Skip to content

Instantly share code, notes, and snippets.

Zenexer / Parsec vuln 140-1
Last active February 15, 2018 02:58
Parsec CSRF vulnerability in version 140-1 and prior
View Parsec vuln 140-1

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

Zenexer / Disable Windows
Last active June 19, 2023 17:22
Permanently disable Windows Defender and other annoyances in Windows.
View Disable Windows


  • To disable a service, download Disable<Service>.reg and double-click to import. (Replace <Service> with the name of the service you want to disable.)
  • To re-enable a service, download Enable<Service>.reg and double-click to import. (Replace <Service> with the name of the service you want to enable.)

Note that if you save the files by copying them into a text editor, they may need to be saved with Windows-style line endings (\r\n).


Zenexer / authorized_keys
Last active March 7, 2022 17:07
My public keys, in OpenSSH format.
View authorized_keys
## BEGIN paul ##
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDqA95ZvPJJvrQYPC99ENK3gyAuT9f65IcGygT0icluYucZ9JU017gk/Qhw234PHTdt2ZzIrnC5Sju2ppX+b+oIrUtsc+QIF6lgkFVbv2ab6yvSJYkMWys08zygEmdr6ZfIq+1f92EXuSJ0M3tbRBnvmY4JxM1VBGeampNyMKddv2UgEEcjHMKQWlWrEc0syTQ7dLIHCaxqbRoy05+6jRrwyTgREQUh8RmBZJHKsHH73kHGla56ECrF5RWm1gDZToMZn+2aCJwMVqlB6VMEtHIF/1Xbv/akUCag8r7sbfz5GMtr5LdRPvULn/1z5LIGRVP7kAjU4Yr03OdqvfE9Nj8TtLCVigh7QJy8T2bCuplvcI1dvepI/5j9Xz2srB7m87puoM0rridJv1uIy3z0WrB5RHt6QeTQkT83+rrz7M9ejeBPxy6dQennJbWGC2YvgFmRTrNnZdtXArUN9GP/CACkHpk9JsrxmHZ2K/FqHR7/ezJrlloeZ4kCpYzQ9Vk7dobfR0m/fkDzU9iZQ1JpPem8ZMM5Rd/Mu0BmNHooyb9soxUcgBTGnESFDuCzGEZCCCnuYBDWh3G2vFcrCrrNBCTJ/N3iColHWLIqxGMU9l8iwpdY+Oyj5NSUFnOTSkQgRbzgo239zzcSigCUxuseD1up71ibZHW9fpreb39lEaROLQ== paul@0xA114C32065F79325
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFiz+mAZk9LIAjQwU4rf3v0qJApzzcQpbiriKVMSLP9v paul@0x5FE65994C25390B6
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAZrrtY2Z1nWaa65hwQmOXEnw/3AIZb3xJGCH8YLXvwp paul@mgmt
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbxRyayaQL9fCRlQicMwmHmW1