows.RemoteAttestation.Core' } | |
Add-Type -AssemblyName $RemoteAttestationCoreReference.FullName | |
$MostRecentTCGLog = Get-ChildItem C:\Windows\Logs\MeasuredBoot | Sort-Object -Property LastWriteTime -Descending | Select-Object -First 1 | Select-Object -ExpandProperty FullName | |
$LogBytes = [IO.File]::ReadAllBytes($MostRecentTCGLog) | |
$ParsedTCGLog = [Microsoft.Windows.RemoteAttestation.Core.TcgEventLog]::Parse($LogBytes) | |
$ParsedTCGLog.TcgData.Children | Sort-Object -Property PcrIndex | Group-Object -Property PcrIndex |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Registers | |
Caller-saved Callee-saved | |
RAX RCX RSP RDI RSI RDX R8 R9 R10 R11 RBP RBX R12 R13 R14 R15 | |
Args: RDI, RSI, RDX, RCX, R8, R9, XMM0–7 | |
Return: RAX | |
Simple Compile | |
yasm -f macho64 foo.asm && gcc foo.c foo.o -Wall -Wextra -g -O1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import pefile | |
filename = '/home/martin/some_binary.dll' | |
base = os.path.basename(filename) | |
pe = pefile.PE(filename) | |
#Remove is_dll flag | |
pe.FILE_HEADER.Characteristics = pe.FILE_HEADER.Characteristics - 0x2000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
title: Suspicious Keyboard Layout Load | |
description: Detects the keyboard preload installation with a suspicious keyboard layout, e.g. Chinese, Iranian or Vietnamese layout load in user session on systems maintained by US staff only | |
references: | |
- https://renenyffenegger.ch/notes/Windows/registry/tree/HKEY_CURRENT_USER/Keyboard-Layout/Preload/index | |
author: Florian Roth | |
date: 2019/10/12 | |
logsource: | |
product: windows | |
service: sysmon | |
definition: 'Requirements: Sysmon config that monitors \Keyboard Layout\Preload subkey of the HKLU hives - see https://github.com/SwiftOnSecurity/sysmon-config/pull/92/files' |
OlderNewer