Sajid Nawaz Khan ssnkhan

## shadowserver_whois.py
#!/usr/bin/env python3

# Uses Shadowserver's `ASN and Network Queries` API
# See https://www.shadowserver.org/what-we-do/network-reporting/api-asn-and-network-queries/
# Preferred over similar free services as it offers better normalisation of ASN Names
# Beware of rate limiting, 10 queries/second


import json
import requests

## pDNS.py
#!/usr/bin/env python3


import json
import requests

username = ""
key = ""


## vboxmemdump.sh
#!/bin/bash
#Simple script for VirtuaBox memory extraction
# Usage: vboxmemdump.sh <VM name>
# See https://www.andreafortuna.org/2017/06/23/how-to-extract-a-ram-dump-from-a-running-virtualbox-machine/

VBoxManage debugvm $1 dumpvmcore --filename=$1.elf

size=0x$(objdump -h $1.elf|egrep -w "(Idx|load1)" | tr -s " " |  cut -d " " -f 4)
off=0x$(echo "obase=16;ibase=16;`objdump -h $1.elf|egrep -w "(Idx|load1)" | tr -s " " |  cut -d " " -f 7 | tr /a-z/ /A-Z/`" | bc)
head -c $(($size+$off)) $1.elf|tail -c +$(($off+1)) > $1.raw

## tryhackme.py
#!/usr/bin/env python3

'''
Description:    Fetches and parses TryHackMe profile stats
Author:         Sajid Nawaz Khan, @snkhan
Date:           1 January 2021
'''

import requests
import base64

## gist:d2b0065745061e8cee5b05f40b1d6996
# Lzm is needed to calculate the hash of encrypted 7z archives
# Use in combination with 7z2hashcat available at https://github.com/philsmd/7z2hashcat

brew install hashcat
sudo cpan IO::Compress::Lzm

## DataSourceDetections.csv

          
            Data Source
             Potential Techniques Detected

            
              Access Tokens
              1

            
              Anti-Virus
              6

            
              API Monitoring
              36

            
              Application Logs
              5

            
              Asset Management
              1

            
              Authentication Logs
              28

            
              Binary File Metadata
              17

            
              BIOS
              2

            
              Browser Extensions
              1

## gist:3cf1feb42cb244926833
### Keybase proof

I hereby claim:

  * I am ssnkhan on github.
  * I am snkhan (https://keybase.io/snkhan) on keybase.
  * I have a public key ASC8uSYs9BNWLHymA64GoSpOhCAwfbVjPH4Qgn2l2qzlJgo

To claim this, I am signing this object:
	#!/usr/bin/env python3

	# Uses Shadowserver's `ASN and Network Queries` API
	# See https://www.shadowserver.org/what-we-do/network-reporting/api-asn-and-network-queries/
	# Preferred over similar free services as it offers better normalisation of ASN Names
	# Beware of rate limiting, 10 queries/second


	import json
	import requests
	#!/bin/bash
	#Simple script for VirtuaBox memory extraction
	# Usage: vboxmemdump.sh <VM name>
	# See https://www.andreafortuna.org/2017/06/23/how-to-extract-a-ram-dump-from-a-running-virtualbox-machine/

	VBoxManage debugvm $1 dumpvmcore --filename=$1.elf

	size=0x$(objdump -h $1.elf\|egrep -w "(Idx\|load1)" \| tr -s " " \| cut -d " " -f 4)
	off=0x$(echo "obase=16;ibase=16;`objdump -h $1.elf\|egrep -w "(Idx\|load1)" \| tr -s " " \| cut -d " " -f 7 \| tr /a-z/ /A-Z/`" \| bc)
	head -c $(($size+$off)) $1.elf\|tail -c +$(($off+1)) > $1.raw
	#!/usr/bin/env python3

	'''
	Description: Fetches and parses TryHackMe profile stats
	Author: Sajid Nawaz Khan, @snkhan
	Date: 1 January 2021
	'''

	import requests
	import base64
	# Lzm is needed to calculate the hash of encrypted 7z archives
	# Use in combination with 7z2hashcat available at https://github.com/philsmd/7z2hashcat

	brew install hashcat
	sudo cpan IO::Compress::Lzm
	Data Source	Potential Techniques Detected
	Access Tokens	1
	Anti-Virus	6
	API Monitoring	36
	Application Logs	5
	Asset Management	1
	Authentication Logs	28
	Binary File Metadata	17
	BIOS	2
	Browser Extensions	1
	### Keybase proof

	I hereby claim:

	* I am ssnkhan on github.
	* I am snkhan (https://keybase.io/snkhan) on keybase.
	* I have a public key ASC8uSYs9BNWLHymA64GoSpOhCAwfbVjPH4Qgn2l2qzlJgo

	To claim this, I am signing this object: