darconeous

Hacking the Rectangular Starlink Dishy Cable

These are are some notes I put together on butchering the rectangular dishy cable.

FOLLOW THESE GUIDELINES AT YOUR OWN RISK. I TAKE NO RESPONSIBILITY FOR ANY DAMAGE OR INJURY YOU SUSTAIN FROM FOLLOWING OR NOT FOLLOWING THESE GUIDELINES.

mutin-sa

Google Public NTP [AS15169]:

time.google.com

time1.google.com

time2.google.com

time3.google.com

roycewilliams

Rough summary of developing BadRabbit info
------------------------------------------

BadRabbit is locally-self-propagating ransomware (ransom: 0.05 BTC), spreading via SMB once inside. 
Requires user interaction.
Mostly targeting Russia and Ukraine so far, with a few others (Germany, Turkey, Bulgaria, Montenegro ...) 
Not globally self-propagating, but could be inflicted on selected targets on purpose.
May be part of same group targeting Ukraine generally (BACKSWING) (per FireEye)
Confirmed to use ETERNALROMANCE exploit, and same source code and build chain as NotPetya (per Talos)
Mitigations are similar to Petya/NotPetya resistance. An inoculation is also available (see below).

vulnersCom

#petya #petrWrap #notPetya

Win32/Diskcoder.Petya.C

Ransomware attack.

About

This gist was built by the community of the researchers and was scribed by Kir and Igor from the QIWI/Vulners. We are grateful for the help of all those who sent us the data, links and information. Together we can make this world a better place!

Gist updates

staaldraad

Get-EventLog -InstanceId 4776 -LogName "Security" | ForEach-Object {
  $sp = $_.message -split "`n" 
  $tmp = $sp | Select-String -Pattern 'RULER' 
  if($tmp.count -ge 1){
    Write-Host "Possible Ruler usage at: " $_.TimeGenerated
    $sp | Select-String -Pattern 'Logon Account:' | write-host
  }
}

tyranid

# Powershell script to bypass UAC on Vista+ assuming
# there exists one elevated process on the same desktop.
# Technical details in:
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html
# You need to Install-Module NtObjectManager for this to run.

Import-Module NtObjectManager

epixoip

8x Nvidia GTX 1080 Hashcat Benchmarks

Product: Sagitta Brutalis 1080 (PN S3480-GTX-1080-2697-128)

Software: Hashcat v3.00-beta-145-g069634a, Nvidia driver 367.18

Accelerator: 8x Nvidia GTX 1080 Founders Edition

Highlights

pkirkovsky

# Adapted from https://developers.yubico.com/ykneo-openpgp/ResetApplet.html
gpg-connect-agent <<EOF
/hex
scd serialno
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40

mattifestation

#region Scriptblocks that will execute upon alert trigger
$LateralMovementDetected = {
    $Event = $EventArgs.NewEvent

    $EventTime = [DateTime]::FromFileTime($Event.TIME_CREATED)

    $MethodName = $Event.MethodName
    $Namespace = $Event.Namespace
    $Object = $Event.ObjectPath
    $User = $Event.User

JonathanPorta

#!/bin/bash

set -e # bail on errors

# Make sure your shell history isn't saved
hsback=$HISTFILE
unset HISTFILE

echo "Enter you current PIN - leave blank if default:"
read oldpin