scusi
/ gifExeExtract.go
Created
March 30, 2017 13:49
extract payload exe from downloaded gif as Trojan-Ransom.Win32.Foreign does
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "bytes" | |
| "container/ring" | |
| "encoding/hex" | |
| "flag" | |
| "fmt" | |
| "io/ioutil" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // tool that uses my bpjm library to load and parse a BPJM File from a FritzBox | |
| package main | |
| import( | |
| "github.com/scusi/bpjm" | |
| "fmt" | |
| "os" | |
| ) | |
| func main(){ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // go library to scope with the BPjM Censorship list | |
| package Bpjm | |
| import ( | |
| "net/url" | |
| "regexp" | |
| "crypto/md5" | |
| "strings" | |
| "bytes" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // parse a FritzBox Bpjm File | |
| package main | |
| import ( | |
| "os" | |
| "fmt" | |
| "bytes" | |
| "io" | |
| "io/ioutil" |
scusi
/ dns_xor.go
Last active
August 29, 2015 14:08
encode/decode FrameworkPOS Malware DNS exfiltrated data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // domain data encoding/decoding algo for FrameworkPOS Malware DNS-Tunneling Variant, | |
| // as described on: | |
| // https://blog.gdata.de/artikel/neue-variante-von-frameworkpos-schoepft-daten-ueber-dns-anfragen-ab/ | |
| // | |
| package main | |
| import( | |
| "fmt" | |
| "os" |
scusi
/ ConvertBinaryBpjmData.sh
Last active
August 29, 2015 14:07
convert binary bpjm data from FritzBox routers into text files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # USAGE: | |
| # $> ./ConvertBinaryBpjmData.sh bpjm.data | |
| # | |
| RAWFILE=$1 | |
| OUTFILE=`strings $RAWFILE | head -n 1` | |
| od -t x1 -An -j 64 $RAWFILE | tr -d '\n ' > $OUTFILE |
NewerOlder