Skip to content

Instantly share code, notes, and snippets.

View Spacial's full-sized avatar
🐶
learning

Spacial Spacial

🐶
learning
122 followers · 92 following
  • void
View GitHub Profile
@x0rz
x0rz / fake_sandbox.ps1
Created April 14, 2016 13:56
# Simulate fake processes of analysis sandbox/VM that some malware will try to evade
# This just spawn ping.exe with different names (wireshark.exe, vboxtray.exe, ...)
# It's just a PoC and it's ugly as f*ck but hey, if it works...
# Usage: .\fake_sandbox.ps1 -action {start,stop}
param([Parameter(Mandatory=$true)][string]$action)
$fakeProcesses = @("wireshark.exe", "vmacthlp.exe", "VBoxService.exe",
"VBoxTray.exe", "procmon.exe", "ollydbg.exe", "vmware-tray.exe",
@jiahao
jiahao / nrules.svg
Last active May 17, 2022 08:30
What do .gitignore files tell us about the inherent complexity of programming languages? This gist can be run on data from GitHub's own collection of gitignore templates, whose repository is at https://github.com/github/gitignore, and counts how many rules are present in the template for each programming language.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@hernamesbarbara
hernamesbarbara / Principles-of-Adult-Behavior.md
Created June 22, 2016 18:54

Principles of Adult Behavior

  1. Be patient. No matter what.
  2. Don’t badmouth: Assign responsibility, not blame. Say nothing of another you wouldn’t say to him.
  3. Never assume the motives of others are, to them, less noble than yours are to you.
  4. Expand your sense of the possible.
  5. Don’t trouble yourself with matters you truly cannot change.
  6. Expect no more of anyone than you can deliver yourself.
  7. Tolerate ambiguity.
  8. Laugh at yourself frequently.
@Manouchehri
Manouchehri / rfc3161.txt
Last active May 7, 2025 17:06
List of free rfc3161 servers.
https://rfc3161.ai.moda
https://rfc3161.ai.moda/adobe
https://rfc3161.ai.moda/microsoft
https://rfc3161.ai.moda/apple
https://rfc3161.ai.moda/any
http://rfc3161.ai.moda
http://timestamp.digicert.com
http://timestamp.globalsign.com/tsa/r6advanced1
http://rfc3161timestamp.globalsign.com/advanced
http://timestamp.sectigo.com
@Arinerron
Arinerron / root.sh
Last active June 10, 2024 17:35
"Root" via dirtyc0w privilege escalation exploit (automation script) / Android (32 bit)
#!/bin/bash
# Give the usual warning.
clear;
echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds...";
sleep 10;
clear;
# Download and extract exploit files.
echo "[INFO] Downloading exploit files from GitHub...";
@dustinkirkland
dustinkirkland / hackernews.py
Created April 6, 2017 15:28
Fetch a HackerNews article and all comments into a JSON document
#!/usr/bin/python3
# hackernews.py - fetch a hackernews article and comments into a json doc
# Copyright (C) 2017 Dustin Kirkland
#
# Author: Dustin Kirkland
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
anonymous
anonymous / dump.csv
Created April 8, 2017 21:24
Parsed out compromised hosts from #ShadowBrokers
ID Host IP Address Year Month Day Implant Version OS
PITCHIMPAIR ns1.youngdong.ac.kr 202.30.58.5 1969 12 31 INCISION 1.1.2.1 hppa2.0w-hp-hpux11.00
INTONATION tx.micro.net.pk 203.135.2.194 2000 8 17 JACKLADDER 2.0 sparc-sun-solaris2.7
INTONATION hakuba.janis.or.jp 210.232.42.3 2000 8 22 JACKLADDER 2.0 sparc-sun-solaris2.6
INTONATION mail.interq.or.jp 210.157.0.87 2000 8 24 JACKLADDER 2.0 sparc-sun-solaris2.6
INTONATION mx1.freemail.ne.jp 210.235.164.21 2000 8 28 JACKLADDER ? i386-pc-solaris2.7
INTONATION webnetra.entelnet.bo 166.114.10.28 2000 8 30 JACKLADDER 2.0 sparc-sun-solaris2.6
INTONATION opcwdns.opcw.nl 195.193.177.150 2000 9 6 JACKLADDER 2.0 sparc-sun-solaris2.6
INTONATION rayo.pereira.multi.net.co 206.49.164.2 2000 9 20 JACKLADDER 2.0 sparc-sun-solaris2.6
INTONATION most.cob.net.ba 195.222.48.5 2000 9 21 JACKLADDER 2.0 sparc-sun-solaris2.6
@aparrish
aparrish / understanding-word-vectors.ipynb
Last active May 8, 2025 14:50
Understanding word vectors: A tutorial for "Reading and Writing Electronic Text," a class I teach at ITP. (Python 2.7) Code examples released under CC0 https://creativecommons.org/choose/zero/, other text released under CC BY 4.0 https://creativecommons.org/licenses/by/4.0/
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@villares
villares / GameOfLife.pyde
Created May 9, 2017 01:40
"""
A Processing implementation of Game of Life By Joan Soler-Adillon
Press SPACE BAR to pause and change the cell's values with the mouse
On pause, click to activate/deactivate cells
Press R to randomly reset the cells' grid
Press C to clear the cells' grid
The original Game of Life was created by John Conway in 1970.
"""
@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active March 30, 2025 17:12 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru