Dave Hull davehull

## list.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                davehull
                / list.md
            
            
              Created
              August 13, 2022 22:53
                — forked from ih2502mk/list.md
            
              
                Quantopian Lectures Saved
              
          
    Lecture 1: Introduction to Research — [📝Lecture Notebooks] [▶️Video]

Lecture 2: Introduction to Python — [📝Lecture Notebooks] [▶️Video]

Lecture 3: Introduction to NumPy — [📝Lecture Notebooks] [▶️Video]

Lecture 4: Introduction to pandas — [📝Lecture Notebooks] [▶️Video]

Lecture 5: Plotting Data — [📝Lecture Notebooks] [[▶️Vide

  
## memdumppe.py
#!/usr/bin/env python2
'''
Dump some PE file features from memory images.

author: Willi Ballenthin
email: william.ballenthin@fireeye.com
website: https://gist.github.com/williballenthin/cbc102d561e2eb647f7aec3c3753ba55
'''
import os
import sys

## ASR Rules Bypass.vba
' ASR rules bypass creating child processes
' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule

Sub ASR_blocked()
    Dim WSHShell As Object
    Set WSHShell = CreateObject("Wscript.Shell")
    WSHShell.Run "cmd.exe"
End Sub

## Get-NetDetails.ps1
[CmdletBinding()]
Param(
    [Parameter(Mandatory=$False,Position=0)]
        [String]$TargetHostname,
    [Parameter(Mandatory=$False,Position=1)]
        [String]$HashAlgorithm
)

## We will handle errors via Try/Catch
$ErrorActionPreference = 'Stop'

## Get-ClrReflection.ps1
function Get-ClrReflection
{
    <#
    .SYNOPSIS

    Detects memory-only CLR (.NET) modules

    Author: Joe Desimone (@dez_)
    License: BSD 3-Clause


## ConvertTo-DelimiterSeparatedValues.ps1
function ConvertTo-DelimiterSeparatedValues {
<#
  This function is like ConverTo-CSV but with
  support for multi-character delimiters. The
  function will return noteproperty names as
  a header row.
#>
param(
  [Parameter(Mandatory=$True,ValueFromPipeLine=$True,Position=0)]
    [pscustomobject[]]$arrObject,

## XOR Brutr Output
I've been playing around with Matasano Crypto Challenges for my own edification.
It's been fun and insightful. I've learned a number of new things and enjoyed
doing so. If you're a mediocre programmer like me and have an interest in crypto,
I highly recommend checking out the challenges -- http://cryptopals.com/.

A few of the exercises in set 1 have you playing around with XOR for encryption.
You create a script that can brute force single key decryption and if you're
ambitious you'll write a function that will examine letter frequencies of the
output and score the results, returning the one that is most likely to be
English. I wrote multiple scoring functions for this, one that counts English

## XOR-Encrypt.ps1
<#
.SYNOPSIS
XOR-Encrypt.ps1 takes a string of text to be encrypted and a key. Each
byte of the input string will be XOR'd with a byte from the key. If
the key is not as long as the input string, the key will repeat.
.PARAMETER String
A required parameter, the string to be encoded.
.PARAMETER key
A required parameter, the key that the string will be XOR'd with.
.EXAMPLE

## XOR-Decrypt.ps1
<#
.SYNOPSIS
XOR-Decrypt.ps1 takes a hexadecimal encoded string and uses the English
alpha and numeric characters as a key space, XORing the string with
each single character and returning a XOR decrypted string.
.PARAMETER hexString
A required argument -- the hexadecimal encoded string to be decoded.
.PARAMETER AllResults
An optional switch that causes the script to return the all decrypted
objects, by default the script will only return the object with the

## Resolve-WindowsGUID.ps1
<#
.SYNOPSIS
Resolves many Windows GUIDs to human friendly values.

.DESCRIPTION
Resolve-WindowsGUID.ps1 takes a GUID from a Windows system and attempts
to return a human friendly value from either a static list or from a
dynamically generated list of LogProvider GUIDs. There are undoubtedly
other GUIDs in use throughout Windows that will not fall into either of
these sets. If you encounter a GUID that you can't resolve via this
	#!/usr/bin/env python2
	'''
	Dump some PE file features from memory images.

	author: Willi Ballenthin
	email: william.ballenthin@fireeye.com
	website: https://gist.github.com/williballenthin/cbc102d561e2eb647f7aec3c3753ba55
	'''
	import os
	import sys
	' ASR rules bypass creating child processes
	' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
	' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
	' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule

	Sub ASR_blocked()
	Dim WSHShell As Object
	Set WSHShell = CreateObject("Wscript.Shell")
	WSHShell.Run "cmd.exe"
	End Sub
	[CmdletBinding()]
	Param(
	[Parameter(Mandatory=$False,Position=0)]
	[String]$TargetHostname,
	[Parameter(Mandatory=$False,Position=1)]
	[String]$HashAlgorithm
	)

	## We will handle errors via Try/Catch
	$ErrorActionPreference = 'Stop'
	function Get-ClrReflection
	{
	<#
	.SYNOPSIS

	Detects memory-only CLR (.NET) modules

	Author: Joe Desimone (@dez_)
	License: BSD 3-Clause
	function ConvertTo-DelimiterSeparatedValues {
	<#
	This function is like ConverTo-CSV but with
	support for multi-character delimiters. The
	function will return noteproperty names as
	a header row.
	#>
	param(
	[Parameter(Mandatory=$True,ValueFromPipeLine=$True,Position=0)]
	[pscustomobject[]]$arrObject,
	I've been playing around with Matasano Crypto Challenges for my own edification.
	It's been fun and insightful. I've learned a number of new things and enjoyed
	doing so. If you're a mediocre programmer like me and have an interest in crypto,
	I highly recommend checking out the challenges -- http://cryptopals.com/.

	A few of the exercises in set 1 have you playing around with XOR for encryption.
	You create a script that can brute force single key decryption and if you're
	ambitious you'll write a function that will examine letter frequencies of the
	output and score the results, returning the one that is most likely to be
	English. I wrote multiple scoring functions for this, one that counts English
	<#
	.SYNOPSIS
	XOR-Encrypt.ps1 takes a string of text to be encrypted and a key. Each
	byte of the input string will be XOR'd with a byte from the key. If
	the key is not as long as the input string, the key will repeat.
	.PARAMETER String
	A required parameter, the string to be encoded.
	.PARAMETER key
	A required parameter, the key that the string will be XOR'd with.
	.EXAMPLE
	<#
	.SYNOPSIS
	XOR-Decrypt.ps1 takes a hexadecimal encoded string and uses the English
	alpha and numeric characters as a key space, XORing the string with
	each single character and returning a XOR decrypted string.
	.PARAMETER hexString
	A required argument -- the hexadecimal encoded string to be decoded.
	.PARAMETER AllResults
	An optional switch that causes the script to return the all decrypted
	objects, by default the script will only return the object with the
	<#
	.SYNOPSIS
	Resolves many Windows GUIDs to human friendly values.

	.DESCRIPTION
	Resolve-WindowsGUID.ps1 takes a GUID from a Windows system and attempts
	to return a human friendly value from either a static list or from a
	dynamically generated list of LogProvider GUIDs. There are undoubtedly
	other GUIDs in use throughout Windows that will not fall into either of
	these sets. If you encounter a GUID that you can't resolve via this