This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import re | |
import os,sys | |
import pefile | |
import struct | |
import zipfile | |
import hashlib | |
import StringIO | |
from Crypto import Random | |
from Crypto.PublicKey import RSA | |
from Crypto.Cipher import PKCS1_v1_5,AES |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
IDAPython script that generates a YARA rule to match against the | |
basic blocks of the current function. It masks out relocation bytes | |
and ignores jump instructions (given that we're already trying to | |
match compiler-specific bytes, this is of arguable benefit). | |
If python-yara is installed, the IDAPython script also validates that | |
the generated rule matches at least one segment in the current file. | |
author: Willi Ballenthin <william.ballenthin@fireeye.com> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ******************************************************************************** | |
# | |
# Script Name: DangItBobby.ps1 | |
# Version: 1.0.0 | |
# Author: bluesoul <https://bluesoul.me> | |
# Date: 2016-04-06 | |
# Applies to: Domain Environments | |
# | |
# Description: This script searches for a specific, logged on user on all or | |
# specific Computers by checking the process "explorer.exe" and its owner. It |