Skip to content

Instantly share code, notes, and snippets.

View Zenithar's full-sized avatar

Thibault NORMAND Zenithar

110 followers · 81 following
View GitHub Profile
@Zenithar
Zenithar / disable-ipv6.sh
Created June 16, 2020 09:40 — forked from kwilczynski/disable-ipv6.sh
Amazon Linux OS tweaks
#!/bin/bash
set -u
set -e
set -o pipefail
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
cat <<'EOF' > /etc/modprobe.d/blacklist-ipv6.conf
@Zenithar
Zenithar / Wannacrypt0r-FACTSHEET.md
Last active May 16, 2017 08:35 — forked from rain-1/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@Zenithar
Zenithar / fix.patch
Last active September 30, 2015 10:10 — forked from krobertson/fix.patch
AUR package vmware-patch patch for Workstation 11.1.2 with 4.2 kernel
commit 1fb71794b4d53d203fc64dc5d57baa5850991303
Author: Ken Robertson <ken@invalidlogic.com>
Date: Tue Sep 29 12:58:00 2015 -0700
Applied patches for Workstation 11.1.2 on 4.2 kernel.
Patches were taken from the VMware forums here:
https://communities.vmware.com/thread/517279