I hereby claim:
- I am herrcore on github.
- I am herrcore (https://keybase.io/herrcore) on keybase.
- I have a public key whose fingerprint is 8E47 AB41 31AE D120 0655 3C4D 4339 149B F8AF 2E6A
To claim this, I am signing this object:
herrcore herrcore
herrcore
/ keybase.md
Created
March 5, 2015 22:23
herrcore
/ disk_serial_extractor.py
Created
August 24, 2015 17:31
Extract the disk serial number from the SOFTWARE hive
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ####################################################################### | |
| ## | |
| ## Extract the disk serial number from the SOFTWARE hive | |
| ## | |
| ####################################################################### | |
| __AUTHOR__ = '@herrcore' | |
| import datetime |
herrcore
/ redirect_hunter.js
Created
January 26, 2016 06:27
Simple CasperJS script to load page with fake referrer and follow all redirects. The HTML for the final page is printed along with the redirect URLs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //setup casper | |
| var casper = require('casper').create({ | |
| verbose: true, | |
| //Fake the user agent | |
| pageSettings: { | |
| userAgent: 'Mozilla/5.0 (Windows NT 5.1; chromeframe/25.0.1364.152) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.152 Safari/537.22' | |
| }, | |
| logLevel: "debug" | |
| //logLevel: "error" |
herrcore
/ strings.py
Last active
July 17, 2020 00:49
— forked from williballenthin/strings.py
Extract ASCII and Unicode strings using Python.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ########################################################################################################## | |
| ## | |
| ## Like steroids for your strings! | |
| ## | |
| ## Original idea: @williballenthin | |
| ## Original link: https://gist.github.com/williballenthin/8e3913358a7996eab9b96bd57fc59df2 | |
| ## | |
| ## Lipstick and rouge by: @herrcore |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| __AUTHOR__ = '@herrcore' | |
| ############################################################################################### | |
| ## | |
| ## Script to reproduce the DGA for #Dromedan dropper | |
| ## Sample SHA256: f88bc84fea3695cd1da1a315eb09c65f21cfc6b764defc3c8efd94d6c6396e0c | |
| ## | |
| ## Another @herrcore production | |
| ## | |
| ## And so me put in work work work work work work! |
herrcore
/ ksearch.py
Last active
August 9, 2019 02:36
Ksearch provides a simple search interface for the amazing Koodous platform: https://koodous.com/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| ####################################################################### | |
| # Ksearch provides a simple search interface for the amazing Koodous | |
| # platform: https://koodous.com/ | |
| # | |
| # With Ksearch you have a simple way to integrate Koodous search into | |
| # any of your python projects. This gives you the ability to quickly | |
| # crowdsource the analysis of potentially malicious Android files. | |
| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| ####################################################################### | |
| # Kalert provides a simple Slack alert integration for the amazing Koodous | |
| # platform: https://koodous.com/ | |
| # | |
| # Simply add your TOKEN and your SLACK url to the script and setup | |
| # a cronjob to run the script ever 5min or whatever you want. | |
| # | |
| # Example: |
herrcore
/ HummingBad.txt
Created
July 5, 2016 20:08
Koodous links for apps matching IOCs from CheckPoint "HummingBad" report (http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://analyst.koodous.com/apks/52c073ef52312049182773b3c4f3d275b2f3419e8d16d3dbdb5ed3446c09b439 | |
| https://analyst.koodous.com/apks/323d0c5ab28124361c96f2d337b2576216e076ab0e7cbc8cf981acae15916ee2 | |
| https://analyst.koodous.com/apks/dc6d831b8bd96623aef593b255a47fdc97460d7417b90478a55ea6a952b33344 | |
| https://analyst.koodous.com/apks/d337438242724d59183f769845733fc9d514b17512970c87a6a9f45547a00ee6 | |
| https://analyst.koodous.com/apks/b86c18b8c948c92966a998ede389c78c99c8f5e69779d2184fdce2a7974615b8 | |
| https://analyst.koodous.com/apks/a922f8990952c9635fb649dd735056999b0d1374f50ade15e2408d2be8a20057 | |
| https://analyst.koodous.com/apks/32a25f2f339b70601a33d5577a65424eca25e526222067699702f406be9aa027 | |
| https://analyst.koodous.com/apks/98a01bd62210bf1c818ecf64acb55fd3758a892310beaf4df28565f7df063d83 | |
| https://analyst.koodous.com/apks/cc294653372db1df592b597e4d88bdc8eb834edad9833637cff3be676f18efff | |
| https://analyst.koodous.com/apks/cb04a042013c72cebdce3dedc0c3b69ac32adb0415dd17474a4f5d05069e704a |
herrcore
/ quick_ioctl_decoder.py
Created
August 14, 2016 02:53
IDA Python plugin - Decode IOCTL Codes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################################ | |
| ## | |
| ## Quick IOCTL Decoder! | |
| ## | |
| ## All credit for actual IOCTL decode logic: | |
| ## http://www.osronline.com/article.cfm?article=229 | |
| ## | |
| ## | |
| ## To install: | |
| ## Copy script into plugins directory, i.e: C:\Program Files\IDA 6.8\plugins |
herrcore
/ asprox_id.ps1
Created
September 12, 2016 02:38
Use host specific attributes to generate asprox ID and ID_Key unique to host.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Generate asprox ID and ID_Key. | |
| .DESCRIPTION | |
| Use host specific attributes to generate asprox ID and ID_Key unique to host. | |
| .NOTES | |
| File Name : asprox_id.ps1 | |
| Author : @herrcore | |
| Prerequisite : PowerShell V2 over Vista and upper. | |
| #> |
OlderNewer