Skip to content

Instantly share code, notes, and snippets.

View keltia's full-sized avatar

Ollivier Robert keltia

View GitHub Profile
@dlangille
dlangille / 01 - the plan
Last active May 22, 2017 02:10
Description of a centralized LetsEncrypt strategy
I'm basing this on https://blog.crashed.org/letsencrypt-in-freebsd-org/
I'll create a new jail: certs.int.unixathome.org

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@bortzmeyer
bortzmeyer / atom-mastodon-jq.md
Created May 2, 2017 13:08
A complicated and useless method to get the Atom feed of a Mastodon user

[Yes, I know there is a far simpler method.]

 curl -s 'https://mastodon.gougere.fr/.well-known/[email protected]' | \
     jq '.links[] | if (.type == "application/atom+xml") then .href else "" end'
""
"https://mastodon.gougere.fr/users/bortzmeyer.atom"
""
""
""
Date : 2017-02-26
macOS Sierra 10.12.3
Installer homebrew
------------------
Site de Homebrew : https://brew.sh/index_fr.html
curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install -o install_homebrew
/usr/bin/ruby install_homebrew
@alirobe
alirobe / reclaimWindows10.ps1
Last active July 31, 2025 14:21
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
###
###
### UPDATE: For Win 11, I recommend using this tool in place of this script:
### https://christitus.com/windows-tool/
### https://github.com/ChrisTitusTech/winutil
### https://www.youtube.com/watch?v=6UQZ5oQg8XA
### iwr -useb https://christitus.com/win | iex
###
### OR take a look at
### https://github.com/HotCakeX/Harden-Windows-Security

There are definitely better ways to do this. The named parameter version is much better in my opinion, the shortcode is easier to write but this should work for both.

Create a file named wp.html (this will be the name of the shortcode) and put it in hugo\layouts\shortcodes\.

{{ if .IsNamedParams }}
  {{ $.Scratch.Set "wp_tag" (.Get "tag") }}
  {{ with .Get "lang" }}
    {{ $.Scratch.Set "wp_lang" . }}
  {{ else }}
@renchap
renchap / README.md
Last active February 14, 2025 13:25
One-line certificate generation/renews with Letsencrypt and nginx

Prerequisites : the letsencrypt CLI tool

This method allows your to generate and renew your Lets Encrypt certificates with 1 command. This is easily automatable to renew each 60 days, as advised.

You need nginx to answer on port 80 on all the domains you want a certificate for. Then you need to serve the challenge used by letsencrypt on /.well-known/acme-challenge. Then we invoke the letsencrypt command, telling the tool to write the challenge files in the directory we used as a root in the nginx configuration.

I redirect all HTTP requests on HTTPS, so my nginx config looks like :

server {
@xrstf
xrstf / letsencrypt.md
Last active October 30, 2024 07:03
Let's Encrypt on Ubuntu 14.04, nginx with webroot auth

Let's Encrypt on Ubuntu 14.04, nginx with webroot auth

This document details how I setup LE on my server. Firstly, install the client as described on http://letsencrypt.readthedocs.org/en/latest/using.html and make sure you can execute it. I put it in /root/letsencrypt.

As it is not possible to change the ports used for the standalone authenticator and I already have a nginx running on port 80/443, I opted to use the webroot method for each of my domains (note that LE does not issue wildcard certificates by design, so you probably want to get a cert for www.example.com and example.com).

Configuration

For this, I placed config files into etc/letsencrypt/configs, named after <domain>.conf. The files are simple:

@jpillora
jpillora / go-get-gitlab-ssh-nginx
Created May 10, 2015 08:38
Go get Gitlab ssh paths with nginx
location / {
## check for goget AND /namespace/project
if ($args ~* "^go-get=1") {
set $condition goget;
}
if ($uri ~ ^/([a-zA-Z0-9_-]+)/([a-zA-Z0-9_-]+)$) {
set $condition "${condition}path";
}
if ($condition = gogetpath) {
return 200 "<!DOCTYPE html><html><head><meta content='git.axon$uri git ssh://[email protected]:2200$uri.git' name='go-import'></head></html>";
@pr1ntf
pr1ntf / iohyve.sh
Last active October 13, 2021 11:03
iohyve v0.2.5 -- bhyve manager based on iocage for FreeBSD
#!/bin/sh
# iohyve v0.2.5 2015/05/06 "ALL HAIL LINUS edition"
# Process command line
__parse_cmd () {
while [ $# -gt 0 ] ; do
case "$1" in
version) __version
exit