Skip to content

Instantly share code, notes, and snippets.

View oct-6's full-sized avatar

Curtis Fechner oct-6

1 follower · 2 following
View GitHub Profile
@mak
mak / wcr.py
Last active October 28, 2018 21:09
Extract everything from WannaCry
import re
import os,sys
import pefile
import struct
import zipfile
import hashlib
import StringIO
from Crypto import Random
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5,AES
@williballenthin
williballenthin / yara_fn.py
Last active December 4, 2020 05:25
generate a yara rule that matches the basic blocks of the current function in IDA Pro
'''
IDAPython script that generates a YARA rule to match against the
basic blocks of the current function. It masks out relocation bytes
and ignores jump instructions (given that we're already trying to
match compiler-specific bytes, this is of arguable benefit).
If python-yara is installed, the IDAPython script also validates that
the generated rule matches at least one segment in the current file.
author: Willi Ballenthin <william.ballenthin@fireeye.com>
@danieltharp
danieltharp / DangItBobby.ps1
Created April 6, 2016 22:14
PowerShell script to find where a user is logged into on the network and disable their NIC.
# ********************************************************************************
#
# Script Name: DangItBobby.ps1
# Version: 1.0.0
# Author: bluesoul <https://bluesoul.me>
# Date: 2016-04-06
# Applies to: Domain Environments
#
# Description: This script searches for a specific, logged on user on all or
# specific Computers by checking the process "explorer.exe" and its owner. It