volexity / threat-intel Goto Github PK
View Code? Open in Web Editor NEWSignatures and IoCs from public Volexity blog posts.
License: Other
threat-intel's People
Contributors
Stargazers
Watchers
Forkers
prettyrecon doanhnhq-uit devkw huongpan zicreamz neo23x0 ekmixon laurafbec lchristmasl silocityit rajchowdhury420 6mile xb3t0 offlinehoster otagtekintorqata securekomodo vcygnus ph1shercat alsigit khanh8910 sleepthegod evilares errbody boghyon ocwc22 dhammack844 11eddie alexd-y infosecmel nnhoa 5l1v3r1 jesusgavancho r3dc4t0x00 gmh5225 john-7777 blue-infosec shonker azizkpln lucasbnery0 morpheusc ethicalsecurity-agency phuong39 noorahsmith dioos886 krishnakanth1618 cudocharles abdulsattar-arctic ghurcka rrice2004 c0dew0rkz giancarlo179threat-intel's Issues
Volexity/threat-intel
Volexity/threat-intel
Originally posted by @Sunshine4767 in #4 (comment)
Embedded file names
Not necessarily an issue, but does there by chance exist a version of onenoteextractor that could write the extracted files to disc using their original file names?
Volexity/threat-intel
one-extract: broken output at 4k boundary from encrypted ONE file
First, thank you so much for providing this really cool tool!
Whilst it works perfectly for unencrypted files, I noticed that the output of encrypted contents seems to be broken at 4k boundaries. To reproduce, consider the attached two examples, containing exactly the same contents. The encrypted version requires the password GeHeIm:
one-extract --extract-files --output-directory . --password GeHeIm Test-encrypted.one
one-extract --extract-files --output-directory . Test.one
The output files, ./Test-encrypted.one_0.extracted and ./Test.one_0.extracted are PNG images, of which the latter is usable, but the former is broken:
$ diff -u <(hd Test.one_0.extracted) <(hd Test-encrypted.one_0.extracted)
--- /dev/fd/63 2023-07-19 13:21:21.199984571 +0200
+++ /dev/fd/62 2023-07-19 13:21:21.183984571 +0200
@@ -253,8 +253,8 @@
00000fc0 32 5c 55 52 b2 60 d0 47 5a 50 1e f8 c2 60 76 52 |2\UR.`.GZP...`vR|
00000fd0 7d d3 c4 18 d4 81 82 b8 56 3a 37 b3 49 69 db 10 |}.......V:7.Ii..|
00000fe0 15 36 3a 35 e5 91 92 05 83 6a a4 28 7a 15 4b ba |.6:5.....j.(z.K.|
-00000ff0 58 ed 37 6a c8 06 52 cd dd 9c 52 88 42 b7 22 e6 |X.7j..R...R.B.".|
-00001000 3e 17 47 6f 5c 49 a7 a6 3c 52 b2 21 a9 2a 29 d9 |>.Go\I..<R.!.*).|
+00000ff0 58 ed 37 6a c8 06 52 cd 0d 55 2d 49 82 ec 01 0c |X.7j..R..U-I....|
+00001000 a1 09 4b cb 9d 93 93 f4 3c 52 b2 21 a9 2a 29 d9 |..K.....<R.!.*).|
00001010 86 d8 4b 3a d2 a8 f2 40 56 88 22 83 54 d7 9c 22 |..K:...@V.".T.."|
00001020 86 f5 2f 25 0a e8 ea ed 54 52 7a 82 69 dc 9b 42 |../%....TRz.i..B|
00001030 a7 a6 5c 52 b2 df 94 2a 29 55 30 e8 7d 0e 8e 15 |..\R...*)U0.}...|
@@ -509,8 +509,8 @@
00001fc0 da 70 52 76 5e e4 f0 92 4a 61 26 dd 45 6e b4 9c |.pRv^...Ja&.En..|
00001fd0 47 9a a1 fe 41 37 e9 da 73 27 3d 73 97 7b 3a b0 |G...A7..s'=s.{:.|
00001fe0 f2 fe 11 a3 49 51 a5 49 48 bf 6f 02 d2 bd 44 c5 |....IQ.IH.o...D.|
-00001ff0 f7 89 29 1e 69 66 80 4f 72 4f 27 83 67 45 95 7a |..).if.OrO'.gE.z|
-00002000 f3 88 cf 1a f4 35 ec 2d eb 36 98 f4 60 a3 39 48 |.....5.-.6..`.9H|
+00001ff0 f7 89 29 1e 69 66 80 4f 70 26 7b af da 20 52 d2 |..).if.Op&{.. R.|
+00002000 ad 7d 9a 01 ed e8 3e 91 eb 36 98 f4 60 a3 39 48 |.}....>..6..`.9H|
00002010 f5 ce 29 62 04 29 d9 3c c5 3b 15 22 43 ba 2e d0 |..)b.).<.;."C...|
00002020 27 0d b0 4d 8f b6 f9 27 c9 dc 7b c0 49 ed db 40 |'..M...'..{.I..@|
00002030 52 54 e1 04 52 3f 69 0e db b0 8c 21 4d 0d f4 49 |RT..R?i....!M..I|
@@ -765,8 +765,8 @@
00002fc0 ca 99 20 28 90 83 e2 8a 1a ef 79 3b a2 81 34 45 |.. (......y;..4E|
00002fd0 f5 8b d6 5a 87 f4 77 5f 31 03 69 53 a3 da 4e 96 |...Z..w_1.iS..N.|
00002fe0 bb f2 c9 66 b5 15 12 90 06 d2 6d 6a 7b 68 ce 02 |...f......mj{h..|
-00002ff0 d2 e0 92 a2 d6 7a f1 3e 2a dd 4f c1 d9 4b 55 3c |.....z.>*.O..KU<|
-00003000 3a b4 90 3a 52 c5 fd 27 ba 9e 47 56 22 3d 7f ee |:..:R..'..GV"=..|
+00002ff0 d2 e0 92 a2 d6 7a f1 3e 09 a6 20 4d 2f b3 be 0b |.....z.>.. M/...|
+00003000 39 da ee 10 ef 3d 3c 02 ba 9e 47 56 22 3d 7f ee |9....=<...GV"=..|
00003010 83 f0 93 22 7b 6a af 48 d4 97 b6 d4 1e 11 ac b0 |..."{j.H........|
00003020 38 1f 69 21 45 e8 11 51 4f aa 86 5c 64 21 d2 2f |8.i!E..QO..\d!./|
00003030 1f 32 07 29 42 eb 96 f2 ce 22 db a4 9c a9 36 6d |.2.)B...."....6m|
I use the tool on Debian Bookworm, running python3 v. 3.11.2 and the standard python3-msoffcrypto-tool package (v. 5.0.0-1). Any idea how this issue could be fixed?
TIA, Albrecht.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.