Skip to content

Instantly share code, notes, and snippets.

@frxstrem
frxstrem / http_proxy_connect.py
Last active March 11, 2024 04:37
Establish a socket connection through an HTTP proxy in Python.
'''
Establish a socket connection through an HTTP proxy.
Author: Fredrik Østrem <[email protected]>
License:
Copyright 2013 Fredrik Østrem
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
documentation files (the "Software"), to deal in the Software without restriction, including without
@WarFox
WarFox / ace_editor_in_bootstrap_3_container.html
Last active October 27, 2016 08:12
Ace Editor Embedding in Bootstrap 3 container
<!DOCTYPE html>
<html lang="en">
<head>
<title>ACE in Action</title>
<style type="text/css" media="screen">
#editor {
height: 300px;
}
</style>
</head>
@gbaman
gbaman / HowToOTG.md
Last active November 3, 2024 17:19
Simple guide for setting up OTG modes on the Raspberry Pi Zero

Raspberry Pi Zero OTG Mode

Simple guide for setting up OTG modes on the Raspberry Pi Zero - By Andrew Mulholland (gbaman).

The Raspberry Pi Zero (and model A and A+) support USB On The Go, given the processor is connected directly to the USB port, unlike on the B, B+ or Pi 2 B, which goes via a USB hub.
Because of this, if setup to, the Pi can act as a USB slave instead, providing virtual serial (a terminal), virtual ethernet, virtual mass storage device (pendrive) or even other virtual devices like HID, MIDI, or act as a virtual webcam!
It is important to note that, although the model A and A+ can support being a USB slave, they are missing the ID pin (is tied to ground internally) so are unable to dynamically switch between USB master/slave mode. As such, they default to USB master mode. There is no easy way to change this right now.
It is also important to note, that a USB to UART serial adapter is not needed for any of these guides, as may be documented elsewhere across the int

@Neo23x0
Neo23x0 / config-client.xml
Last active May 17, 2021 04:14
Sysmon Base Configuration - Workstations
<!--
This is a Microsoft Sysmon configuration to be used on Windows workstations
v0.2.1 December 2016
Florian Roth (with the help and ideas of others)
The focus of this configuration is
- malware detection (execution)
- malware detection (network connections)
- exploit detection
It is not focussed on
@Neo23x0
Neo23x0 / config-server.xml
Last active March 11, 2024 14:34
Sysmon Base Configuration - Windows Server
<!--
This is a Microsoft Sysmon configuation to be used on Windows server systems
v0.2.1 December 2016
Florian Roth
The focus of this configuration is
- hacking activity on servers / lateral movement (bad admin, attacker)
It is not focussed on
- malware detection (execution)
- malware detection (network connections)
@exp0se
exp0se / logparser.ps1
Created March 13, 2016 09:22
Logparser log parsing
# Logparser
###############
# Security Log
###############
# Find Event id
& 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'"
#!/bin/bash
#requirements:
#sha1sum (part of coreutils)
#xxd (part of vim)
#https://github.com/socram8888/ulread
#https://github.com/socram8888/amiitool
#put ulread, ulwrite and amiitool in the same directory as this script
if [ $# -ne 2 ]
@jbfuzier
jbfuzier / gist:7ee6ecdb716f8bb69c8555b437abef08
Created February 13, 2017 17:32
Python Timezone conversion
from dateutil import tz
tzone = tz.gettz('Europe/Paris')
utc = tz.gettz('UTC')
# Make datetime object timezone aware
datetime_local = datetime_local.replace(tzinfo=tzone)
# Do the timezone change
date_utc = datetime_local.astimezone(utc)

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@marcan
marcan / smbloris.c
Last active November 22, 2022 08:32
SMBLoris attack proof of concept
/* SMBLoris attack proof-of-concept
*
* Copyright 2017 Hector Martin "marcan" <marcan@marcan.st>
*
* Licensed under the terms of the 2-clause BSD license.
*
* This is a proof of concept of a publicly disclosed vulnerability.
* Please do not go around randomly DoSing people with it.
*
* Tips: do not use your local IP as source, or if you do, use iptables to block