I hereby claim:
- I am danzek on github.
- I am digital0day (https://keybase.io/digital0day) on keybase.
- I have a public key whose fingerprint is ED5F 14F3 C51F 9CC9 0C57 809B 3FC9 7A65 5B4A 6C98
To claim this, I am signing this object:
danzek
/ keybase.md
Created
August 9, 2014 18:44
danzek
/ reading_from_stdin_slow.md
Last active
April 13, 2017 21:42
Solution for reading lines from stdin being way too slow in C++
StackOverflow Answer
- Retrieved from http://stackoverflow.com/a/9371717/ on April 13, 2017
- Posted by user Vaughn Cato on Feb 21 '12 at 3:24
By default, cin is synchronized with stdio, which causes it to avoid any input buffering. If you add this to the top of your main, you should see much better performance:
std::ios_base::sync_with_stdio(false);
danzek
/ stealcreds.c
Created
October 19, 2017 15:23
LsaRetrievePrivateData User Credential Theft on Windows XP-7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * LsaRetrievePrivateData User Credential Theft on Windows XP-7 | |
| * ============================================================ | |
| * | |
| * Requires admin privileges to run effectively (use privilege escalation | |
| * exploit first then use this to get password so you are no longer dependent | |
| * on the exploit) | |
| * | |
| * Seen on reddit: https://www.reddit.com/r/Malware/comments/779v21/til_you_can_maintain_administrative_access/ | |
| * Code from pastebin dump: https://pastebin.com/u992uP5e |
danzek
/ delete_filebeat_indices.go
Created
January 2, 2018 21:35
List Elasticsearch indices and delete those from filebeat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Get list of indices from Elasticsearch and delete any with filebeat as prefix | |
| // this is ugly and there should be more functions instead of all this crap in main but it's a one-off script | |
| /* | |
| Public Domain. Use this however you wish! | |
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE | |
| WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR | |
| COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR | |
| OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Get list of indices from Elasticsearch. | |
| // Yes, I know this boils down to `curl http://localhost:9200/_cat/indices` and shows less information. | |
| // I did this as a personal exercise while learning Go. | |
| /* | |
| Public Domain. Use this however you wish! | |
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE | |
| WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR |
danzek
/ md5hash.ps1
Last active
January 2, 2018 21:37
MD5 hash files in list provided in text file via PowerShell on Win7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# Public Domain. Use this however you wish! | |
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE | |
| WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR | |
| COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR | |
| OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | |
| #> | |
| $files = Get-Content "file_path_on_each_line.txt" | |
| Write-Output "File Path,MD5 Hash" |
danzek
/ GoogleAnalyticsDomainHashCalculator.cpp
Last active
January 2, 2018 21:37
Google Analytics Domain Hash Calculator - Urchin Tracking Module A (utma)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // GoogleAnalyticsDomainHashCalculator.cpp | |
| // | |
| // NOTE: I turned this into a robust CLI tool: https://github.com/danzek/gadhash | |
| // | |
| // Calculates Google Analytics Domain Hash given domain name | |
| // ========================================================= | |
| // This corresponds to the first value after "utma=" up until the first dot ('.') | |
| // e.g. in "utma=173272373.nnnnnnn", the domain hash is 173272373 ("google.com") | |
| // do not include the protocol in url (e.g., "http://") | |
| // |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| """ | |
| Expert Witness Format (EWF) Extension Helper | |
| Provides generator methods that provide the next expected file extension for EWF and EWF 2 file formats. For instance: | |
| * E01 | |
| * E02 |
danzek
/ reformat_encase_internet.py
Last active
January 2, 2018 21:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python -tt | |
| # -*- coding: utf-8 -*- | |
| """ | |
| Given the starting line number from the html output (and optional ending line number), parses Internet history | |
| artifacts from a default EnCase 7 HTML report into a nicer looking table. Be sure to customize fields and field widths | |
| as needed. | |
| Copyright 2015, Dan O'Day (d@4n68r.com) | |
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # | |
| # pdtime = parse Droid time - Utility to parse Android Unix timestamps in csv files | |
| # | |
| # Given a csv file or list of csv files containing Android timestamps, create a "parsed" directory and | |
| # output new csv files with timestamps parsed in human-readable format, with no timezone adjustments. | |
| # Android timestamps should be stored in UTC/GMT, and are parsed as such. | |
| # | |
| # Sample timestamp: 1311341729264, Android has three extra numbers than regular UNIX timestamps, because | |
| # it stores UNIX epoch in milliseconds. It must be divided by 1000 to make it a normal UNIX timestamp. |
OlderNewer