- Name: Nyong Coin
- Author: extr
- Category: Forensics
- Point: 140
- Download: https://1drv.ms/u/s!At0nZXK3fObIgoQAMtilBAZd017Klg?e=7VKBqz
- Scenario
iidx
/ tweet_remover.py
Created
November 18, 2021 15:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import twitter | |
| api = twitter.Api(consumer_key='', | |
| consumer_secret='', | |
| access_token_key='', | |
| access_token_secret='') | |
| with open("tweet.js", encoding="utf8") as f: | |
| tweets = json.loads(f.read()) | |
| for tweet in tweets: | |
| api.DestroyStatus(tweet['tweet']['id']) |
iidx
/ pbctf_vaccine_stealer.md
Last active
April 1, 2024 13:42
[PBCTF 2020] Vaccine Stealer Write-up
- Challenge Author: extr(@bemusicscript)
- Download Link: https://drive.google.com/file/d/10XZD5S2FCdPyugSvoIkWD8s3pH20hQS2/view
- Solver: 2
An employee's PC at a COVID-19 vaccine manufacturer was infected with a malware.
iidx
/ 2020 BingoCTF - Disassembled Solution.md
Last active
November 14, 2020 05:46
To solve the problem, focus on what malware did to the registry after 2020 November 7 14:00 (UTC+9) .Therefore, it is intended to be found using the 'last modification time' of the subkey.
문제를 해결하기 위해선, 2020년 11월 7일 14시(UTC+9) 시각 이후에 실행된 악성코드가 레지스트리에 어떤 행위를 수행하였는가에 초점을 맞추면 됩니다. 따라서, 레지스트리의 마지막 키 수정 시각을 이용해 찾을 수 있도록 의도하였습니다.
The registry hive file in problem is not analyzed by normal registry analysis tools. the analysis tool should be able to load the registry transaction log file with the hive.
해당 문제의 레지스트리 하이브 파일은 일반적인 레지스트리 분석 도구로 분석되지 않습니다. 분석 도구가 레지스트리 트랜젝션 로그 파일을 하이브와 함께 로딩할 수 있어야합니다.
Registry transaction log files serve as a journal to temporarily store data before it is written to the registry hive. If the registry hive is locked, it cannot be written directly, so use that method. You can check the transaction log format from the following link.
레지스트리 트랙잭션 로그 파일은 데이터가 레지스트리 하이브에 기록되기 전에 임시적으로 데이터를 저장하는 저널 역할을 합니다. 레지스트리 하이브가 잠김 상태일 경우 직접 쓸 수 없기 때문에 해당 방식을 사용합니다. 트랜젝션 로그 형식은 다음 링크에서 확인하실 수 있습니다
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @import "https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700"; | |
| @font-face { | |
| font-family: 'neon_tubes_2regular'; | |
| src: url('/static/font/neontubes2-webfont.woff2') format('woff2'), | |
| url('/static/font/neontubes2-webfont.woff') format('woff'); | |
| font-weight: normal; | |
| font-style: normal; | |
| } |
iidx
/ Keybase.md
Created
May 22, 2020 06:56
I hereby claim:
- I am iidx on github.
- I am extr (https://keybase.io/extr) on keybase.
- I have a public key whose fingerprint is 375E 3646 C3B3 66B6 D354 AB3A 06AA D146 AB5D 8B26
To claim this, I am signing this object:
iidx
/ asdasdasdasdasd
Created
October 12, 2018 13:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AFSEnvironment" : 0, | |
| "AFSUrl" : "https://activity.windows.com", | |
| "ActivityStoreInfo" : [ | |
| { | |
| "active" : true, | |
| "activityStoreId" : "D2A9DE73-67FE-B86E-A51D-C069D0A2EF6A", | |
| "stableUserId" : "98b5534bd174e8e1" | |
| }, | |
| { |
iidx
/ LR2IRLog_20160321224723627927_20160522180636453785.csv
Created
May 28, 2016 12:08
LR2 IR Connection Log (2016-03-21 22:47:23 - 2016-05-22 18:06:36)
We can't make this file beautiful and searchable because it's too large.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Time, Total BMS, Total Player, Now Playing, Total Score | |
| 2016-03-21 22:47:23.627927,225408,78743,175,13876362 | |
| 2016-03-21 22:48:27.966975,225408,78743,170,13876372 | |
| 2016-03-21 22:49:31.414692,225408,78743,166,13876380 | |
| 2016-03-21 22:50:35.234392,225408,78743,161,13876393 | |
| 2016-03-21 22:51:40.339887,225408,78743,164,13876403 | |
| 2016-03-21 22:52:45.966743,225408,78743,162,13876409 | |
| 2016-03-21 22:53:50.267170,225408,78743,157,13876417 | |
| 2016-03-21 22:54:55.721988,225408,78743,165,13876426 | |
| 2016-03-21 22:55:59.270184,225408,78743,160,13876437 |
iidx
/ 아인코딩진짜좆같다.py
Created
April 6, 2016 12:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| import re, json | |
| import urllib2 as u | |
| bmsurl = "http://www.dream-pro.info/~lavalse/LR2IR/search.cgi?mode=ranking&bmsid=" | |
| def urlreq(url): | |
| try: | |
| return u.urlopen(u.Request(url)).read() | |
| except Exception as e: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('b(f("%h%g%2%4%e%5%2%d%1%6%c%0%8%3%1%6%q%0%3%1%7%7%a%o%5%p%i%2%m%4%9%j%0%8%k%0%9%l%1%a%3%n"));',27,27,'30|69|72|3B|28|61|3D|2D|31|22|29|eval|34|20|76|unescape|6F|66|65|32|36|2B|74|7D|7B|6C|3E'.split('|'),0,{})) |
NewerOlder