Skip to content

Instantly share code, notes, and snippets.

View hiddenillusion's full-sized avatar

Glenn hiddenillusion

192 followers · 27 following
View GitHub Profile
@dalethedeveloper
dalethedeveloper / gist:1503252
Created December 20, 2011 21:00
Mobile Device Detection via User Agent RegEx

#Mobile Device Detection via User Agent RegEx

Yes, it is nearly 2012 and this exercise has been done to death in every imaginable language. For my own purposes I needed to get the majority of non-desktop devices on to a trimmed down, mobile optimized version of a site. I decided to try and chase down an up-to-date RegEx of the simplest thing that could possibly work.

I arrived at my current solution after analyzing 12 months of traffic over 30+ US based entertainment properties (5.8M+ visitors) from Jan - Dec 2011.

The numbers solidified my thoughts on the irrelevancy of including browsers/OSes such as Nokia, Samsung, Maemo, Symbian, Ipaq, Avant, Zino, Bolt, Iris, etc. The brass tacks of the matter is that you certainly could support these obscure beasts, but are you really going to test your site on them? Heck, could you even find one?! Unless the folks that pay you are die hard Treo users my guess is "No".

Interestingly enough my research shows that /Mobile/ is more efficient than **/iP(

@danzek
danzek / mapGPSv1.py
Last active January 25, 2024 22:38
X-Ways Python X-Tension: Plot EXIF location data in a KML file
# Extracts GPS coordinates from images in X-Ways Forensic software and creates a KML file plotting
# the location data that can be opened in Google Earth.
#
# Using public code for extracting GPS EXIF data from https://gist.github.com/moshekaplan/5330395
# based on original code at https://gist.github.com/erans/983821 using PIL 1.1.7 library
#
# Copyright (c) 2013 Dan O'Day. All rights reserved. https://code.google.com/p/digital0day/
# This software distributed under the Eclipse Public License 1.0 (EPL-1.0)
# http://www.opensource.org/licenses/EPL-1.0
#
@Neo23x0
Neo23x0 / yara_performance_guidelines.md
Last active April 30, 2024 10:39
YARA Performance Guidelines

This Gist has been transfered into a Github Repo. You'll find the most recent version here.

YARA Performance Guidelines

When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.

  • Revision 1.4, October 2020, applies to all YARA versions higher than 3.7
@davehull
davehull / Resolve-KnownFolderGUID
Last active January 30, 2024 10:16
Need to resolve a Windows "known folder guid" to it's human-readable value?
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True,Position=0)]
[String]$GUID
)
function Resolve-KnownFolderGuid {
Param(
[Parameter(Mandatory=$True,Position=0)]
[String]$GUID
@dfirfpi
dfirfpi / w10pfdecomp.py
Last active May 4, 2024 08:17
Windows 10 Prefetch (native) Decompress
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright 2015, Francesco "dfirfpi" Picasso <francesco.picasso@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
@atcuno
atcuno / gist:3425484ac5cce5298932
Last active March 25, 2024 13:55
HowTo: Privacy & Security Conscious Browsing

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents

@herrcore
herrcore / disk_serial_extractor.py
Created August 24, 2015 17:31
Extract the disk serial number from the SOFTWARE hive
#!/usr/bin/env python
#######################################################################
##
## Extract the disk serial number from the SOFTWARE hive
##
#######################################################################
__AUTHOR__ = '@herrcore'
import datetime
@clong
clong / osquery.conf
Created September 1, 2015 18:30
{
"options": {
"config_plugin": "filesystem",
"logger_plugin": "filesystem",
"host_identifier": "hostname",
"event_pubsub_expiry": "86000",
"debug": "false",
"verbose_debug": "false",
"worker_threads": "4",
"schedule_splay_percent": 10
@mattifestation
mattifestation / WMI_attack_detection.ps1
Last active March 16, 2021 23:02
BlueHat 2016 - WMI attack detection demo
#region Scriptblocks that will execute upon alert trigger
$LateralMovementDetected = {
$Event = $EventArgs.NewEvent
$EventTime = [DateTime]::FromFileTime($Event.TIME_CREATED)
$MethodName = $Event.MethodName
$Namespace = $Event.Namespace
$Object = $Event.ObjectPath
$User = $Event.User
@mattifestation
mattifestation / Example_WMI_Detection_EventLogAlert.ps1
Created January 14, 2016 21:53
An example of how to use permanent WMI event subscriptions to log a malicious action to the event log
# Define the signature - i.e. __EventFilter
$EventFilterArgs = @{
EventNamespace = 'root/cimv2'
Name = 'LateralMovementEvent'
Query = 'SELECT * FROM MSFT_WmiProvider_ExecMethodAsyncEvent_Pre WHERE ObjectPath="Win32_Process" AND MethodName="Create"'
QueryLanguage = 'WQL'
}
$InstanceArgs = @{
Namespace = 'root/subscription'