Daniel Stinson-Diess shellcromancer
💻
shellcromancer
/ rss-8k-1_05-filings.js
Created
January 21, 2024 18:49
Fetch material cybersecurity incidents
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let Parser = require('rss-parser'); | |
| const url = 'https://www.sec.gov/cgi-bin/browse-edgar?action=getcurrent&CIK=&type=8-K&company=&dateb=&owner=include&start=40&count=40&output=atom' | |
| let parser = new Parser({ | |
| headers: { | |
| 'User-Agent': 'Company Name admin@company.net' | |
| }, | |
| }); | |
| (async () => { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 8507e76362664fe2ed9c9407e237fed900881472abd5fbbaf88d772268836031 | |
| 8604a10bd97099e8e5539eff05c49bc518a774bf8e7c4ef6c36d902f7fdaeb6e | |
| 0e41d3e3b464f3fb8c140340e6a85a376c6c17499dd6bbf7de5940d401b9e71a | |
| 24ace87331051d7d2d83bb9a89781847f47b4c00789c19b5385fce94705c3c40 | |
| 0b9a3b00302faf3297b60fff0714f2db87245a613dcd9849645bffa7c4a3df9b | |
| 82633f6fec78560d657f6eda76d11a57c5747030847b3bc14766cec7d33d42be | |
| 731cf0317f409c5e23411efccc94fe8ebd897f625da300ccb98ad7ff4a12741c | |
| 12f416e67d9cd74ec3488842b9bf61092f35c0ae4de467afaebba2cb3933fc26 | |
| 738c7536ff7dbd95161517658f5438b5f9633ce9baef423a629ea7057a1e0c1b |
shellcromancer
/ binja_go_alpha_folders.py
Created
February 23, 2023 05:29
Add Go folders in the new Binary Ninja similar to the AlphaGolang IDA script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copy of https://github.com/SentineLabs/AlphaGolang/blob/main/3.categorize_go_folders.py | |
| # for Binja with new folders view | |
| folders = {} | |
| def create_folders(): | |
| for function in bv.functions: | |
| folderName = "" | |
| name = function.name | |
| if name.startswith("."): |
shellcromancer
/ xprotect-detections.py
Last active
February 23, 2023 04:10
Run the XProtect.yara ruleset over the Objective-See malware collection.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # author: @shellcromancer | |
| # Day 53 of #100DaysofYARA | |
| import io | |
| import os | |
| import requests | |
| import zipfile | |
| import yara | |
| import logging |
shellcromancer
/ macho_debug_info.txt
Last active
January 27, 2023 14:00
Output from "yara -D info_macho_control_flow.yar ~/malware/macOS/backdoor/greenlambert/GreenLambert/GrowlHelper"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| macho | |
| file | |
| fat_arch | |
| nfat_arch = YR_UNDEFINED | |
| fat_magic = YR_UNDEFINED | |
| stack_size = YR_UNDEFINED | |
| entry_point = 7384 | |
| segments | |
| [0] | |
| segname = "__PAGEZERO" |
shellcromancer
/ yara_from_selection.py
Created
January 26, 2023 13:30
Binja Snippet to create YARA string for selection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import PySide6 | |
| length = current_selection[1] - current_selection[0] | |
| code_bytes = bv.read(here, length).hex() | |
| tuples = [code_bytes[i:i+2] for i in range(0, len(code_bytes), 2)] | |
| yara_str = f"$asm_{hex(here)} = {{{' '.join(tuples)}}}" | |
| clip = PySide6.QtGui.QGuiApplication.clipboard() | |
| clip.setText(yara_str) |
shellcromancer
/ elf_invalid_version.yara
Created
January 2, 2023 01:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule elf_invalid_version { | |
| meta: | |
| desc = "Identify ELF file that has mangled header info." | |
| author = "@shellcromancer" | |
| version = "1.0" | |
| last_modified = "2023.01.01" | |
| reference = "https://n0.lol/ebm/1.html" | |
| reference = "https://tmpout.sh/1/1.html" | |
| condition: | |
| ( |
shellcromancer
/ tool_gscript.yara
Created
January 19, 2022 04:08
Detect the gscript dropper generator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule tool_gscript { | |
| meta: | |
| description = "Identify the gscript dropper generator." | |
| author = "@shellcromancer <root@shellcromancer.io>" | |
| version = "0.1" | |
| date = "2022-01-18" | |
| reference = "https://github.com/gen0cide/gscript" | |
| strings: | |
| $ = "gen0cide/gscript" ascii |
shellcromancer
/ alg_crypto_des.yara
Created
January 16, 2022 03:47
YARA signature for the DES algorithm's constants.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule alg_crypto_des { | |
| meta: | |
| description = "Identify code/constants for the DES encryption algorithm." | |
| author = "@shellcromancer <root@shellcromancer.io>" | |
| version = "0.1" | |
| date = "2022-01-15" | |
| reference = "https://en.wikipedia.org/wiki/Data_Encryption_Standard" | |
| implementation = "https://cs.opensource.google/go/go/+/master:src/crypto/des/block.go" | |
| strings: | |
| $permInit = { |
shellcromancer
/ alg_crypto_sha1.yara
Created
January 15, 2022 05:35
YARA rule to detect the SHA1 hashing algorithm.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule alg_crypto_sha1 { | |
| meta: | |
| description = "Identify constants for the SHA1 hashing algorithm." | |
| author = "@shellcromancer <root@shellcromancer.io>" | |
| version = "0.1" | |
| date = "2022-01-14" | |
| reference = "https://en.wikipedia.org/wiki/SHA-1" | |
| implementation = "https://cs.opensource.google/go/go/+/master:src/crypto/sha1/sha1block_amd64.s" | |
| strings: | |
| $init0 = { 67452301 } |
NewerOlder