Author Archives: admin

admin

born 1976, Falticeni , Suceava , Romania

Yara python module – part 002 .

Before we start, I have to tell you that it is the continuation of an older tutorial you find here.
As you know the YARA is tool aimed at helping malware researchers to identify and classify malware samples.
The YARA tool help you to create descriptions of malware families based on textual or binary patterns.
This patterns – rules come with description consists of a set of strings and a boolean expression which determine its logic.
The YARA tool can be found on the official website.
First you need to install the python version
I used the yara-python-3.7.0.win-amd64-py3.5 version.
You need to use Python 3.5.0 version from here.
Let’s test the yara python module:

You can see the yara python module works well.
Let’s make a rule and test with a PDF file. This rule will tell us if the PDF come with links.
The rule is one file named detectpdflinks into this path:
C:\\BackUP\\Tools\\Python35\\detectpdflinks
The source code of this rule is:

Now will make the python script to use this yara rule with one pdf file:

You can see the uri on the variable named $the_uri.

Posted in All, Programming, Python, YARA. Tagged with , , , , , .

The Netcut – protect your network.

This tool named Netcut is a well known Windows program that can cut off a person’s connection when connected in the same network.
The Netcut automatically runs at Windows startup through a service and can be disabled from the program options.
About the Netcat tool is a computer networking utility for reading from and writing to network connections using TCP or UDP.
This tool is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts, see: Wikipedia
You can use free or you can buy to extend Pro membership from 1$ to 9.9$ / year.
You can download it from official website.

Posted in All, Windows 10. Tagged with , , , .

Windows 10 – whoami command .

The whoami is used to display the domain and user name of the person who is currently logged on to this computer.
If used without parameters, whoami displays the current domain and user name.
You can use this command with the next parameters:

/upn Displays the user name in user principal name (UPN) format.
/fqdn Displays the user name in fully qualified domain name (FQDN) format.
/logonid Displays the logon ID of the current user.
/user Displays the current domain and user name and the security identifier (SID).
/groups Displays the user groups to which the current user belongs.
/priv Displays the security privileges of the current user.
/fo <Format> Specifies the output format. Valid values include:

table   Displays output in a table. This is the default value.

list   Displays output in a list.

csv   Displays output in comma-separated value (CSV) format.

/all Displays all information in the current access token, including the current user name, security identifiers (SID), privileges, and groups that the current user belongs to.
/nh Specifies that the column header should not be displayed in the output. This is valid only for table and CSV formats.
/? Displays help at the command prompt.

Some examples with this command:

  • check if we are running elevated : whoami /groups | find “-” ;
  • display all of the information in the current access token: whoami /all ;
  • see what security groups you belong to: whoami /groups ;
Posted in All, Commands, Windows 10. Tagged with , , , , .

News: The FRESH I.D.E. for FASM assembler .

The reputable IDE for FASM named Fresh comes on 29.10.2017 06:47:22 with new news.
As you know, this can be used with the Linux and Windows operating system.
You can download it from here.
The development team come with this new content:
Quick bugfix release. The description for v2.6.0 is still valid. Read below.
The download links are updated. Download again and update your installation, if you downloaded v2.6.0.

Posted in news. Tagged with , , , .

News: Google launched Android Studio version 3.0 .

The Google launched Android Studio 3.0, the latest version of its integrated development environment (IDE) with a size of 681 Mb and many features.
The full released note can be found here, see:

  • Support for Android 8.0.
  • Support for building separate APKs based on language resources.
  • Support for Java 8 libraries and Java 8 language features (without the Jack compiler).
  • Support for Android Test Support Library 1.0 (Android Test Utility and Android Test Orchestrator).
  • Improved ndk-build and cmake build speeds.
  • Improved Gradle sync speed.
  • AAPT2 is now enabled by default.
  • Using ndkCompile is now more restricted. You should instead migrate to using either CMake or ndk-build to compile native code that you want to package into your APK. To learn more, read Migrate from ndkcompile.

Posted in news. Tagged with , , , , .