Pedram Amini pedramamini
👋
pedramamini
/ disable_ddeauto.reg
Created
October 20, 2017 03:41
— forked from wdormann/disable_ddeauto.reg
Disable DDEAUTO for Outlook, Word, and Excel versions 2010, 2013, 2016
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 | |
| [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options] | |
| "DontUpdateLinks"=dword:00000001 |
pedramamini
/ yara_fn.py
Created
August 19, 2016 13:41
— forked from williballenthin/yara_fn.py
generate a yara rule that matches the basic blocks of the current function in IDA Pro
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| IDAPython script that generates a YARA rule to match against the | |
| basic blocks of the current function. It masks out relocation bytes | |
| and ignores jump instructions (given that we're already trying to | |
| match compiler-specific bytes, this is of arguable benefit). | |
| If python-yara is installed, the IDAPython script also validates that | |
| the generated rule matches at least one segment in the current file. | |
| author: Willi Ballenthin <william.ballenthin@fireeye.com> |