| 3d-game.com #dtdns.com | |
| 4irc.com #dtdns.com | |
| b0ne.com #dtdns.com | |
| bbsindex.com #dtdns.com | |
| chatnook.com #dtdns.com | |
| darktech.org #dtdns.com | |
| deaftone.com #dtdns.com | |
| dtdns.net #dtdns.com | |
| effers.com #dtdns.com | |
| etowns.net #dtdns.com |
| dynu.com | |
| dyn.com | |
| no-ip.com / noip.com | |
| changeip.com | |
| afraid.org | |
| duckdns.org | |
| dnsdynamic.org | |
| duiadns.net | |
| myonlineportal.com | |
| dns4e.com |
| ''' | |
| IDAPython script that generates a YARA rule to match against the | |
| basic blocks of the current function. It masks out relocation bytes | |
| and ignores jump instructions (given that we're already trying to | |
| match compiler-specific bytes, this is of arguable benefit). | |
| If python-yara is installed, the IDAPython script also validates that | |
| the generated rule matches at least one segment in the current file. | |
| author: Willi Ballenthin <william.ballenthin@fireeye.com> |
| go to https://github.com/lattera/porkroll for the latest version. |
| # Simulate fake processes of analysis sandbox/VM that some malware will try to evade | |
| # This just spawn ping.exe with different names (wireshark.exe, vboxtray.exe, ...) | |
| # It's just a PoC and it's ugly as f*ck but hey, if it works... | |
| # Usage: .\fake_sandbox.ps1 -action {start,stop} | |
| param([Parameter(Mandatory=$true)][string]$action) | |
| $fakeProcesses = @("wireshark.exe", "vmacthlp.exe", "VBoxService.exe", | |
| "VBoxTray.exe", "procmon.exe", "ollydbg.exe", "vmware-tray.exe", |
| #!/usr/bin/perl -w | |
| use strict; | |
| use IO::Socket::INET; | |
| use IO::Socket::SSL; | |
| use Getopt::Long; | |
| use Config; | |
| $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors | |
| print <<EOTEXT; |
| import email | |
| def get_decoded_email_body(message_body): | |
| """ Decode email body. | |
| Detect character set if the header is not set. | |
| We try to get text/plain, but if there is not one then fallback to text/html. | |
| :param message_body: Raw 7-bit message body input e.g. from imaplib. Double encoded in quoted-printable and latin-1 |
| # Get your files that Gmail block. Warning message: | |
| # "Anti-virus warning - 1 attachment contains a virus or blocked file. Downloading this attachment is disabled." | |
| # Based on: http://spapas.github.io/2014/10/23/retrieve-gmail-blocked-attachments/ | |
| # Go to your emails, click the arrow button in the top right, "Show original", save to the same directory as this script. | |
| import email | |
| import sys | |
| import os | |
| if __name__ == '__main__': |
Modern applications usually make use of back-end API servers to provide their services. With a non-transparent HTTPs proxy, which intercepts the communication between clients and servers (aka the man-in-the-middle scheme), you can easily manipulate both API requests and responses.
This manual helps you create your own proxy with Python and mitmproxy/libmproxy. Mitmproxy ships with both a standalone command-line tool (mitmproxy) and a Python library (libmproxy).
| from datetime import datetime | |
| import calendar | |
| def epoch_to_iso8601(timestamp): | |
| """ | |
| epoch_to_iso8601 - convert the unix epoch time into a iso8601 formatted date | |
| >>> epoch_to_iso8601(1341866722) | |
| '2012-07-09T22:45:22' | |
| """ |
