This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
################################################################## | |
# | |
# Ref sample: | |
# MD5: abd2b832007338d6d6550339eec09fb0 (AegisI5.exe) | |
# \_ MD5: cf5de95d94bb349f1f21bb5713a05d25 (fA1L0mX.exe) | |
# \_ MD5: 17cb0563f7c4621bc98abd06965bdfa9 (svchost.exe injected DLL) | |
# | |
# DGA generator for Ramnit Trojan | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/local/bin/env python | |
#################################################### | |
## | |
## All credit to @_qaz_qaz for this awesome post | |
## https://secrary.com/ReversingMalware/Upatre/ | |
## | |
## Original script: | |
## https://gist.github.com/secrary/98c563688fa6cea1fd517170f97988ab | |
## |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//setup casper | |
var casper = require('casper').create({ | |
verbose: true, | |
//Fake the user agent | |
pageSettings: { | |
userAgent: 'Mozilla/5.0 (Windows NT 5.1; chromeframe/25.0.1364.152) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22' | |
}, | |
logLevel: "debug" | |
//logLevel: "error" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/local/bin/env python | |
######################################################################################################## | |
## | |
## Decrypts the AdWind configiration files! | |
## ** May also work for other files ** | |
## | |
## | |
## All credit to Michael Helwig for the original Java implementation: | |
## https://github.com/mhelwig/adwind-decryptor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
####################################################################### | |
# Ksearch provides a simple search interface for the amazing Koodous | |
# platform: https://koodous.com/ | |
# | |
# With Ksearch you have a simple way to integrate Koodous search into | |
# any of your python projects. This gives you the ability to quickly | |
# crowdsource the analysis of potentially malicious Android files. | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
####################################################################### | |
# Kalert provides a simple Slack alert integration for the amazing Koodous | |
# platform: https://koodous.com/ | |
# | |
# Simply add your TOKEN and your SLACK url to the script and setup | |
# a cronjob to run the script ever 5min or whatever you want. | |
# | |
# Example: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SandBoxTest.cpp : Defines the entry point for the console application. | |
// | |
#include "stdafx.h" | |
#include <windows.h> | |
#include <tchar.h> | |
#include <stdio.h> | |
#include <strsafe.h> | |
#include <string> | |
using namespace std; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
########################################################################################################## | |
## | |
## Like steroids for your strings! | |
## | |
## Original idea: @williballenthin | |
## Original link: https://gist.github.com/williballenthin/8e3913358a7996eab9b96bd57fc59df2 | |
## | |
## Lipstick and rouge by: @herrcore |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import idautils | |
import idaapi | |
import idc | |
def string_decrypt(data_ea, data_len): | |
data = idc.GetManyBytes(data_ea, data_len) | |
key = '89798798798g79er$' | |
out = 'str_' | |
for i in range(0 , len(data)): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2.7 | |
##################################################################################### | |
## | |
## Simple Abstract Syntax Tree Example for Tokens x, const, add, sub | |
## | |
## Reference: https://www.youtube.com/watch?v=kzDuHh6kolk - tutorial by Jack Mott | |
## | |
##################################################################################### | |