Skip to content

Instantly share code, notes, and snippets.

View wesinator's full-sized avatar

Wes wesinator

100 followers · 147 following
View GitHub Profile
@veekaybee
veekaybee / normcore-llm.md
Last active December 21, 2024 13:03
Normcore LLM Reads

Anti-hype LLM reading list

Goals: Add links that are reasonable and good explanations of how stuff works. No hype and no vendor content if possible. Practical first-hand accounts of models in prod eagerly sought.

Foundational Concepts

Screenshot 2023-12-18 at 10 40 27 PM

Pre-Transformer Models

@utkonos
utkonos / test_linters.py
Last active December 7, 2024 12:29
Unit Test Suite for pycodestyle, pydocstyle, and pyflakes
# Copyright 2024 Malwarology LLC
#
# Use of this source code is governed by an MIT-style
# license that can be found in the LICENSE file or at
# https://opensource.org/licenses/MIT.
"""Unit tests for linting the project modules and the unit test modules.
Imported From:
https://gist.github.com/utkonos/9c9ac127d2d08e648c58c4e07bf68a25
"""
@mgraeber-rc
mgraeber-rc / MITRE_Attack_WindowsAppControl.csv
Created February 8, 2021 18:58
Windows-specific MITRE ATT&CK techniques application control prevention assessment. This is a first attempt to assess the extent to which application control solutions would mitigate/prevent attack techniques. Note: this highly subjective assessment assumes a system that enforces an application control solution that at a minimum allows all Windo…
ID Name MitigatedByAppControl Notes
T1001 Data Obfuscation Not Applicable Relevant sub-techniques addressed below
T1001.001 Junk Data No Technique is not necessarily related to the execution of arbitrary code on an endpoint.
T1001.002 Steganography Limited If custom attacker code were necessary to perform this technique, it would be prevented.
T1001.003 Protocol Impersonation Limited If custom attacker code were necessary to perform this technique, it would be prevented.
T1003 OS Credential Dumping Not Applicable Relevant sub-techniques addressed below
T1003.001 LSASS Memory Limited Built-in utilities exist to perform this technique. They would have to be explicitly blocked.
T1003.002 Security Account Manager Limited Built-in utilities exist to perform this technique. They would have to be explicitly blocked.
T1003.003 NTDS Limited Built-in utilities exist to perform this technique. They would have to be explicitly blocked.
T1003.004 LSA Secrets Limited Built-in utilities exist to perform this technique.
@jdrzejb
jdrzejb / script.ps1
Created January 19, 2021 22:54
Bootable Windows Server Iso
$ISOFile = "C:\Users\DELL\Downloads\17763.737.190906-2324.rs5_release_svc_refresh_SERVERHYPERCORE_OEM_x64FRE_en-us_1.iso"
$USBDrive = Get-Disk | Where FriendlyName -eq " USB Flash Memory"
$USBDrive | Clear-Disk -RemoveData -Confirm:$true -PassThru
$USBDrive | Set-Disk -PartitionStyle GPT
$Volume = $USBDrive | New-Partition -UseMaximumSize -AssignDriveLetter | Format-Volume -FileSystem FAT32 -NewFileSystemLabel WS2019
$ISOMounted = Mount-DiskImage -ImagePath $ISOFile -StorageType ISO -PassThru
$ISODriveLetter = ($ISOMounted | Get-Volume).DriveLetter
Copy-Item -Path ($ISODriveLetter +":\*") -Destination ($Volume.DriveLetter + ":\") -Recurse
@nikkej
nikkej / rich.py
Last active August 15, 2020 02:34 — forked from skochinsky/rich.py
MSVC PE Rich header parser with compiler version display
#!/usr/bin/env python3
#
# based on code from http://trendystephen.blogspot.be/2008/01/rich-header.html
# and from https://gist.github.com/skochinsky/07c8e95e33d9429d81a75622b5d24c8b
import sys
import struct
# I'm trying not to bury the magic number...
CHECKSUM_MASK = 0x536e6144 # DanS (actuall SnaD)
RICH_TEXT = b'Rich'
@nikkej
nikkej / extract-prodids.py
Created April 29, 2020 09:41
MSVC prodid extractor
#!/usr/bin/env python3
#
# Extracts prodid enumeration from a given binary file
# Example usage:
# extract-prodids.py -f msobj140-msvcrt.lib
#
import re, argparse, struct
# Note: care must be taken of a format of RE string as following works only
# with msobj140-msvcrt.lib for certain
@gryan11
gryan11 / snort_setup.md
Last active July 3, 2024 09:25

Snort install on mac

  • install homebrew first if not installed
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"\
  < /dev/null 2> /dev/null

  • install snort brew install snort

  • make bpf readable for snort

@thomaspatzke
thomaspatzke / Kill-Ransomware.ps1
Created November 5, 2019 12:29
Ransomware Killer
# Ransomware Killer v0.1 by Thomas Patzke <thomas@patzke.org>
# Kill all parent processes of the command that tries to run "vssadmin Delete Shadows"
# IMPORTANT: This must run with Administrator privileges!
Register-WmiEvent -Query "select * from __instancecreationevent within 0.1 where targetinstance isa 'win32_process' and targetinstance.CommandLine like '%vssadmin%Delete%Shadows%'" -Action {
# Kill all parent processes from detected vssadmin process
$p = $EventArgs.NewEvent.TargetInstance
while ($p) {
$ppid = $p.ParentProcessID
$pp = Get-WmiObject -Class Win32_Process -Filter "ProcessID=$ppid"
Write-Host $p.ProcessID
@chrisdoman
chrisdoman / getUrlScanGreatCannonHits.py
Created September 2, 2019 16:53
'''
Gets possible Great Cannon injections from UrlScan
'''
import requests
import json
# Insert your urlscan API Key
api_key = ''
@noahyonack
noahyonack / upload_to_pypi.sh
Last active December 7, 2019 20:19
#!/usr/bin/env bash
# just to be safe: wipe the dist folder of previous builds
rm -r dist/*
# ensure you hav the latest versions of twine, setuptools, and wheel
python3 -m pip install --user --upgrade twine setuptools wheel
# build the package
python3 setup.py sdist bdist_wheel