Nikola Knežević knez
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import dnfile | |
| """ | |
| Dump all raw byte .NET resources | |
| """ | |
| def dump(res_name, res_data): | |
| print(f"[+] Dumping resource '{res_name}'") | |
| with open(res_name, 'wb') as f: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Deobfuscate Zutto Dekiru shellcode encoder | |
| Example: | |
| 48 31 ED xor rbp, rbp | |
| DA CB fcmove st, st(3) | |
| 54 push rsp | |
| 66 BD 17 01 mov bp, 117h | |
| 41 5C pop r12 | |
| 66 41 81 E4 90 F1 and r12w, 0F190h | |
| 48 BA 06 E0 BB DD CA C2 8A 0C mov rdx, 0C8AC2CADDBBE006h ; xor constant |
knez
/ decode_pst.py
Last active
December 4, 2021 14:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sys | |
| ''' | |
| Decodes PST encoded .txt attachments from Exchange Mailbox | |
| RULE: WEBSHELL_ASPX_Exchange_Encoded_Mailbox_Attachment_Aug21 | |
| ''' | |
| def decode(payload): | |
| mpbbCryptFrom512 = [ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Backup /home to gdrive | |
| rclone -v -L sync ~ remote: --exclude "Downloads/**" \ | |
| --exclude ".*{/**,}" \ | |
| --exclude "Music/**" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # user defined variables | |
| #----------------------- | |
| SAVEDIR="Downloads" | |
| SONGLIST="list.txt" | |
| #----------------------- | |
| check_error() { | |
| # if last command failed |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Lists all user-installed packages | |
| logfile="/var/log/apt/history.log" | |
| logs="zcat $logfile.*.gz | cat - $logfile" | |
| regex="^Commandline: (apt|apt-get) +install +\K( *(\w+-?)+)+" | |
| packages=$(eval $logs | grep -oP "$regex" | tr -s ' ' '\n' | sort -u) | |
| for pkg in $packages; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.util.Arrays; | |
| import java.security.MessageDigest; | |
| /** | |
| * Converts a 64 characters long hex private key | |
| * into a base58 WIF private key (starts with a '5') | |
| */ | |
| public class HexToWIF | |
| { | |
| public static byte[] getExtendedKey(String s) |