psrok1
/ emotet-doc.py
Created
May 17, 2019 13:29
URL unpacker from documents with malicious macros sent by Emotet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Needs oledump.py in the same directory (download from https://raw.githubusercontent.com/DidierStevens/DidierStevensSuite/master/oledump.py) | |
| and olefile (pip install olefile) | |
| Usage: python2 emotet-doc.py [doc path] | |
| """ | |
| import base64 | |
| import re | |
| import sys |
alexjebens
/ ghost-network-adapters-powershell.ps1
Last active
January 22, 2023 22:55
Remove Ghost Network Adapters with PowerShell only
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $T = @" | |
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace Win32 | |
| { | |
| public static class SetupApi | |
| { | |
| // 1st form using a ClassGUID only, with Enumerator = IntPtr.Zero |