Skip to content

Instantly share code, notes, and snippets.

View AdrianKoshka's full-sized avatar
🦉
Focusing

Adrian Lucrèce Céleste AdrianKoshka

🦉
Focusing
51 followers · 26 following
View GitHub Profile
@rauchg
rauchg / README.md
Last active January 6, 2024 07:19
require-from-twitter
@professorjamesmoriarty
professorjamesmoriarty / puu
Created April 28, 2016 23:56
#!/bin/sh
# Set $PUUSH_API_KEY to your key and export it.
# The key is found on <http://puush.me/account/settings>.
if [ -z "$PUUSH_API_KEY" ]; then
echo "puu: please export api key" 1>&2
exit 1
fi
for file in "$@"; do
@bitjockey42
bitjockey42 / Ubuntu 16.04 systemd-boot.md
Last active September 25, 2019 10:07
Ubuntu 16.04 using systemd-boot instead of grubby

You do not need a separate /boot partition unless you have an LVM setup (used in dm-crypt setups).

Run ubiquity -b to open the installer with the option of skipping grub installation (since we're using systemd-boot).

When you get to the screen "Ubuntu has finished installation" choose Continue testing.

Open a Terminal.

Chroot into the new system.

@acepace
acepace / rol.im-securegoldenkeyboot
Last active March 25, 2021 00:29
Secure Golden Key Boot: (MS16-094 / CVE-2016-3287 and MS16-100/ CVE-2016-332)
| |
| a w r i t e u p r e l e a s e b y r o l |
| ________ ___ ________ ________ |
| <_ __ \/ \/ \/ ____ \ |
| T T<___/\___/\_ /\ _/\ \__j _/ |
| | | T T T / \ T__\____ T |
| | | | | | \ / |T T T | |
| l__j_____l___j_l__><__j| | | | |
| T _______ T | ___j | l___j | |
| | T __T |_j l_______l________j |
@dAnjou
dAnjou / _.md
Last active November 14, 2023 11:49
Automatically unlock KeePass database with GNOME Keyring

(Tested with KeePassXC on Fedora 25)

By default when using GNOME Keyring you have a keyring that is unlocked when you log in (usually called "Login"). You can make use of that by storing a KeePass database password in this keyring and using it to automatically unlock your KeePass database.

Store the KeePass database password in GNOME Keyring. You'll have to set a label and at least one attribute/value pair. The label is displayed in a GNOME keyring manager (e.g. Seahorse), the attribute/value pair should be a unique identifier because it's needed for the lookup. I suggest to use keepass as attribute and the database name as value (make sure it doesn't contain any spaces).

secret-tool store --label="KeePass <database_name>" keepass <database_name>

Then create a script to launch and immediately unlock your KeePass database.

@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active March 10, 2024 11:03 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@AdrianKoshka
AdrianKoshka / gist:14bdc1638138dc941738f16d1265e7a7
Created May 25, 2017 04:03
#!ipxe
kernel http://example.com/linux initrd=initrd.gz auto url=http://example.com/preseed.cfg
initrd http://example.com/initrd.gz
boot
@mattifestation
mattifestation / FileReadPrimitive.ps1
Last active June 12, 2023 16:33
A WMI file content read primitive - ROOT/Microsoft/Windows/Powershellv3/PS_ModuleFile
$CimSession = New-CimSession -ComputerName 10.0.0.2
$FilePath = 'C:\Windows\System32\notepad.exe'
# PS_ModuleFile only implements GetInstance (versus EnumerateInstance) so this trick below will force a "Get" operation versus the default "Enumerate" operation.
$PSModuleFileClass = Get-CimClass -Namespace ROOT/Microsoft/Windows/Powershellv3 -ClassName PS_ModuleFile -CimSession $CimSession
$InMemoryModuleFileInstance = New-CimInstance -CimClass $PSModuleFileClass -Property @{ InstanceID= $FilePath } -ClientOnly
$FileContents = Get-CimInstance -InputObject $InMemoryModuleFileInstance -CimSession $CimSession
$FileLengthBytes = $FileContents.FileData[0..3]
[Array]::Reverse($FileLengthBytes)
@mainframed
mainframed / until_nmap.sh
Created October 18, 2017 04:46
#!/bin/bash
# Nmap can crash when scanning large ranges
# To use this script, start your scan with whatever
# nmap options you want making sure you use -oA <filename>
# or -oG <filename> (you need the gnmap file) then cancel
# the scan. replace <filename> below and run this script.
# It will also record when it failed to a file called failed.txt
until nmap --resume <filename>.gnmap
@Rurik
Rurik / parse_procmon_filters.py
Last active December 5, 2021 16:55
Quick tool to find and extract filters from Procmon configuration files
# Procmon Rule Parser v0.02
# Brian Baskin - @bbaskin
# Reads default rules from an exported Procmon Configuration (.PMC) or Procmon Filter (.PMF) file
# Example output:
"""
12:09:59-bbaskin@~/Development/Noriben$ python parse_procmon_filters.py -f ProcmonConfiguration.pmc
[Exclude] Process Name is Procmon64.exe
[Exclude] Operation is QueryStandardInformationFile
[Exclude] Operation is RegOpenKey
[Exclude] Operation is NotifyChangeDirectory