⚠️ Note 2023-01-21
Some things have changed since I originally wrote this in 2016. I have updated a few minor details, and the advice is still broadly the same, but there are some new Cloudflare features you can (and should) take advantage of. In particular, pay attention to Trevor Stevens' comment here from 22 January 2022, and Matt Stenson's useful caching advice. In addition, Backblaze, with whom Cloudflare are a Bandwidth Alliance partner, have published their own guide detailing how to use Cloudflare's Web Workers to cache content from B2 private buckets. That is worth reading,
<# | |
The purpose of this script is to attempt to set off alarms on security products. | |
#> | |
function Get-RandomString { | |
# Get-RandomString.ps1 | |
# Written by Bill Stewart (bstewart@iname.com) | |
#requires -version 2 |
id,status,publishdate,contributor,definition,type,NIST800-53rev,control,NIST800-53rev,control,NIST800-53rev,control | |
CCI-001545,draft,2010-05-11,DISA FSO,The organization defines a frequency for reviewing and updating the access control policy.,policy,4,AC-1 b 1,3,AC-1 a,1,AC-1.2 (i) | |
CCI-001546,draft,2010-05-11,DISA FSO,The organization defines a frequency for reviewing and updating the access control procedures.,policy,4,AC-1 b 2,3,AC-1 b,1,AC-1.2 (iii) | |
CCI-000001,draft,2009-05-13,DISA FSO,"The organization develops an access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.",policy,4,AC-1 a 1,3,AC-1 a,1,AC-1.1 (i and ii) | |
CCI-000004,draft,2009-05-13,DISA FSO,The organization develops procedures to facilitate the implementation of the access control policy and associated access controls.,policy,4,AC-1 a 2,3,AC-1 b,1,AC-1.1 (iv and v) | |
CCI-000002,draft,2009-09-14,DISA FSO,The organization disseminates the ac |
This gist was essentially created out of my own rant about Netflix being hostile to IPv6 tunnel services since June 2016. You are welcome to read my opinion on the matter, this is the more technical side to the issue and how to combat it within your own network.
Since I wrote this, various GitHub users have contributed their thoughts and ideas which has been incorporated into this gist. Thank you to everyone who have contributed their own methods and implementations.
Netflix now treats IPv6 tunnel brokers (such as Hurricane Electric) as proxy servers. A while ago it became apparent to users and Netflix that somewhat by accident, IPv6 tunnel users were being served content outside of their geolocation because of the way Netflix was identifyi
#! /usr/bin/python | |
print "\n*********************************************************************" | |
print "Cisco IOU License Generator - Kal 2011, python port of 2006 C version" | |
import os | |
import socket | |
import hashlib | |
import struct | |
# get the host id and host name to calculate the hostkey | |
hostid=os.popen("hostid").read().strip() | |
hostname = socket.gethostname() |
This is a quick-and-dirty guide to setting up a Raspberry Pi as a "router on a stick" to PrivateInternetAccess VPN.
Install Raspbian Jessie (2016-05-27-raspbian-jessie.img
) to your Pi's sdcard.
Use the Raspberry Pi Configuration tool or sudo raspi-config
to:
Below are the steps required to flash a NextThingCo CHIP or PocketCHIP from the command line, as of November 2018. The web flasher no longer works, and there are numerous errors when flashing from the command line, mostly due to broken dependencies. The following method works for flashing a CHIP as of November 2018:
Note: Flashing must be done on Linux. Tested on Ubuntu and Rasparian. Mac OS seems to not work.
- Download and unpack the CHIP-SDK.zip from one of the following:
- https://archive.org/details/C.h.i.p.FlashCollection
- https://github.com/NextThingCo/CHIP-SDK
- https://github.com/Project-chip-crumbs/CHIP-SDK
- Download and unpack CHIP-tools.zip from one of the following:
Sometimes you try to open a remote desktop connection to a machine only to get an error message that "the password has expired". | |
If the remote machine does not enforce NLA (Network Level Authentication), it is still possible to start a remote desktop session by disabling NLA on the client (currenlty not possible from the menu on my remote desktop client v.6.3.96000 that came with windows 8.1). | |
Add the following setting to your .rdp file ("C:\Users\<User>\Documents\Default.rdp" if you aren't using a specific one). | |
enablecredsspsupport:i:0 | |
Optionally you might need to specify |
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log
and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log