Skip to content

Instantly share code, notes, and snippets.

View threatinteltest's full-sized avatar

threatinteltest

View GitHub Profile
#!/bin/bash
set -e
CONTENTS=$(tesseract -c language_model_penalty_non_dict_word=0.8 --tessdata-dir /usr/local/share/ "$1" stdout -l eng | xml esc)
hex=$((cat <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
@threatinteltest
threatinteltest / Whitelisting.txt
Created November 20, 2017 15:46
MITRE ATT&CK Mapped Against Whitelisting Defense
T1103 - AppInitDlls
T1017 - Application Deployment Software
T1131 - Authentication Package
T1009 - Binary Padding
T1042 - Change Default Association
T1116 - Code Signing
T1122 - Component Object Model Hijacking
T1003 - Credential Access
T1055 - DLL Injection
T1038 - DLL Search Order Hijacking