Skip to content

Instantly share code, notes, and snippets.

View gist:d8c0dee3a5824fedb4fc520aeeecebf5
SELECT job.job_id as [JOB_ID],
job.name as [JOB_NAME],
job.description as [JOB_DESCRIPTION],
steps.step_name,
steps.subsystem,
steps.command,
SUSER_SNAME(job.owner_sid) as [JOB_OWNER],
steps.proxy_id,
proxies.name as [proxy_account],
job.enabled,
View excel_xlm.yar
rule Excel_Hidden_Macro_Sheet
{
meta:
Author = "InQuest Labs"
URL = "https://github.com/InQuest/yara-rules"
Description = "http://blog.inquest.net/blog/2019/01/29/Carving-Sneaky-XLM-Files/"
strings:
$ole_marker = {D0 CF 11 E0 A1 B1 1A E1}
$macro_sheet_h1 = {85 00 ?? ?? ?? ?? ?? ?? 01 01}
$macro_sheet_h2 = {85 00 ?? ?? ?? ?? ?? ?? 02 01}
@sneakymonk3y
sneakymonk3y / marker_.html
Created May 21, 2019
TRICKBOT injectdll64 HTML
View marker_.html
<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
function ahead()
{
objs = new Array([navigator, "navigator"], [screen, "screen"]);
str = new String("");
for(i = 0; i<objs.length; i++) {
for(var prop in objs[i][0]) {
@sneakymonk3y
sneakymonk3y / tweetgrab.py
Created Mar 18, 2019
HTB CTF - grab tweets based on Twitter handle specified and dump to .csv
View tweetgrab.py
#!/usr/bin/env python
# encoding: utf-8
import tweepy #https://github.com/tweepy/tweepy
import csv
#Twitter API credentials
consumer_key = ""
consumer_secret = ""
access_key = ""
@sneakymonk3y
sneakymonk3y / iplookup.sh
Last active Feb 12, 2019
IP lookup / greynoise.io / ipinfo.io / shodan.io / otx.alienvault.com
View iplookup.sh
#!/bin/bash
args=("$@")
check_greynoise()
{
echo "GREYNOISE"
curl -s -XPOST -d 'ip='${args[0]} 'http://api.greynoise.io:8888/v1/query/ip' | jq '.'
}
View malware-lab-tools.txt
BinText / strings / strings2 / bstrings
Process Monitor
Process Hacker
Autoruns
PEiD
Regshot
LordPE
Ollydbg
IDA Pro/FREE
WireShark
View keybase.md

Keybase proof

I hereby claim:

  • I am sneakymonk3y on github.
  • I am markrobinsonuk (https://keybase.io/markrobinsonuk) on keybase.
  • I have a public key whose fingerprint is ECA3 444F 6B24 2086 DF9B 3031 2599 7F90 2D61 F421

To claim this, I am signing this object: