This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Usage: ./dns_check.py <list_of_domain_names.txt> | |
import dns.resolver | |
import requests | |
import re | |
import json | |
import sys | |
resolver = dns.resolver.Resolver() | |
resolver.timeout = 5 | |
resolver.lifetime = 5 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# Script by Quarkslab from https://ostif.org/wp-content/uploads/2017/05/OpenVPN1.2final.pdf | |
""" | |
$ ./dos_server.py & | |
$ sudo ./openvpn-2.4.0/src/openvpn/openvpn conf/server-tls.conf | |
... | |
Fri Feb 24 10:19:19 2017 192.168.149.1:64249 TLS: Initial packet from [AF_INET]192.168.149.1:64249, sid=9a6c48a6 1467f5e1 | |
Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Assertion failed at ssl.c:3711 (buf_copy(in, buf)) | |
Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Exiting due to fatal error | |
Fri Feb 24 10:19:19 2017 192.168.149.1:64249 /sbin/route del -net 10.8.0.0 netmask␣255.255.255.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer | |
PORT_NUMBER = 31337 | |
class myHandler(BaseHTTPRequestHandler): | |
#Handler for the GET requests | |
def do_GET(self): | |
self.send_response(200) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Simulate fake processes of analysis sandbox/VM that some malware will try to evade | |
# This just spawn ping.exe with different names (wireshark.exe, vboxtray.exe, ...) | |
# It's just a PoC and it's ugly as f*ck but hey, if it works... | |
# Usage: .\fake_sandbox.ps1 -action {start,stop} | |
param([Parameter(Mandatory=$true)][string]$action) | |
$fakeProcesses = @("wireshark.exe", "vmacthlp.exe", "VBoxService.exe", | |
"VBoxTray.exe", "procmon.exe", "ollydbg.exe", "vmware-tray.exe", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import datetime | |
import os | |
import sys | |
import pefile | |
from scapy.all import * | |
import scapy_http.http | |
import tempfile | |
TIME_THRESHOLD = datetime.timedelta(days=3) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Registering your new number | |
signal-cli -u "+1234568790" register | |
signal-cli -u "+1234568790" verify xxxxxx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo "[+] Getting \system\\currentcontrolset\\services" | |
$raw_services = Get-ChildItem -Path hklm:\system\\currentcontrolset\\services | select Name | |
$services = @() | |
foreach ($srv in $raw_services) { | |
$shortname = "$srv".Split("\")[-1] | |
$shortname = $shortname.Substring(0,$shortname.Length-1) | |
$services += $shortname | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC possible infected wordpress second stage download attempt"; flow:to_server,established; http_uri; pcre:"/\/wp-(includes|admin|content)\/.*\.(exe|dll|scr|rar|zip|jar|ps1|bat)/iU";metadata:service http; reference:url,medium.com/@x0rz/threat-hunting-on-simple-tricks-27e64e39f2f0; classtype:trojan-activity; sid:31337; rev:1;) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"background": { | |
"scripts": [ "background.js" ] | |
}, | |
"browser_action": { | |
"default_icon": "opurie.png", | |
"default_popup": "popup.html", | |
"default_title": "Opurie" | |
}, | |
"description": "Whiohoo! Welcome back to Opurie", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function redirect(e) { | |
chrome.tabs.update({ | |
url: e | |
}) | |
} | |
var pagebrowsed, allowSearch, prevurl = null, | |
srchid = 100, | |
sysid = 739, | |
random = Math.floor(1e7 * Math.random()), | |
thanksmsg = [random, "slonif", ".", "faith", "opurie", "com"], |
NewerOlder