This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Upload a sample to VirusTotal and pretty print the report. All in a handy alias. | |
# | |
# Dependecies: | |
# | |
# * python > 2.7 | |
# * pip install Pygments==1.4 | |
# * curl | |
# * VirusTotal API key | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Coded by Matt Nelson (@enigma0x3) | |
<# | |
.SYNOPSIS | |
Standalone Powershell script that will generate a malicious Microsoft Office document with a specified payload and persistence method | |
.DESCRIPTION | |
This script will generate malicious Microsoft Excel Documents that contain VBA macros. This script will prompt you for your attacking IP | |
(the one you will receive your shell at), the port you want your shell at, and the name of the document. From there, the script will then | |
display a menu of different attacks, all with different persistence methods. Once an attack is chosen, it will then prompt you for your payload type | |
(Only HTTP and HTTPS are supported). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: '2010-09-09' | |
Transform: 'AWS::Serverless-2016-10-31' | |
Description: "This is an AWS Lambda function that collects CloudWatch logs and sends them to Logz.io in bulk, over HTTP." | |
Parameters: | |
logzioListener: | |
Type: "String" | |
Description: "The Logz.io listener URL for your region. You can find explanations here: https://docs.logz.io/user-guide/accounts/account-region.html" | |
Default: "" | |
logzioToken: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## | |
## Script to automatically generate Yara rule using Binlex (https://github.com/c3rb3ru5d3d53c/binlex). | |
## It will output a .yar file suitable to be loaded on yaraify. | |
## | |
## Usage: | |
## | |
## ./generateYara.sh "RUNELANE" "FILEPATH" "TYPE" "NTRAITS" | |
## Parameters: | |
## RULENAME the name of the rule |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
%domain% | |
%Domain% | |
%username% | |
%null% | |
%username%1 | |
%username%12 | |
%username%123 | |
%username%1234 | |
%username%12345 | |
%username%123456 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Query for Outbound SMTP, SMTPS, STARTLS and SSH communications | |
dst.port.number in (587,465,25,2525,22) | |
| let rfc1918 = not ($dst.ip.address matches "((127\\..*)|(192\\.168\..*)|(10\\..*)|(172\\.1[6-9]\\..*)|(172\\.2[0-9]\\..*)|(172\\.3[0-1]\\..*)).*") | |
| filter rfc1918 = true | |
| group hits = count(src.process.name), endpoints = hacklist(endpoint.name) by dst.ip.address, dst.port.number | |
| sort -endpoints |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* ESPIO payload decryption utility | |
* Author: @luc4m | |
* | |
* Compile with g++ ./espiod espiod.cpp | |
* Usage: | |
* ./espiod KEYFILE ENCRYPTEDPAYLOADFILE | |
* it outputs the decrypted file on "plaintext.bin" | |
* | |
* References: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ---------------------------------------------------------------------- | |
# Radare2 | |
# (Quick n'dirty) Cheat-Sheet | |
# lucam.ko@gmail.com | |
# ---------------------------------------------------------------------- | |
# See http://radare.org/doc/html/contents.html for details | |
# ---------------------------------------------------------------------- | |
# MISC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# >>> ACCESS TO ALL CLASSES --------------------------------------------------- | |
().__class__.__bases__[0].__subclasses__() | |
# >>> INSTIANTIATE NEW OBJECTS ------------------------------------------------ | |
[].__class__.__class__.__new__( <TYPE> , <SUBTYPE> ) | |
[c for c in ().__class__.__base__.__subclasses__() if c.__name__ == '<CLASSNAME>'][0]() |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"8":6,"15":"oORv7\/ATbKyQyfXwMEjUq6PuAaIx\/Dsatp+yrExUEfreI0PCPIjH203QqddJnWtTGYyK6BvyZEH3xn01GbN5okINgI5dmiok31+QLyKax3TH3DomHnElG5vIo+Us8uBKFsNXNrWvbo++sEfYR1Ag6XiYWwawLZnX32SGTxxnoUJM37fAGB4MdqN16GkjIQ+XCPnw7\/XaBZQYXXFJ3bkkZMIK3Nofps4tOk6mNmQJ55Q3YTlEettVIDAsLb\/q0KMQQ3dJQdvvo3Af4r2c9PLT8Sxhw9T7UnoDHCgOJjj2KYj9mbLeoFZ7rq\/IN0FY96gVE6iP6rPoGl1+NAJgDG00WA==","16":1562511178,"18":1,"19":19,"20":["TVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABZwncQHaMZQx2jGUMdoxlDFNuMQxKjGUMU251DBaMZQxTbmkNLoxlDFNuKQwyjGUMdoxhDbKMZQx2jGUMcoxlDEPHCQxyjGUMQ8cdDHKMZQ1JpY2gdoxlDAAAAAAAAAABQRQAATAEHAG2pIF4AAAAAAAAAAOAAAwELAQcAAFACAABYAAAAAAAAIzkBAAAQAAAAUAIAAABAAAAQAAAAEAAABQAAAAUAAAAFAAAAAAAAAAAgDgAAEAAAAAAAAAIAAIEAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAKRhBADmAAAAABAOAJgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAEgAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAIA5AEAAAAAAAAAAAAAAAAAAAAAAAAA |
NewerOlder