Skip to content

Instantly share code, notes, and snippets.

View andrewmichaelsmith's full-sized avatar

Andrew Smith andrewmichaelsmith

83 followers · 40 following
View GitHub Profile
@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active March 10, 2024 11:03 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@neoshrew
neoshrew / docker-ip.sh
Last active September 2, 2016 09:56
docker ip script with bash auto completion
#!/usr/bin/env bash
alias docker-ip="docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'"
function _docker-ip() {
# No need to worry about spaces in this output, because
# docker only allows names in the form [a-zA-Z0-9][a-zA-Z0-9_.-]*
local pos_comps=$(docker ps --format "{{.ID}} {{.Names}}")
# $COMP_WORDS array with the current line
# $COMP_WORD the current word we're comping
@PyYoshi
PyYoshi / _.md
Last active June 13, 2018 22:46
Disable Transparent Huge Pages on CoreOS 
$ sudo -i
# vim /etc/systemd/system/disable-transparent-huge-pages.service
# systemctl enable disable-transparent-huge-pages
# systemctl start disable-transparent-huge-pages
# systemctl status disable-transparent-huge-pages
# cat /sys/kernel/mm/transparent_hugepage/enabled
# cat /sys/kernel/mm/transparent_hugepage/defrag
@thomasfr
thomasfr / autossh.service
Last active May 9, 2024 16:59
Systemd service for autossh
[Unit]
Description=Keeps a tunnel to 'remote.example.com' open
After=network.target
[Service]
User=autossh
# -p [PORT]
# -l [user]
# -M 0 --> no monitoring
# -N Just open the connection and do nothing (not interactive)
@dwf
dwf / pyflakes-hook.sh
Last active December 14, 2015 08:49
#!/bin/sh
# Run pyflakes on all changed .py files before commit.
#
# By David Warde-Farley, Feb 28, 2013 -- released under the 3-clause BSD license.
#
# To use, run this file from the script .git/hooks/pre-commit
FILES=`git diff --staged --name-status |grep '\.py$' |grep '^[AM]' |sed -e's/^[AM]\s\+//'`
ROOT=`git rev-parse --show-toplevel`
NUM_BAD_FILES=0
anonymous
anonymous / gist:4033570
Created November 7, 2012 18:48
#!/usr/bin/env python
#-----------------------------------------------
# Name: fetch_cosm.py
#
# Purpose: retrieve historical hi-res data from cosm
# Usage: ./fetch_cosm.py >>cosm_data.csv
# History:
# Date Author Remarks
# 15Oct2012 RW Created.
#-----------------------------------------------