Skip to content

Instantly share code, notes, and snippets.

View pedramamini's full-sized avatar
👋

Pedram Amini pedramamini

👋
View GitHub Profile
@pedramamini
pedramamini / chrome_fetch.py
Last active March 27, 2024 21:41
CLI tool and library for fetching content via Chrome driven by Selenium. Has some tricks up its sleeve to evade mechanized browser detection.
"""
CLI tool and library for fetching content via Chrome driven by Selenium. Has some tricks up its sleeve to evade
mechanized browser detection.
Pedram Amini
https://pedramamini.com
Requirements:
pip install selenium
pip install webdriver_manager
@seth1002
seth1002 / decrypt_emotet_string.py
Created September 16, 2019 05:09
Decrypt Emotet Stirng
from __future__ import print_function
import idc
import idaapi
import idautils
import flare_emu
import unicorn
# test sample https://www.virustotal.com/gui/file/c7a9609c212f275415e678ac7452f19aa9fbc39f9c1fd2708f43629edfd28a3e/detection
decrypted_blocks = []
import re
import argparse
def deobfuscate(input_str):
regex_str = r"[\(\{]\s*\"(?P<format>[^\)]*?)\"\s*\-f\s*(?P<params>.*?)[\)\}]"
regex = re.compile(regex_str, re.MULTILINE | re.IGNORECASE)
for match in reversed(list(regex.finditer(input_str))):
format_str = match.group('format')
@wdormann
wdormann / disable_ddeauto.reg
Last active June 6, 2023 09:07
Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options]
"DontUpdateLinks"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options]
"DontUpdateLinks"=dword:00000001
@williballenthin
williballenthin / yara_fn.py
Last active December 4, 2020 05:25
generate a yara rule that matches the basic blocks of the current function in IDA Pro
'''
IDAPython script that generates a YARA rule to match against the
basic blocks of the current function. It masks out relocation bytes
and ignores jump instructions (given that we're already trying to
match compiler-specific bytes, this is of arguable benefit).
If python-yara is installed, the IDAPython script also validates that
the generated rule matches at least one segment in the current file.
author: Willi Ballenthin <william.ballenthin@fireeye.com>
dynu.com
dyn.com
no-ip.com
noip.com
changeip.com
afraid.org
duckdns.org
dnsdynamic.org
duiadns.net
myonlineportal.com
@neu5ron
neu5ron / dynamic-dns.txt
Last active September 10, 2022 10:08
This list has moved to the repo https://github.com/neu5ron/dynamic_dns_lists
3d-game.com #dtdns.com
4irc.com #dtdns.com
b0ne.com #dtdns.com
bbsindex.com #dtdns.com
chatnook.com #dtdns.com
darktech.org #dtdns.com
deaftone.com #dtdns.com
dtdns.net #dtdns.com
effers.com #dtdns.com
etowns.net #dtdns.com