This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import requests | |
import tempfile | |
import subprocess | |
import json | |
def main(): | |
win64_request = requests.get("https://api.github.com/repos/log2timeline/l2tbinaries/contents/win64") | |
contents = json.loads(win64_request.text) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Get-WmiObject -Query "SELECT * FROM Win32_Product WHERE Name LIKE '%Python%'" | ForEach-Object { $_.Uninstall() } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Parse $O File | |
# Copyright Matthew Seyer 2018 | |
# Apache License Version 2 | |
# | |
# decode_objfile.py FILE [OUTPUT_TEMPLATE] | |
# | |
# Examples: | |
# Output JSON lines: | |
# python .\decode_objfile.py '$O' | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import struct | |
import datetime | |
import binascii | |
FILETIME = b"\x19\x81\xE5\xB2\x1F\xDB\xD3\x01" | |
class FileTime(datetime.datetime): | |
"""datetime.datetime object is immutable, so we will create a class to inherit | |
datetime.datetime so we can set a custom nanosecond. |