ProIntegritate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Public Function CleanCommand(ByVal sString As String) As String | |
| ' Cleans up commandline params that try to break up strings to bypass detection with ASCII > 127 and Nop characters like "^" | |
| Dim sByteArray() As Byte = System.Text.Encoding.Default.GetBytes(sString) | |
| Dim sResult As String = "" | |
| For n = 0 To UBound(sByteArray) | |
| If sByteArray(n) <= 127 And sByteArray(n) > 0 Then | |
| sResult = sResult & Chr(sByteArray(n)) | |
| End If |
ProIntegritate
/ gist:b2315f160d1f561b0ec4496c9680c28f
Last active
October 19, 2021 17:23
Virustotal false positive for an almost empty file with almost NO functionality:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| cls | |
| echo The following dummy code produces a false positive on Virustotal and MS Defender also reacts because of this: | |
| echo y | del t.vb* | |
| echo y | del t.exe | |
| echo ---------------------------------------- | |
| echo Decoding B64 sample... | |
| echo TW9kdWxlIE1vZHVsZTENCiAgICBTdWIgTWFpbigpDQogICAgICAgIENvbnNvbGUuV3JpdGVMaW5lKCJUaGlzIHByb2dyYW0gZG9lcyBub3RoaW5nIGJ1dCBwcmludCB0aGlzIGxpbmUgaW4gYSBjb25zb2xlIHdpbmRvdy4iKQ0KICAgIEVuZCBTdWINCkVuZCBNb2R1bGU= > t.vb.b64 | |
| certutil -decode t.vb.b64 t.vb |
ProIntegritate
/ gist:8c543d5e80c8aec34d8e6ad46085be69
Created
October 13, 2021 21:39
Amiga Guru mediation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Dim sTopChar As String = "▄" | |
| Dim sBottomChar As String = "▀" | |
| Dim sVerticalChar As String = "█" | |
| Console.ForegroundColor = ConsoleColor.Red | |
| For n = 0 To 63 | |
| Console.Write(sTopChar) | |
| Next | |
| Console.Write(vbCrLf) | |
| Console.WriteLine(sVerticalChar & " Software failure. Press left mouse button to continue " & sVerticalChar) |
ProIntegritate
/ gist:e2a8ff0a198d5de40cddf1bfab43b4c4
Created
October 5, 2021 17:49
VB.Net Bouncycastle Digest Example for SHA3 (Keccak)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Imports Org.BouncyCastle.Crypto.Digests | |
| Sub main() | |
| ' SHA3 Test vectors for string 'abc' | |
| ' SHA-3-224 e642824c3f8cf24a d09234ee7d3c766f c9a3a5168d0c94ad 73b46fdf | |
| ' SHA-3-256 3a985da74fe225b2 045c172d6bd390bd 855f086e3e9d525b 46bfe24511431532 | |
| ' SHA-3-384 ec01498288516fc9 26459f58e2c6ad8d f9b473cb0fc08c25 96da7cf0e49be4b2 98d88cea927ac7f5 39f1edf228376d25 | |
| ' SHA-3-512 b751850b1a57168a 5693cd924b6b096e 08f621827444f70d 884f5d0240d2712e 10e116e9192af3c9 1a7ec57647e39340 57340b4cf408d5a5 6592f8274eec53f0 |
ProIntegritate
/ gist:7e14c5ae6b98e87dbfdb933140ba356d
Last active
October 13, 2021 00:24
Increase Pinned links from 12 to 24 for each shortcut on start-bar:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] | |
| "JumpListItems_Maximum"=dword:00000018 | |
| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] | |
| "JumpListItems_Maximum"=dword:00000018 | |
ProIntegritate
/ gist:3ac7152378dd1376f1c74601816b14c4
Last active
October 20, 2021 20:03
Suricata 6.0 Setup on Windows 10 x64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| **** Firing up Suricata on your Windows 10 box: **** | |
| This is a very quick and dirty way to get it up and running so you can experiment on it. | |
| There are lots of settings and things that i jump over, you should dig into the settings on your own. | |
| 1. Start by getting the 64 bit MSI with Suricata. https://suricata.io/download/ | |
| Install to default location: "C:\Program files\Suricata\" | |
| ____________________________________________________________________________________________________ |
ProIntegritate
/ gist:d484e84e12087fc11a00b7d2cc866123
Created
September 7, 2021 17:55
C++ style Inline functions in VB.net
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Class Something | |
| <Runtime.CompilerServices.MethodImplAttribute(System.Runtime.CompilerServices.MethodImplOptions.AggressiveInlining)> | |
| Public Function fInlineFunction() As String | |
| Return "Stuff" | |
| End Function | |
| End Class |
ProIntegritate
/ Resolves
Created
August 2, 2021 14:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 178.162.203.202, abfxbfslwtgajbc.ru | |
| 178.162.203.211, abfxbfslwtgajbc.ru | |
| 178.162.203.226, abfxbfslwtgajbc.ru | |
| 178.162.217.107, abfxbfslwtgajbc.ru | |
| 5.79.71.205, abfxbfslwtgajbc.ru | |
| 5.79.71.225, abfxbfslwtgajbc.ru | |
| 85.17.31.82, abfxbfslwtgajbc.ru | |
| 85.17.31.122, abfxbfslwtgajbc.ru | |
| 85.17.31.122, aaawkvmluxgrmac.ru | |
| 178.162.203.202, aaawkvmluxgrmac.ru |
ProIntegritate
/ .NET Cleanup
Created
July 28, 2021 09:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Specific object cleanup: | |
| Object.Dispose() ' Does not exist for all objects though. | |
| Object = Nothing ' This _will_ exist for all objects. | |
| The periodically run: | |
| GC.Collect() ' Init Garbage collector | |
| If you use performance counters (System.Diagnostic.*), you may want to clean them up too as you free things up: |
ProIntegritate
/ gist:b97d7567d4d3c5a35e9cca21c25ef2f2
Created
July 24, 2021 12:15
Exploring WMI objects with Powershell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Exploring WMI objects with Powershell: | |
| For this example on how to explore WMI classes, i've used Win32_ShadowCopy | |
| as an example. Some classes, like Win32_ShadowCopy, REQUIRES administrator | |
| privileges to work. | |
| Search for classes names *shadow* | |
| powershell -c "Get-CimClass -ClassName *shadow*" | |
| See if a class has Methods and Properties: |
NewerOlder