choisungwook choisungwook

## brew-bootstrap.sh
brew install pyenv
brew install pyenv-virtualenv
brew install telnet
brew install netcat
brew install awscli
brew install kubernetes-cli
brew install helm
brew install k9s
brew install kind
brew install fzf

## iam.tf
data "aws_iam_policy_document" "ec2_assume_role" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = ["ec2.amazonaws.com"]
    }
  }
}

## cluster.yaml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: securitygroup-for-pod
  region: ap-northeast-2
  version: "1.28"

vpc:
  cidr: "10.0.0.0/16"

## netshoot_deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: netshoot
spec:
  replicas: 1
  selector:
    matchLabels:
      app: netshoot
  template:

## config.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: kind-demo
nodes:
- role: control-plane
  image: kindest/node:v1.29.1
  # nodePorts
#   extraPortMappings:
#   - containerPort: 30950
#     hostPort: 30950

## malwarelab_windows10.ps1
Write-Host -NoNewline "  "
Write-Host -NoNewline "       ==== VM Setup for Malware Analysis ====      "
Write-Host -NoNewline "  "

# Boxstarter options
$Boxstarter.RebootOk=$true # Allow reboots?
$Boxstarter.NoPassword=$false # Is this a machine with no login password?
$Boxstarter.AutoLogin=$true # Save my password securely and auto-login after a reboot
Update-ExecutionPolicy Unrestricted

## install.sh
# update
sudo apt update

# zsh
# https://dev.to/mskian/install-z-shell-oh-my-zsh-on-ubuntu-1804-lts-4cm4
# anaconda
# https://www.digitalocean.com/community/tutorials/how-to-install-anaconda-on-ubuntu-18-04-quickstart
# configure env: https://linuxize.com/post/how-to-install-anaconda-on-ubuntu-18-04/

# git

## http_client_get.cc
#include <windows.h>
#include <wininet.h>
#include <stdio.h>

#pragma comment (lib, "Wininet.lib")

int main(int argc, char *argv[]) {

	HINTERNET hSession = InternetOpen(
		L"Mozilla/5.0", // User-Agent

## http_client_get.cc
#include <windows.h>
#include <wininet.h>
#include <stdio.h>

#pragma comment (lib, "Wininet.lib")

int main(int argc, char *argv[]) {

	HINTERNET hSession = InternetOpen(
		L"Mozilla/5.0", // User-Agent

## Wannacrypt0r-FACTSHEET.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                choisungwook
                / Wannacrypt0r-FACTSHEET.md
            
            
              Created
              December 11, 2018 13:15
                — forked from rain-1/Wannacrypt0r-FACTSHEET.md
            
          
    WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm


Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru
	brew install pyenv
	brew install pyenv-virtualenv
	brew install telnet
	brew install netcat
	brew install awscli
	brew install kubernetes-cli
	brew install helm
	brew install k9s
	brew install kind
	brew install fzf
	data "aws_iam_policy_document" "ec2_assume_role" {
	statement {
	actions = ["sts:AssumeRole"]

	principals {
	type = "Service"
	identifiers = ["ec2.amazonaws.com"]
	}
	}
	}
	apiVersion: eksctl.io/v1alpha5
	kind: ClusterConfig

	metadata:
	name: securitygroup-for-pod
	region: ap-northeast-2
	version: "1.28"

	vpc:
	cidr: "10.0.0.0/16"
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: netshoot
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: netshoot
	template:
	kind: Cluster
	apiVersion: kind.x-k8s.io/v1alpha4
	name: kind-demo
	nodes:
	- role: control-plane
	image: kindest/node:v1.29.1
	# nodePorts
	# extraPortMappings:
	# - containerPort: 30950
	# hostPort: 30950
	Write-Host -NoNewline " "
	Write-Host -NoNewline " ==== VM Setup for Malware Analysis ==== "
	Write-Host -NoNewline " "

	# Boxstarter options
	$Boxstarter.RebootOk=$true # Allow reboots?
	$Boxstarter.NoPassword=$false # Is this a machine with no login password?
	$Boxstarter.AutoLogin=$true # Save my password securely and auto-login after a reboot
	Update-ExecutionPolicy Unrestricted
	# update
	sudo apt update

	# zsh
	# https://dev.to/mskian/install-z-shell-oh-my-zsh-on-ubuntu-1804-lts-4cm4
	# anaconda
	# https://www.digitalocean.com/community/tutorials/how-to-install-anaconda-on-ubuntu-18-04-quickstart
	# configure env: https://linuxize.com/post/how-to-install-anaconda-on-ubuntu-18-04/

	# git
	#include <windows.h>
	#include <wininet.h>
	#include <stdio.h>

	#pragma comment (lib, "Wininet.lib")

	int main(int argc, char *argv[]) {

	HINTERNET hSession = InternetOpen(
	L"Mozilla/5.0", // User-Agent