Category: Python


Virus Total API Python Script

by Destruct_Icon
Categories: Coding, Python
Tags: No Tags
Comments: 10 Comments

: Virus Total API Python Script : Scripts! Ok, now that we have your attention. Quite a few months ago we worked on building a foremost script where you could carve all the files out of memory and then query Virus Total for each hash. We wanted to pull the Virus Total subset out of[…]


Honey the kids hacked us! – Part 1

by nanoSpl0it
Categories: Coding, Python
Tags: , , ,
Comments: Leave a Comment

:Honey, the kids hacked us!: There are many different questions that go through your head or discussions you might have when you first become a parent. Here are a few of the questions and discussions that I was apart of. 1) Organic or non-organic? 2) Cloth diapers or disposable? 3) Breast milk or formula? 4)[…]


Importing Python Scripts: Clobbering sys.argv

by 8bits0fbr@in
Categories: Coding, Python
Tags: , , , , , , , , , ,
Comments: Leave a Comment

Often, we find the need to import a non-class based Python module into our own modules. Sure, many proper Python packages exist that we can use to do our dirty work (, but what about when we run into a random script that simply uses its own main() and various functions to get the job[…]


Foremost Automator Script

by Destruct_Icon
Categories: Analysis, Coding, Host Forensics, Python
Tags: , ,
Comments: Leave a Comment

Formost Automator Script A small project that we were working on involved using Foremost as an automated triage tool to run in the background as we were performing other analysis during incidents. The Foremost Automator Script was birthed from this project. If you are not familiar with Foremost, please check out our previous post at[…]


autobreak-api PyCommand – Automatic Breakpoint Lovin’!

Autobreak-api is an Immunity Debugger PyCommand (Python script) that parses a Windows Portable Executable (PE) to automatically set breakpoints on all imported functions. My goal in writing this script was to ease malware analysis by providing a method to triage specimens quickly. For more information, please see the on GitHub. The script along with[…]


NTUSER, SOFTWARE or SYSTEM Hive Registry Parser

Registry Parser There has been times where I would like to parse through a NTUSER, SYSTEM, SOFTWARE hive and pull back just the key and sub keys that have been modified between a certain date (which is one of the arguments for the below python script). Thanks to William Ballenthin for showing how this is[…]


XOR Script (Skips NULL bytes “00”)

by InterDimensional_Shambler
Categories: Analysis, Coding, Malware Reverse Engineering, Python
Tags: , ,
Comments: Leave a Comment

[Description of XOR Script] Updated January 2014 Hello! I’ve made a script (in python) that can take an XORed (file or string) and will XOR it with a user-defined XOR Key (single-byte or multi-byte). The reason for this is because there is XORed malware out there that is scripted to apply an XOR in various[…]

Today is Tuesday