[NOTE]Changing Keyboard Layout on #Ubuntu 18.04 Permanently
I always used en-US keyboard as that is what I use to get in India. After shifting to Sweden, main problem was to adopt with Swedish layout keyboard. But, that happened swiftly. Then, the issue was keymap. If you are downloading a ready-made Virtual Machine image, it is always preloaded
#XSS Payload in #Bengali #Obfuscated
Without any further explanation - look at the code ক = '' // empty string খ = !ক + ক // "true" গ = !খ + ক // "false" ঘ = ক + {} // "[object Object]" ঙ = খ[ক++] // "t" = "true"[0] চ = খ[জ = ক] // "r" = "true"[1] ছ = ++জ + ক // 2, 3 ঝ = ঘ[জ + ছ] // "c" খ[ ঝ
Allowing #XLSM and #XLSB files ? Stop it to save your Infra
I understand that a company having legacy systems running always. But, are you permitting XLSM and XLSB filetypes ? #STOP it as fast as possible !! Following images are from a malware packer, possibly related with latest #Zloader and other infections. Credit @DissectMalwareFrom the 2nd screenshot it is clear that XLSM and
Update #Python modules #pip regularly #NotetoSelf
We update our linux boxes almost regularly, so Debian/Ubuntu user like me run apt update && apt upgrade -y regularly. But, we miss updating python library regularly which breaks a lot of python modules or make them outdated. Sharing 2 methods to do it easily with single liner.
#TA505 find subdomain to download #Dropper #Malware
So ... if you have main domain from #TA505 TTPs and want to download the dropper file from actual subdomain , following is the method So, found 2 TTPs today from twitter But, subdomains are not there. Without disturbing the poster, goto https://[DOMAIN] It will show you a certificate error page.
#Yara Rule for #TA505 Latest Campaign
rule ta505_downloader { meta: author = "Krishnendu Paul" description = "TA505 June 2020" strings: $meta_hex = "document.getElementById" $meta_app = "template.innerHTML" $meta_filetype = "iframeTemplate" $meta_b = "element.innerHTML" condition: all of ($meta_*) and filesize < 250000 }
Enable #WSL2 on #Windows10 #Note
Prerequisite Windows 10 version 2004 ( If you are not on 2004 yet, use Windows Update Assistant ) Intel Virtualization Option should be enabled in BIOS. In Command Prompt, type: dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart Then install update to its kernel
Easy #YARA Strings #Hunting for #Malware - The Lazy Man's Way
I am not your Regular #BlueTeam #YARA #Guru who is writing yara for everything everyday. But, was assigned for a task where I need to find-out a proper Yara for a specific class of new gen malwares where AV or SHA/MD5 based IOC's are not working. Even the network