Category Archives: Python

Hunting Pastebin with PasteHunter

      5 Comments on Hunting Pastebin with PasteHunter

From a security analytics and Threat Intelligence perspective Pastebin is a treasure trove of information. All content that is uploaded to pastebin and not explicitly set to private (which requires an account) is listed and can be viewed by anyone. tl;dr Using Yara Rules to find and save interesting data from pastebin https://github.com/kevthehermit/PasteHunter Hackers and script kiddies are quick to… Read more »

Solving the SANS 2016 Holiday Hack Challenge

      9 Comments on Solving the SANS 2016 Holiday Hack Challenge

tldr; SANS released the 2016 Christmas Holiday Hack Challenge.This serves as my official submitted answer, and my offering to you dear reader in case you want to see how I approached the challenges. So settle in this is going to be a long post. At the time of writing the challenge is still live and SANS typically keep the servers… Read more »

USB Rubber Ducky and a New ToolKit

      7 Comments on USB Rubber Ducky and a New ToolKit

USB Rubber Ducky The USB Rubber Ducky is a product designed and Sold by Hak5. Essentially its a USB keyboard without any keys that you can pre-program a set of keystrokes on to. When the device is plugged in, its installed as a generic keyboard and will then type whatever you have scripted it to use. Duck Code Duck code is how… Read more »

Solving GrrCon15 Memory Challenge with VolUtility

After seeing that Brian Baskin and Tony Cook had published a writeup solving the GrrCon 2015 Memory challenges I thought this would be an ideal way of testing VolUtility, A way to make sure that i have covered all the features, and if not then how to try and add them so it does. Plus it looked like fun :)… Read more »

DarkComet – Hacking The Hacker

      2 Comments on DarkComet – Hacking The Hacker

Before I begin this post let me get the following statements out of the way. I Am NOT A Lawyer. The use of the Tools and Techniques discussed in this post may not be legal in your country. The original credit for the discovery belongs to Shawn Denbow and Jesse Hertz. All I did was expand on their POC. Back in… Read more »

Viper – Modules – APK

      No Comments on Viper – Modules – APK

This follows on from the post detailing the basic usage of viper. If you have not read that post I would start there. An index of all the modules can be found here. APK The apk module is designed to extract information from Android Application Packages (APK). I am not going to look at the APK structure im just going to showcase what… Read more »

Viper – First Use

      2 Comments on Viper – First Use

This series is going to take a closer look at using the Viper analysis platform and its associated modules. If you are new to Viper here are a few links for you. http://viper.li – The projects home https://github.com/botherder/viper – the projects GitHub Install Guide – My Install guide. Lets dive straight in and assume you have just finished installing and… Read more »

Decoding Rig Exploit Kit

      No Comments on Decoding Rig Exploit Kit

This is going to be short and too the point. Python script to decode Rig Exploit Kit landing page. Its on my Github Here – https://github.com/kevthehermit/Scripts/blob/master/RigDecoder.py And this is a quick cast to show it in use. As usual Questions Queries Comments below.

Update to Image Mount Script

      No Comments on Update to Image Mount Script

Several Months ago I wrote a python script that helped me mount Disk and partition images. You can read the original post here. It worked but was lacking in some areas. Mostly in that it didn’t support GPT partition tables. Thanks to @robtlee for poking me and @ChipRAFP for the support I have rewritten the script and added a couple more features. It now… Read more »

EnCase And AnalyzeMFT

      2 Comments on EnCase And AnalyzeMFT

I have some familiarity with Windows Forensics having passed my SANS 508 exam, However Chip is my resident Forensics expert so when he pointed me in the direction of  a blog post about running python scripts in EnCase I was immediately interested. I haven’t really played with EnCase and have been looking for a reason, this seems like a good one. In… Read more »