Magno Logan magnologan

Free O'Reilly books and convenient script to just download them.

Thanks /u/FallenAege/ and /u/ShPavel/ from this Reddit post

How to use:

Take the download.sh file and put it into a directory where you want the files to be saved.
cd into the directory and make sure that it has executable permissions (chmod +x download.sh should do it)
Run ./download.sh and wee there it goes. Also if you do not want all the files, just simply comment the ones you do not want.

Kubectl output options

Let's look at some basic kubectl output options.

Our intention is to list nodes (with their AWS InstanceId) and Pods (sorted by node).

We can start with:

kubectl get no

Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

Let's remove any old versions of Docker if they exist:

sudo yum remove docker \
                  docker-common \
                  docker-selinux \
                  docker-engine

	# If you hardcode usernames and passwords, you cannot check in the code to public git repositories.
	# A solution I am using is to create a `credentials.json` file and storing the password there
	# cerdentials.json :
	# {
	# "user":"bharath",
	# "password":"bharath_secret_password"
	# }
	#
	# add this file to .gitignore
	#

	# 2017 - @leonjza
	#
	# Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC
	# Full bug description: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

	# Usage example:
	#
	# List available posts:
	#
	# $ python inject.py http://localhost:8070/

	#! /usr/bin/env python

	"""
	Technical Explanation: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
	REST API Wordpress reference: https://developer.wordpress.org/rest-api/reference/posts/#update-a-post
	Wordpress Version Affected: 4.7.0/4.7.1

	2017 - Coded by snoww0lf.
	"""
	import re

	From: http://redteams.net/bookshelf/
	Techie

	Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
	Social Engineering: The Art of Human Hacking by Christopher Hadnagy
	Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
	The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
	Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
	Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
	The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors