2025-04-19 15:21:27 +00:00
35 changed files with 49 additions and 73853 deletions
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/Book1_Foundations.xlsm
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/Book1_Foundations.xlsm
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/GruntHTTP-vba-stager.txt
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/GruntHTTP-vba-stager.txt
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/GruntHTTP.exe
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/GruntHTTP.exe
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/Readme.md
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/Readme.md
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/Simulator/enable_content.png
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/Simulator/enable_content.png
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/Simulator/requirements.txt
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/Simulator/requirements.txt
--- a/2-1-initial-access-malware/Simulator/simulator.py
+++ b/2-1-initial-access-malware/Simulator/simulator.py
@ -0,0 +1,49 @@
 import os
 import sys
 import time
 import pyautogui
 def open_excel_with_macros(file_path):
    # Get the directory of the current script/executable
    base_path = getattr(sys, '_MEIPASS', os.path.dirname(os.path.abspath(__file__)))
    enable_button_image = os.path.join(base_path, 'enable_content.png')
    # Open Excel through the OS start menu or command line
    os.startfile(file_path)
    time.sleep(5)  # Wait for Excel to open
    # Custom timeout mechanism to locate the 'Enable Content' button
    timeout = 10  # 10 seconds timeout
    start_time = time.time()
    enable_button = None
    while (time.time() - start_time) < timeout:
        enable_button = pyautogui.locateCenterOnScreen(enable_button_image, confidence=0.8)
        if enable_button:
            pyautogui.click(enable_button)
            break
        time.sleep(1)  # Check every 1 second
    if not enable_button:
        print("Enable Content button not found, continuing...")
    # Wait for any macros to finish running or other processing
    time.sleep(10)  # Adjust time based on expected macro execution time
    # Close Excel without saving
    pyautogui.hotkey('alt', 'f4')
    time.sleep(1)
    pyautogui.press('n')  # Press 'n' in response to Excel's save prompt
 def main():
    directory = r'C:\Users\mariu\Desktop\Corpus'  # Adjust the path to your files
    files = os.listdir(directory)
    excel_files = [file for file in files if file.endswith(('.xlsx', '.xlsm'))]
    for file in excel_files:
        full_path = os.path.join(directory, file)
        open_excel_with_macros(full_path)
        time.sleep(5)  # Adjust as needed between openings
 if __name__ == '__main__':
    main()
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/corpus_builder/agentic_corpus_generator.ps1
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/corpus_builder/agentic_corpus_generator.ps1
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/corpus_builder/create_macro_xls.ps1
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/corpus_builder/create_macro_xls.ps1
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/corpus_builder/macro.vbs
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/corpus_builder/macro.vbs
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/corpus_builder/new_workbook_3.xlsm
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/corpus_builder/new_workbook_3.xlsm
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/corpus_builder/template.xlsx
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/corpus_builder/template.xlsx
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/file.exe
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/file.exe
--- a/2-2-adversary-emulation-and-training-data-generation/Sysmon_Observations
+++ b/2-2-adversary-emulation-and-training-data-generation/Sysmon_Observations
--- a/2-2-adversary-emulation-and-training-data-generation/data_sources_new_3.json
+++ b/2-2-adversary-emulation-and-training-data-generation/data_sources_new_3.json
--- a/2-2-adversary-emulation-and-training-data-generation/sysmon_layer.yaml
+++ b/2-2-adversary-emulation-and-training-data-generation/sysmon_layer.yaml
--- a/2-2-adversary-emulation-and-training-data-generation/sysmon_observations.xlsx
+++ b/2-2-adversary-emulation-and-training-data-generation/sysmon_observations.xlsx
--- a/2-2-adversary-emulation-and-training-data-generation/sysmonconfig-export.xml
+++ b/2-2-adversary-emulation-and-training-data-generation/sysmonconfig-export.xml
--- a/2-3-2-open-source-deep-learning-models-for-encoding-taks/Comparison_of_Encoder_Models.ipynb
+++ b/2-3-2-open-source-deep-learning-models-for-encoding-taks/Comparison_of_Encoder_Models.ipynb
--- a/2-5-automated-machine-learning-with-gp/TPOT_Foundations.ipynb
+++ b/2-5-automated-machine-learning-with-gp/TPOT_Foundations.ipynb
--- a/2-5-automated-machine-learning-with-gp/corpus_foundations_thesis.zip
+++ b/2-5-automated-machine-learning-with-gp/corpus_foundations_thesis.zip
--- a/2-5-automated-machine-learning-with-gp/new_workbook_13.xlsm
+++ b/2-5-automated-machine-learning-with-gp/new_workbook_13.xlsm
--- a/2-5-automated-machine-learning-with-gp/new_workbook_13_EvilClippy.xlsm
+++ b/2-5-automated-machine-learning-with-gp/new_workbook_13_EvilClippy.xlsm
--- a/3-2-test-corpus-initial-access-mw-and-3-3-simulator/Simulator/simulator.py
+++ b/3-2-test-corpus-initial-access-mw-and-3-3-simulator/Simulator/simulator.py
@ -1,80 +0,0 @@
 import os
 import sys
 import time
 import pyautogui
 import win32gui
 import win32con
 def close_cmd_window():
    def enum_windows_callback(hwnd, result):
        window_title = win32gui.GetWindowText(hwnd).lower()
        if (win32gui.IsWindowVisible(hwnd) and 
            'cmd.exe' in window_title and 
            'Anaconda' not in window_title):
            win32gui.PostMessage(hwnd, win32con.WM_CLOSE, 0, 0)
    win32gui.EnumWindows(enum_windows_callback, None)
 def close_excel_without_saving():
    pyautogui.hotkey('alt', 'f4')
    time.sleep(1)
    # Try to locate and click the "Don't Save" button
    try:
        dont_save_button = pyautogui.locateOnScreen('dont_save_button.png', confidence=0.8)
        if dont_save_button:
            pyautogui.click(dont_save_button)
            print("Clicked 'Don't Save' button")
        else:
            print("Save dialogue not found, Excel may have closed without prompting")
    except pyautogui.ImageNotFoundException:
        print("Save dialogue not found, Excel may have closed without prompting")
 def open_excel_with_macros(file_path):
    # Get the directory of the current script/executable
    base_path = getattr(sys, '_MEIPASS', os.path.dirname(os.path.abspath(__file__)))
    enable_button_image = os.path.join(base_path, 'enable_content.png')
    # Open Excel through the OS start menu or command line
    os.startfile(file_path)
    time.sleep(5)  # Wait for Excel to open
    # Custom timeout mechanism to locate the 'Enable Content' button
    timeout = 10  # 10 seconds timeout
    start_time = time.time()
    enable_button = None
    while (time.time() - start_time) < timeout:
        try:
            enable_button = pyautogui.locateCenterOnScreen(enable_button_image, confidence=0.8)
            if enable_button:
                pyautogui.click(enable_button)
                break
        except pyautogui.ImageNotFoundException:
            pass
        time.sleep(1)  # Check every 1 second
    if not enable_button:
        print("Enable Content button not found, continuing...")
    # Wait for any macros to finish running or other processing
    time.sleep(10)  # Adjust time based on expected macro execution time
    # Close Excel without saving
    close_excel_without_saving()
    # Close any cmd.exe windows that might have opened, except Anaconda prompt
    close_cmd_window()
 def main():
    directory = r'C:\Users\student\Desktop\Corpus'  # Adjust the path to your files
    files = os.listdir(directory)
    excel_files = [file for file in files if file.endswith(('.xlsx', '.xlsm'))]
    for file in excel_files:
        full_path = os.path.join(directory, file)
        open_excel_with_macros(full_path)
        time.sleep(5)  # Adjust as needed between openings
 if __name__ == '__main__':
    main()
--- a/3-3-security-and-performance-log-analysis-sw/Elasticsearch-Pandas-vs-Polars-May-15-2024.ipynb
+++ b/3-3-security-and-performance-log-analysis-sw/Elasticsearch-Pandas-vs-Polars-May-15-2024.ipynb
--- a/4-5-attention-based-log-similarity-clustering-with-faiss/Log-Similarity-Clustering-FAISS.ipynb
+++ b/4-5-attention-based-log-similarity-clustering-with-faiss/Log-Similarity-Clustering-FAISS.ipynb
--- a/4-5-attention-based-log-similarity-clustering-with-faiss/log_tokenizer.json
+++ b/4-5-attention-based-log-similarity-clustering-with-faiss/log_tokenizer.json
--- a/2-3-2-open-source-deep-learning-models-for-encoding-taks/Comparison_of_Encoder_Models_LongFormer_and_Linformer.ipynb
+++ b/2-3-2-open-source-deep-learning-models-for-encoding-taks/Comparison_of_Encoder_Models_LongFormer_and_Linformer.ipynb
--- a/2-6-1-elasticsearch-api-access-polars/Elasticsearch.ipynb
+++ b/2-6-1-elasticsearch-api-access-polars/Elasticsearch.ipynb
--- a/README.md
+++ b/README.md
@ -1,5 +0,0 @@
 [![DOI](https://zenodo.org/badge/744004649.svg)](https://zenodo.org/doi/10.5281/zenodo.13208293)
 # Master Thesis: Development and Evaluation of Software for Forensic Log-Analysis Using Machine Learning and Genetic Programming
--- a/dependencies/install.sh
+++ b/dependencies/install.sh
@ -6,10 +6,6 @@ if [ -d "/content" ]; then
  echo "Installing dependencies"
  pip install -r "https://raw.githubusercontent.com/norandom/log2ml/main/dependencies/requirements.gpu.txt"
  # https://docs.rapids.ai/deployment/stable/platforms/colab/
  git clone https://github.com/rapidsai/rapidsai-csp-utils.git
  python rapidsai-csp-utils/colab/pip-install.py
 else
  echo "This does not appear to be a Google Colab environment."
 fi
--- a/dependencies/install_cpu.sh
+++ b/dependencies/install_cpu.sh
@ -1,13 +0,0 @@
 #!/usr/bin/env bash
 if [[ "$(uname)" == "Darwin" ]] || [[ "$(uname)" == "Linux" ]]; then
  echo "The CPU installation is starting (macOS, Linux)."
  echo "Installing dependencies"
  pip install -r "https://raw.githubusercontent.com/norandom/log2ml/main/dependencies/requirements.cgpu.txt"
  echo "cuML will not be installed."
 else
  echo "This does not appear to be a CPU environment."
 fi
--- a/dependencies/requirements.cpu.txt
+++ b/dependencies/requirements.cpu.txt
@ -1,29 +0,0 @@
 openai==1.13.3
 langchain==0.1.10
 python-dotenv==1.0.1
 tiktoken==0.6.0
 langchain_openai==0.0.8
 langchain_experimental==0.0.53
 langchainhub==0.1.14
 ipywidgets
 transformers==4.39.0
 torch==2.2.1+cpu
 torchvision==0.17.1+cpu
 torchaudio==2.2.1+cpu
 sentence-transformers==2.5.1
 faiss_cpu==1.8.0
 linformer-pytorch==0.19.3
 PyGithub==2.3.0
 deap==1.4.1
 update_checker==0.18.0
 scikit-mdr==0.4.5
 skrebate==0.62
 xgboost==2.0.3
 stopit==1.1.2
 tpot==0.12.2
 umap-learn==0.5.6
 tabulate==0.9.0
 onnx==1.16.1
 skl2onnx==1.17.0
 protobuf==3.20.3
 dill==0.3.8
--- a/dependencies/requirements.gpu.txt
+++ b/dependencies/requirements.gpu.txt
@ -22,8 +22,3 @@ xgboost==2.0.3
 stopit==1.1.2
 tpot==0.12.2
 umap-learn==0.5.6
 tabulate==0.9.0
 onnx==1.16.1
 skl2onnx==1.17.0
 protobuf==3.20.3
 dill==0.3.8
--- a/workbench/LinFormer_AutoML_on_AE_sysmon_dataset_(Excel_implant_C2).ipynb
+++ b/workbench/LinFormer_AutoML_on_AE_sysmon_dataset_(Excel_implant_C2).ipynb
		`@ -1,5 +0,0 @@`
			`[![DOI](https://zenodo.org/badge/744004649.svg)](https://zenodo.org/doi/10.5281/zenodo.13208293)`


			`# Master Thesis: Development and Evaluation of Software for Forensic Log-Analysis Using Machine Learning and Genetic Programming`