Skip to content

Instantly share code, notes, and snippets.

View HacKanCuBa's full-sized avatar
⛷️
Also in gitlab.com/hackancuba

Iván || HacKan HacKanCuBa

⛷️
Also in gitlab.com/hackancuba
60 followers · 50 following
View GitHub Profile
@Neo23x0
Neo23x0 / nmap-cmdline
Last active March 19, 2020 17:10
Nmap Scan Params for CVE-2017-0143 MS17-010 Scanning
# Scan for CVE-2017-0143 MS17-010
# The vulnerability used by WannaCry Ransomware
#
# 1. Use @calderpwn's script
# http://seclists.org/nmap-dev/2017/q2/79
#
# 2. Save it to Nmap NSE script directory
# Linux - /usr/share/nmap/scripts/ or /usr/local/share/nmap/scripts/
# OSX - /opt/local/share/nmap/scripts/
#
@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active March 10, 2024 11:03 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@atoponce
atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active March 19, 2024 17:24 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

@xinomilo
xinomilo / find-https-debian-archives.py
Last active December 20, 2017 01:17 — forked from eighthave/find-https-debian-archives.py
Script to find official Debian mirrors that support HTTPS
#!/usr/bin/python
import urllib2
import re
import ssl
import sys
# # find generic mirrors
mirrors = urllib2.urlopen('https://www.debian.org/mirror/list')
https = []
@joepie91
joepie91 / vpn.md
Last active April 16, 2024 20:11
Don't use VPN services.

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

  • A Russian translation of this article can be found here, contributed by Timur Demin.
  • A Turkish translation can be found here, contributed by agyild.
  • There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
@mndrix
mndrix / base32-padding.go
Created November 2, 2015 21:54
Add padding characters to base32 encoded data
package main
import (
"encoding/base32"
"fmt"
"strings"
)
func main() {
data := "2246b2egzcc3ktvvoklo5cvzh4"
@kodekracker
kodekracker / gunicorn.py
Created September 10, 2015 07:47
A config file of gunicorn(http://gunicorn.org/) contains fundamental configuration.
# -*- coding: utf-8 -*-
# Gunicorn(v19.3) Configuration File
# Reference - http://docs.gunicorn.org/en/19.3/settings.html
#
# To run gunicorn by using this config, run gunicorn by passing
# config file path, ex:
#
# $ gunicorn --config=gunicorn.py MODULE_NAME:VARIABLE_NAME
#
@grugq
grugq / gist:03167bed45e774551155
Last active April 6, 2024 10:12
operational pgp - draft

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.

@stbuehler
stbuehler / bma2otp.rb
Created January 25, 2014 14:10
Decode the Battle.net Mobile Authenticator (android) secret data into an otpauth url. Requires a way to access the private data of the application (i.e. a rooted android).
#!/usr/bin/ruby
# REQUIRES:
# * rooted android, as otherwise you can't read the applications private data
# * to display the qr code "qrencode" (http://fukuchi.org/works/qrencode/)
# and "display" from ImageMagick
# This script "decrypts" the token from the internal state of the
# Battle.net Mobile Authenticator on android application, converting
# it into an "otpauth" url (https://code.google.com/p/google-authenticator/wiki/KeyUriFormat)
@sloria
sloria / bobp-python.md
Last active April 4, 2024 12:45
A "Best of the Best Practices" (BOBP) guide to developing in Python.

The Best of the Best Practices (BOBP) Guide for Python

A "Best of the Best Practices" (BOBP) guide to developing in Python.

In General

Values

  • "Build tools for others that you want to be built for you." - Kenneth Reitz
  • "Simplicity is alway better than functionality." - Pieter Hintjens