KP's ScratchPad

---

4 November 2020

[NOTE] Decrypt #pfsense #firewall exported config file

If you exported and saved pfsense configuration, by using following command you can decrypt pfsense exported configuration provided you remember the password. cat /tmp/config-exported.

---

Linux 6 October 2020

[Note] #Synchronizing Remote FTP folder to Local Drive #Linux #FTP #Sync

Sometimes you need to watch a FTP directory for new files and periodically downloading the. Even if you can create a script to use ftp

---

13 September 2020

Running #Remnux Linux (#Malware #Analysis Distro) on #Windows10 #Docker

I am a huge fan of Windows interface till date even I am a power-user of Linux CLI ( Yes ! We exists ! ) . So, for my kind

---

Linux 11 September 2020

[NOTE]Changing Keyboard Layout on #Ubuntu 18.04 Permanently

I always used en-US keyboard as that is what I use to get in India. After shifting to Sweden, main problem was to adopt with

---

19 August 2020

Weaponizing .tar files - RedTeam

So many times you will find, that you are not allowed to upload executable binaries , backdoor php or other extension file, also those are very

---

unicode 30 July 2020

#XSS Payload in #Bengali #Obfuscated

Without any further explanation - look at the code ক = '' // empty string খ = !ক + ক // "true" গ = !খ + ক // "false" ঘ = ক + {} // "[object Object]

---

XLS 29 June 2020

Allowing #XLSM and #XLSB files ? Stop it to save your Infra

I understand that a company having legacy systems running always. But, are you permitting XLSM and XLSB filetypes ? #STOP it as fast as possible !! Following

---

python 17 June 2020

Update #Python modules #pip regularly #NotetoSelf

We update our linux boxes almost regularly, so Debian/Ubuntu user like me run apt update && apt upgrade -y regularly. But, we miss

---

TA505 16 June 2020

#TA505 find subdomain to download #Dropper #Malware

So ... if you have main domain from #TA505 TTPs and want to download the dropper file from actual subdomain , following is the method So, found

---

TA505 15 June 2020

#Yara Rule for #TA505 Latest Campaign

rule ta505_downloader { meta: author = "Krishnendu Paul" description = "TA505 June 2020" strings: $meta_hex = "document.getElementById" $meta_app = "template.innerHTML" $meta_filetype = "iframeTemplate" $meta_b

---

windows 13 June 2020

Enable #WSL2 on #Windows10 #Note

Prerequisite Windows 10 version 2004 ( If you are not on 2004 yet, use Windows Update Assistant ) Intel Virtualization Option should be enabled in BIOS. In

---

Malware 28 May 2020

Easy #YARA Strings #Hunting for #Malware - The Lazy Man's Way

I am not your Regular #BlueTeam #YARA #Guru who is writing yara for everything everyday. But, was assigned for a task where I need to

---

Malware 20 May 2020

[Custom #YARA ] #XLS #macro based #malware downloader using URLDownloadToFileA

Received numbers of sample submission of invoice themed XLS which are not getting detected on VT properly using any reputed Anti Virus engine. There is

---

twitter 17 May 2020

#Twitter #Video Upload #Fix (Your Media File Could Not Be Processed)

I am not regular on #Twitter. But, sometimes I do, and today I tried to post a video in twitter. Failed ( !!? )- with an error

---

Maze 22 April 2020

My View on #Maze #Malware #Cognizant version #InfoSec

Yes, it is a known story now that IT Giant #Congizant suffering from Maze Malare infection partly. Lot of their system got encrypted and hackers