Skip to content

Instantly share code, notes, and snippets.

View sooshie's full-sized avatar

Mike Sconzo sooshie

151 followers · 1 following
View GitHub Profile
@sooshie
sooshie / crxcagrepper.py
Created April 10, 2020 19:23
Download multiple versions of Chrome extension source from crxcavator.io and run a string search on the files.
# Python 3
# Sometimes hunting for strings in a bunch of different browser extensions and their many versions can be a pain.
# This will call out to crxcavator.io, pull the versions and sources. Then just run a simple string match on it.
# Surprisingly, it works.
#
# [email protected]
import requests
import json
@sooshie
sooshie / keybase.md
Created July 23, 2019 19:16
keybase.md

Keybase proof

I hereby claim:

  • I am sooshie on github.
  • I am sconzo (https://keybase.io/sconzo) on keybase.
  • I have a public key ASAVPRMJQdtTeO3AxcESG4JTAapjRSrjt_2jjpGj_C7svQo

To claim this, I am signing this object:

@sooshie
sooshie / extract_pe.bro
Created June 25, 2019 15:06
Extract PE files in Bro/Zeek 2.6.1
event file_sniff(f: fa_file, meta: fa_metadata)
{
if ( ! meta?$mime_type ) return;
if ( meta$mime_type == "application/x-dosexec" )
{
local fname = fmt("%s-%s.%s", f$source, f$id, "._xe");
Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);
}
}
@sooshie
sooshie / digicomp.json
Created November 1, 2018 19:13
{
"packages":[
{
"name":"digistump",
"maintainer":"Digistump",
"websiteURL":"http://digistump.com",
"email":"[email protected]",
"help":{
"online":"https://digistump.com/board"
},
@sooshie
sooshie / Ponmocup_decrypt.py
Last active June 6, 2018 06:11
Ponmocup decryption w/Unicorn
#https://r3v3rs3r.wordpress.com/2015/12/12/unicorn-vs-malware/
from unicorn import *
from unicorn.x86_const import *
from capstone import *
from capstone.x86 import *
import pefile
import struct
import string
import sys
@sooshie
sooshie / sqllite_postgres_cuckoo.txt
Created September 10, 2015 04:57
Migrate from sqlite to postgres with Cuckoo
While not definitive, this should hopefully give you a starting point in migrating from the initial/defalt sqlite setup for cuckoo to postgres.
Postgres setup
1) install postgres (apt-get install postgresql)
2) install postgres dev (something like: apt-get install postgresql-server-dev-9.3)
3) install psycopg2 (pip install psycopg2)
4) login to postgres and create a user (I created 'cuckoo')
5) create a database and give the user created in #4 rights to it (I created 'cuckoo' here as well)
Migrate data
@sooshie
sooshie / ZeuS dataset for D3 class
Created August 18, 2015 20:11
Data for the Data Visualization and Infographics with D3! Class
@sooshie
sooshie / gist:bd6db7f3577e23e7c022
Created July 23, 2015 18:06
SSH notes
scp -o ProxyCommand="ssh -A $user1@$host1 nc $host2 22" -r localdir/ $user2@$host2:/remote/directory
ssh -A $user1@$host1 -t ssh $user2@$host2
@sooshie
sooshie / crits s3 bucket creation
Created June 17, 2015 16:28
Protip: when using CRITS with S3 make sure to create the buckets
# Run this to create the buckets before using CRITS to store files.
# Also don't forget to make sure the relevant info is in database.py
python manage.py create_buckets
@sooshie
sooshie / deploy.sh
Last active July 21, 2016 08:15
modified registration.sh and deploy.sh for installing glastopf on a CentOS 7 system so it registers (works) with an MHN server
#!/bin/bash
set -e
set -x
if [ $# -ne 2 ]
then
echo "Wrong number of arguments supplied."
echo "Usage: $0 <server_url> <deploy_key>."
exit 1