This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# netsec_planes's boxstarter script | |
#---TEMPORARY--- | |
Write-Host "Temporarily disabling User Account Control..." | |
Disable-UAC | |
#---WINDOWS SETTINGS--- | |
# THUMBNAIL CACHE / EXPLORER PRIVACY OPTIONS |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
break *0x000338d4 | |
commands | |
eval "dump binary memory mod_%x.bin 0x%x 0x%x+0x%x", $l4, $o1, $o1, $o2 | |
cont | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-----BEGIN PGP PUBLIC KEY BLOCK----- | |
Comment: This is a revocation certificate | |
iQI2BCABCgAgFiEEY5As5K2vf8AY8UxkrAXSzQ4q2UkFAmTkJsoCHQAACgkQrAXS | |
zQ4q2UlhRxAAuNQ8O/ArbqnJtDrUA9X4KOSNc60z2rPygFHSp4/4qiTOFu7BDu3W | |
6ok3xotVWEoOiCkR89Dt2vq21nN/ViXPZc+qefni/eJ2PIFMc1miQryHr3YjUDX5 | |
/4c0wiBuro7a7H/GvAyZBCygBBqBxxn4mIe6iJU7Yoa5WrOMFUsgQX77k/fq11qd | |
rF6yJ68k/xKRWAcwbZjQ331wLI3XRL6qCU+4BzIMnk1aBtn1h5das6WXe8enTLjL | |
bjTyISdllPmBjJo74GKCK5NhoMyzLkQYyxTR73m77G/X4s/jSy//n0C0mvkQcfeR | |
oWvLguomnWwlwO55g+zgoY1yn7cCvhn8LNGh7IgodnkZxM2LRADInNmwOf9m2Uae |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-----BEGIN PGP PUBLIC KEY BLOCK----- | |
mDMEZPegPBYJKwYBBAHaRw8BAQdAMKlWOlG9MeDG4IatED/GI5De6tewXWBleWEK | |
G3y+Zjy0LENsYXl0b24gR2lsbWVyIDxjbGF5dG9uZ2lsbWVyMjRAb3V0bG9vay5j | |
b20+iJAEExYIADgWIQQnr6nva9Porksq8cOPaXFSqVb0/QUCZPegPAIbAQULCQgH | |
AgYVCgkICwIEFgIDAQIeAQIXgAAKCRCPaXFSqVb0/ZfMAQC65abLQPv78skfZpps | |
jhxlC3XtnmeUbeGRyqKh1KEbiwEAu/c755Ec9UCFKKtvAl0duRe8cUTQ+tL4sJcB | |
WDsyNw24MwRk96CKFgkrBgEEAdpHDwEBB0A1djrtGsaLLKm/yyPqgvmmOfJnU1UY | |
rq8UoNh6AcCLjYj1BBgWCAAmFiEEJ6+p72vT6K5LKvHDj2lxUqlW9P0FAmT3oIoC | |
GwIFCQHhM4AAgQkQj2lxUqlW9P12IAQZFggAHRYhBCTdAETGhVRk64BHPUaSUkZF |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
""" | |
Extracts "burned-in" virtual filesystem objects (including plugins and | |
configuration data) from an EQGRP StraitBizarre sample: | |
https://www.virustotal.com/gui/file/f0285338e59322079bafe5780e1a26ef0d5d62cc0138b0725bd7a37084d03204 | |
Author: netadr | |
Date: 2024-06-29 | |
""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Deobfuscates log messages present in EQGRP StraitBizarre samples. | |
To use this plugin, you must label the logging function (0x7fff2a3f8d10 in | |
f0285338e59322079bafe5780e1a26ef0d5d62cc0138b0725bd7a37084d03204) `sbz_log`. | |
Author: netadr | |
Date: 2024-06-30 | |
""" | |
import binaryninja |