Goals: Add links that are reasonable and good explanations of how stuff works. No hype and no vendor content if possible. Practical first-hand accounts of models in prod eagerly sought.
Wes wesinator
colindix
/ fix_mac_time2.sh
Last active
February 1, 2025 07:57
Fix Time Problem on Mac after power out
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo sntp -sS time.apple.com |
utkonos
/ test_linters.py
Last active
December 7, 2024 12:29
Unit Test Suite for pycodestyle, pydocstyle, and pyflakes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2024 Malwarology LLC | |
| # | |
| # Use of this source code is governed by an MIT-style | |
| # license that can be found in the LICENSE file or at | |
| # https://opensource.org/licenses/MIT. | |
| """Unit tests for linting the project modules and the unit test modules. | |
| Imported From: | |
| https://gist.github.com/utkonos/9c9ac127d2d08e648c58c4e07bf68a25 | |
| """ |
mgraeber-rc
/ MITRE_Attack_WindowsAppControl.csv
Created
February 8, 2021 18:58
Windows-specific MITRE ATT&CK techniques application control prevention assessment. This is a first attempt to assess the extent to which application control solutions would mitigate/prevent attack techniques. Note: this highly subjective assessment assumes a system that enforces an application control solution that at a minimum allows all Windo…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ID | Name | MitigatedByAppControl | Notes | |
|---|---|---|---|---|
| T1001 | Data Obfuscation | Not Applicable | Relevant sub-techniques addressed below | |
| T1001.001 | Junk Data | No | Technique is not necessarily related to the execution of arbitrary code on an endpoint. | |
| T1001.002 | Steganography | Limited | If custom attacker code were necessary to perform this technique, it would be prevented. | |
| T1001.003 | Protocol Impersonation | Limited | If custom attacker code were necessary to perform this technique, it would be prevented. | |
| T1003 | OS Credential Dumping | Not Applicable | Relevant sub-techniques addressed below | |
| T1003.001 | LSASS Memory | Limited | Built-in utilities exist to perform this technique. They would have to be explicitly blocked. | |
| T1003.002 | Security Account Manager | Limited | Built-in utilities exist to perform this technique. They would have to be explicitly blocked. | |
| T1003.003 | NTDS | Limited | Built-in utilities exist to perform this technique. They would have to be explicitly blocked. | |
| T1003.004 | LSA Secrets | Limited | Built-in utilities exist to perform this technique. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ISOFile = "C:\Users\DELL\Downloads\17763.737.190906-2324.rs5_release_svc_refresh_SERVERHYPERCORE_OEM_x64FRE_en-us_1.iso" | |
| $USBDrive = Get-Disk | Where FriendlyName -eq " USB Flash Memory" | |
| $USBDrive | Clear-Disk -RemoveData -Confirm:$true -PassThru | |
| $USBDrive | Set-Disk -PartitionStyle GPT | |
| $Volume = $USBDrive | New-Partition -UseMaximumSize -AssignDriveLetter | Format-Volume -FileSystem FAT32 -NewFileSystemLabel WS2019 | |
| $ISOMounted = Mount-DiskImage -ImagePath $ISOFile -StorageType ISO -PassThru | |
| $ISODriveLetter = ($ISOMounted | Get-Volume).DriveLetter | |
| Copy-Item -Path ($ISODriveLetter +":\*") -Destination ($Volume.DriveLetter + ":\") -Recurse |
nikkej
/ rich.py
Last active
August 15, 2020 02:34
— forked from skochinsky/rich.py
MSVC PE Rich header parser with compiler version display
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # based on code from http://trendystephen.blogspot.be/2008/01/rich-header.html | |
| # and from https://gist.github.com/skochinsky/07c8e95e33d9429d81a75622b5d24c8b | |
| import sys | |
| import struct | |
| # I'm trying not to bury the magic number... | |
| CHECKSUM_MASK = 0x536e6144 # DanS (actuall SnaD) | |
| RICH_TEXT = b'Rich' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # Extracts prodid enumeration from a given binary file | |
| # Example usage: | |
| # extract-prodids.py -f msobj140-msvcrt.lib | |
| # | |
| import re, argparse, struct | |
| # Note: care must be taken of a format of RE string as following works only | |
| # with msobj140-msvcrt.lib for certain |
gryan11
/ snort_setup.md
Last active
July 3, 2024 09:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ransomware Killer v0.1 by Thomas Patzke <[email protected]> | |
| # Kill all parent processes of the command that tries to run "vssadmin Delete Shadows" | |
| # IMPORTANT: This must run with Administrator privileges! | |
| Register-WmiEvent -Query "select * from __instancecreationevent within 0.1 where targetinstance isa 'win32_process' and targetinstance.CommandLine like '%vssadmin%Delete%Shadows%'" -Action { | |
| # Kill all parent processes from detected vssadmin process | |
| $p = $EventArgs.NewEvent.TargetInstance | |
| while ($p) { | |
| $ppid = $p.ParentProcessID | |
| $pp = Get-WmiObject -Class Win32_Process -Filter "ProcessID=$ppid" | |
| Write-Host $p.ProcessID |
chrisdoman
/ getUrlScanGreatCannonHits.py
Created
September 2, 2019 16:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Gets possible Great Cannon injections from UrlScan | |
| ''' | |
| import requests | |
| import json | |
| # Insert your urlscan API Key | |
| api_key = '' |
NewerOlder