Josh Grunzweig jgrunzweig
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am jgrunzweig on github. | |
| * I am jgrunz (https://keybase.io/jgrunz) on keybase. | |
| * I have a public key ASCT9na91k4AcGgP_0Ir3l4Fqf0VBAJ0oMNzF0eZh4SCTgo | |
| To claim this, I am signing this object: |
jgrunzweig
/ gist:dae85fa3ce76e920df3ffdf20e5d24df
Created
May 8, 2019 12:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Download yara | |
| https://github.com/virustotal/yara/releases/tag/v3.10.0 (or similar URL) | |
| Install yara | |
| ./bootstrap.sh | |
| ./configure --enable-cuckoo --enable-magic --enable-dotnet | |
| make | |
| sudo make install |
jgrunzweig
/ gist:52f4f6989652c930ae8f
Created
January 8, 2015 19:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Install-Immunity($path) | |
| { | |
| Write-Host "Installing Immunity" | |
| Write-Host $path | |
| $p = Start-Process $path | |
| Sleep 5; | |
| $wshell = New-Object -ComObject wscript.shell; | |
| $wshell.AppActivate('Immunity Debugger Setup'); | |
| $wshell.SendKeys('~'); | |
| Sleep 5; |
jgrunzweig
/ gist:d37ea9033eb05dd76fa6
Last active
August 29, 2015 14:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'sinatra' | |
| require 'net/scp' | |
| get '/provision' do | |
| file = 'CONFIGS!....txt' | |
| f = File.new(file, 'w') | |
| f.write(params[:ip]) | |
| f.write('other stuff') | |
| f.close | |
| Net::SCP.upload!("remote.host.com", "username", file, "/remote/path", :ssh => { :password => "password" }) |
jgrunzweig
/ gist:7840987
Created
December 7, 2013 13:08
VBS - https://www.virustotal.com/en/file/688b80289a0c3771c7cee689c50a61b1c5215e8e5ac39a1120b3c7e4f4ada002/analysis/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| OPTION EXPLICIT | |
| DIM CRLF, TAB | |
| DIM strServer | |
| DIM objWebService | |
| DIM WebSvcObj | |
| dim webID | |
| dim DllName | |
| dim strScriptMap |