👨👩👧👦
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
~/Downloads/Digital Appendices/Appendix G (Digital) - IOCs $ cat fabdf553-b3ed-4bc9-9ac6-13d6bd174dad.ioc | |
<?xml version="1.0" encoding="us-ascii"?> | |
<ioc xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="fabdf553-b3ed-4bc9-9ac6-13d6bd174dad" last-modified="2013-02-10T13:00:00" xmlns="http://schemas.mandiant.com/2010/ioc"> | |
<short_description>WEBC2-YAHOO (FAMILY)</short_description> | |
<description>The WEBC2 malware family is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. The WEBC2-YAHOO variant enters a loop where every ten minutes it attempts to download a web page that may contain an encoded URL. The encoded URL will be found in the pages returned inside an attribute named 'sb' or 'ex' within a tag named 'yahoo'. The embedded link can direct the malware to download and execute files.</description> | |
<autho |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'rubygems' | |
require 'mail' | |
Dir["./**/*.mbox"].each do |file| | |
puts "processing #{file}" | |
dir = File.basename file | |
puts "placing into #{dir}" | |
messages = File.read(file).split(/^From .*$/).reject{|m| m.blank? }.map {|m| Mail.read_from_string m } | |
puts "found #{messages.length} messages" | |
messages.each_with_index do |m, i| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module Daybreak | |
class BackgroundCompaction | |
def initialize(file, options = {}) | |
@db = Daybreak::DB.new(file) | |
@thread = Thread.new(&method(:run)) | |
@options = options | |
end | |
def stop | |
@stop = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'thread' | |
require 'csv' | |
require 'net/http' | |
require 'json' | |
id = 0 | |
max_id = 30 | |
class Atomic | |
def initialize(val) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
return CAIRO_STATUS_SUCCESS; | |
fail4: | |
free (cff_subset->widths); | |
fail3: | |
free (cff_subset->ps_name); | |
fail2: | |
_cairo_type2_charstrings_fini (&type2_subset); | |
fail1: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def ngrams(n) | |
tokenize.each_with_index.map {|_, i| toks.slice(i, n).join ' ' } | |
end | |
def sim_hash! | |
gramz = Set.new(ngrams(9)) | |
ordered = gramz.map {|g| g.hash }.sort | |
return if ordered.length < 10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def as_json(opts = {}) | |
ret = super(opts) | |
ret.reduce({}) do |memo, kv| | |
memo[kv.first] = kv.last if kv.last | |
memo | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
f = File.open 't', 'w' | |
require 'fcntl' | |
f.flock(File::LOCK_EX) | |
t = File.open 't', 'w' | |
t.flock(File::LOCK_EX) | |
# on jruby returns false. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'fcntl' | |
require 'thread' | |
class ConcurrentFile | |
def initialize | |
@out = File.open 't', 'w' | |
@mutex = Mutex.new | |
end | |
def lock | |
@out.flock(File::LOCK_EX) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
With queue optimizations (1.9.3): | |
benchmarks 1 10 100 1000 10000 | |
bench_inserting_keys 0.000032 0.000026 0.000122 0.001285 0.059764 | |
bench_keys_with_sync 0.000255 0.000853 0.006070 0.060688 0.663408 | |
bench_reading_keys 0.000026 0.000044 0.000223 0.001935 0.022019 | |
Without: | |
benchmarks 1 10 100 1000 10000 |