Skip to content

Instantly share code, notes, and snippets.

View corcorj's full-sized avatar

corcorj

5 followers · 24 following
View GitHub Profile
@BlackPropaganda
BlackPropaganda / U2F_ssh_ecdsa.txt
Created September 22, 2022 21:58
U2F ECDSA SSH Key Generation using Flipper Zero
#
# U2F SSH key generation and installation guide
#
# install U2F libraries on client machine
sudo apt-get install pamu2fcfg libpam-u2f
#
# Currently, there are only two ciphers that support
# 'special keys' or (sk) this is the notation in the
@Proteas
Proteas / inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
Last active October 22, 2023 11:31
void inject_trusts(int pathc, const char *paths[])
{
printf("[+] injecting into trust cache...\n");
extern uint64_t g_kern_base;
static uint64_t tc = 0;
if (tc == 0) {
/* loaded_trust_caches
iPhone11,2-4-6: 0xFFFFFFF008F702C8
@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active March 10, 2024 11:03 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru