1) Filter Table
Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.
# These are the demos I delivered at Ignite for BRK3179 - PowerShell 7 | |
# Not all of them are intended be run as-is, as they may require some dependency | |
# or be intended to showcase a more complex point (e.g. the AzVM example on &&) | |
# Those that were executed in the presentation were run with 7.0-preview.5 on the latest Windows 10 | |
#region ETW Provider Definitions | |
$Providers = @("OAlerts","PowerShellCore/Operational","Microsoft-Windows-WMI-Activity/Operational","Microsoft-Windows-WLAN-AutoConfig/Operational","Microsoft-Windows-Wired-AutoConfig/Operational","Microsoft-Windows-WinRM/Operational","Microsoft-Windows-Winlogon/Operational","Microsoft-Windows-WinINet-Config/ProxyConfigChanged","Microsoft-Windows-WindowsUpdateClient/Operational","Microsoft-Windows-WindowsSystemAssessmentTool/Operational","Microsoft-Windows-Windows Firewall With Advanced Security/Firewall","Microsoft-Windows-Windows Defender/Operational","Microsoft-Windows-WFP/Operational","Microsoft-Windows-WebAuthN/Operational","Microsoft-Windows-W |
olevba 0.54.2 on Python 3.7.3 - http://decalage.info/python/oletools | |
=============================================================================== | |
FILE: a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740 | |
Type: OpenXML | |
------------------------------------------------------------------------------- | |
VBA MACRO ThisWorkbook.cls | |
in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook' | |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |
(empty macro) | |
------------------------------------------------------------------------------- |
## uploaded by @JohnLaTwC | |
https://www.virustotal.com/en/file/0c30d700b131246e302ff3da1c4180d21f4650db072e287d1b9d477fe88d312f/analysis/ | |
https://docs.microsoft.com/en-us/windows/desktop/api/wininet/nf-wininet-internetconnecta | |
void InternetConnectA( | |
HINTERNET hInternet, | |
LPCSTR lpszServerName, | |
INTERNET_PORT nServerPort, | |
LPCSTR lpszUserName, | |
LPCSTR lpszPassword, | |
DWORD dwService, |
//Base64 Raw Decoder | |
function Base64Decode(str) { | |
if (!(/^[a-z0-9+/]+={0,2}$/i.test(str)) || str.length%4 != 0) throw Error('Not base64 string'); | |
var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; | |
var o1, o2, o3, h1, h2, h3, h4, bits, d=[]; | |
for (var c=0; c<str.length; c+=4) { // unpack four hexets into three octets |
[version] | |
Signature=$chicago$ | |
AdvancedINF=2.5 | |
[DefaultInstall_SingleUser] | |
RegisterOCXs=RegisterOCXSection | |
[RegisterOCXSection] | |
C:\Users\test.PENTESTLAB\pentestlab.dll |
1) Filter Table
Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.
;cmstp.exe /s cmstp.inf | |
[version] | |
Signature=$chicago$ | |
AdvancedINF=2.5 | |
[DefaultInstall_SingleUser] | |
UnRegisterOCXs=UnRegisterOCXSection | |
[UnRegisterOCXSection] |
BinText / strings / strings2 / bstrings | |
Process Monitor | |
Process Hacker | |
Autoruns | |
PEiD | |
Regshot | |
LordPE | |
Ollydbg | |
IDA Pro/FREE | |
WireShark |
import idautils | |
import idaapi | |
def memdump(ea, size, file): | |
data = idc.GetManyBytes(ea, size) | |
with open(file, "wb") as fp: | |
fp.write(data) | |
print "Memdump Success!" |