lucam luca-m
luca-m
/ virustotal_upload
Created
May 26, 2014 19:01
Upload a sample to VirusTotal and pretty print the report. All in a handy alias.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Upload a sample to VirusTotal and pretty print the report. All in a handy alias. | |
| # | |
| # Dependecies: | |
| # | |
| # * python > 2.7 | |
| # * pip install Pygments==1.4 | |
| # * curl | |
| # * VirusTotal API key | |
| # |
luca-m
/ gen_macro_doc.ps1
Created
January 24, 2015 10:16
Generate a malicious Microsoft Office document with a specified payload and persistence method (https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Coded by Matt Nelson (@enigma0x3) | |
| <# | |
| .SYNOPSIS | |
| Standalone Powershell script that will generate a malicious Microsoft Office document with a specified payload and persistence method | |
| .DESCRIPTION | |
| This script will generate malicious Microsoft Excel Documents that contain VBA macros. This script will prompt you for your attacking IP | |
| (the one you will receive your shell at), the port you want your shell at, and the name of the document. From there, the script will then | |
| display a menu of different attacks, all with different persistence methods. Once an attack is chosen, it will then prompt you for your payload type | |
| (Only HTTP and HTTPS are supported). |
luca-m
/ sam-template.yaml
Last active
June 26, 2023 09:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Transform: 'AWS::Serverless-2016-10-31' | |
| Description: "This is an AWS Lambda function that collects CloudWatch logs and sends them to Logz.io in bulk, over HTTP." | |
| Parameters: | |
| logzioListener: | |
| Type: "String" | |
| Description: "The Logz.io listener URL for your region. You can find explanations here: https://docs.logz.io/user-guide/accounts/account-region.html" | |
| Default: "" | |
| logzioToken: |
luca-m
/ generateYara.sh
Last active
March 27, 2023 13:32
generateYara.sh A script to automatically generate Yara rule using Binlex (https://github.com/c3rb3ru5d3d53c/binlex)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ## | |
| ## Script to automatically generate Yara rule using Binlex (https://github.com/c3rb3ru5d3d53c/binlex). | |
| ## It will output a .yar file suitable to be loaded on yaraify. | |
| ## | |
| ## Usage: | |
| ## | |
| ## ./generateYara.sh "RUNELANE" "FILEPATH" "TYPE" "NTRAITS" | |
| ## Parameters: | |
| ## RULENAME the name of the rule |
luca-m
/ makop_rdp_guessing_pwd.list
Created
March 14, 2023 13:16
Password list in use by Makop ransomware Gang
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %domain% | |
| %Domain% | |
| %username% | |
| %null% | |
| %username%1 | |
| %username%12 | |
| %username%123 | |
| %username%1234 | |
| %username%12345 | |
| %username%123456 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Query for Outbound SMTP, SMTPS, STARTLS and SSH communications | |
| dst.port.number in (587,465,25,2525,22) | |
| | let rfc1918 = not ($dst.ip.address matches "((127\\..*)|(192\\.168\..*)|(10\\..*)|(172\\.1[6-9]\\..*)|(172\\.2[0-9]\\..*)|(172\\.3[0-1]\\..*)).*") | |
| | filter rfc1918 = true | |
| | group hits = count(src.process.name), endpoints = hacklist(endpoint.name) by dst.ip.address, dst.port.number | |
| | sort -endpoints |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * ESPIO payload decryption utility | |
| * Author: @luc4m | |
| * | |
| * Compile with g++ ./espiod espiod.cpp | |
| * Usage: | |
| * ./espiod KEYFILE ENCRYPTEDPAYLOADFILE | |
| * it outputs the decrypted file on "plaintext.bin" | |
| * | |
| * References: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ---------------------------------------------------------------------- | |
| # Radare2 | |
| # (Quick n'dirty) Cheat-Sheet | |
| # lucam.ko@gmail.com | |
| # ---------------------------------------------------------------------- | |
| # See http://radare.org/doc/html/contents.html for details | |
| # ---------------------------------------------------------------------- | |
| # MISC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # >>> ACCESS TO ALL CLASSES --------------------------------------------------- | |
| ().__class__.__bases__[0].__subclasses__() | |
| # >>> INSTIANTIATE NEW OBJECTS ------------------------------------------------ | |
| [].__class__.__class__.__new__( <TYPE> , <SUBTYPE> ) | |
| [c for c in ().__class__.__base__.__subclasses__() if c.__name__ == '<CLASSNAME>'][0]() |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"8":6,"15":"oORv7\/ATbKyQyfXwMEjUq6PuAaIx\/Dsatp+yrExUEfreI0PCPIjH203QqddJnWtTGYyK6BvyZEH3xn01GbN5okINgI5dmiok31+QLyKax3TH3DomHnElG5vIo+Us8uBKFsNXNrWvbo++sEfYR1Ag6XiYWwawLZnX32SGTxxnoUJM37fAGB4MdqN16GkjIQ+XCPnw7\/XaBZQYXXFJ3bkkZMIK3Nofps4tOk6mNmQJ55Q3YTlEettVIDAsLb\/q0KMQQ3dJQdvvo3Af4r2c9PLT8Sxhw9T7UnoDHCgOJjj2KYj9mbLeoFZ7rq\/IN0FY96gVE6iP6rPoGl1+NAJgDG00WA==","16":1562511178,"18":1,"19":19,"20":["TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABZwncQHaMZQx2jGUMdoxlDFNuMQxKjGUMU251DBaMZQxTbmkNLoxlDFNuKQwyjGUMdoxhDbKMZQx2jGUMcoxlDEPHCQxyjGUMQ8cdDHKMZQ1JpY2gdoxlDAAAAAAAAAABQRQAATAEHAG2pIF4AAAAAAAAAAOAAAwELAQcAAFACAABYAAAAAAAAIzkBAAAQAAAAUAIAAABAAAAQAAAAEAAABQAAAAUAAAAFAAAAAAAAAAAgDgAAEAAAAAAAAAIAAIEAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAKRhBADmAAAAABAOAJgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAEgAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAIA5AEAAAAAAAAAAAAAAAAAAAAAAAAA |
NewerOlder