| Base64 Code | Mnemonic Aid | Decoded* | Description |
|---|---|---|---|
JAB |
🗣 Jabber | $. |
Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env: |
TVq |
📺 Television | MZ |
MZ header |
SUVY |
🚙 SUV | IEX |
PowerShell Invoke Expression |
SQBFAF |
🐣 Squab favorite | I.E. |
PowerShell Invoke Expression (UTF-16) |
SQBuAH |
🐣 Squab uahhh | I.n. |
PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz |
PAA |
💪 "Pah!" | <. |
Often used by Emotet (UTF-16) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - name: Add required dependencies. | |
| apt: | |
| name: | |
| - apt-transport-https | |
| - gnupg2 | |
| state: present | |
| - name: Add Elasticsearch apt key. | |
| apt_key: |
ander94lakx
/ yara_linux_install.sh
Last active
May 3, 2023 00:39
YARA install script for linux systems (with crypto support
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Download YARA (Modify if a different version is needed) | |
| wget https://github.com/VirusTotal/yara/archive/refs/tags/v4.1.2.tar.gz | |
| tar -zxf yara-4.1.2.tar.gz | |
| cd yara-4.1.2 | |
| ./bootstrap.sh | |
| # Prerequisites | |
| sudo apt install automake libtool make gcc pkg-config libssl-dev | |
| # Build with make |
fr0gger
/ DhashIcon.py
Last active
November 30, 2023 11:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| # Thomas Roccia | IconDhash.py | |
| # pip3 install lief | |
| # pip3 install pillow | |
| # resource: https://www.hackerfactor.com/blog/?/archives/529-Kind-of-Like-That.html | |
| import lief | |
| import os | |
| import argparse |
Neo23x0
/ Base64_CheatSheet.md
Last active
March 10, 2024 09:15
Learning Aid - Top Base64 Encodings Table
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*************** | |
| * Simple Process Hollowing in C# | |
| * | |
| * #Build Your Binaries | |
| * c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe Hollowing.cs /unsafe | |
| * | |
| * @author: Michael Gorelik <smgorelik@gmail.com> | |
| * gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75 | |
| * #Most of the code taken from here: @github: github.com/ambray |
The repository for the assignment is public and Github does not allow the creation of private forks for public repositories.
The correct way of creating a private frok by duplicating the repo is documented here.
For this assignment the commands are:
- Create a bare clone of the repository.
(This is temporary and will be removed so just do it wherever.)
git clone --bare git@github.com:usi-systems/easytrace.git
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| obj-m += afw.o | |
| afw-objs := afw_main.o locate_sct.o ttgl.o | |
| ccflags-y := -std=gnu99 -O2 | |
| all: | |
| make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules | |
| clean: | |
| make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean |