Alexandre Flament dalf

## dashboard.json
{
  "annotations": {
    "list": [
      {
        "builtIn": 1,
        "datasource": {
          "type": "datasource",
          "uid": "grafana"
        },
        "enable": true,

## log4j_exploitation_attempts_crowdsec.md

      
              1 file
            
          
              8 forks
            
          
              30 comments
            
          
              87 stars
            
          
                blotus
                / log4j_exploitation_attempts_crowdsec.md
            
            
              Last active
              December 29, 2023 12:24
            
              
                IPs exploiting the log4j2 CVE-2021-44228 detected by the crowdsec community
              
          
    This list is no longer updated, thus the information is no longer reliable.
You can see the latest version (from october 2022) here

  
## proxy.py
import httpx
from starlette.requests import Request
from starlette.responses import StreamingResponse


class Proxy:
    def __init__(self, hostname):
        self.hostname = hostname
        self.client = httpx.AsyncClient()

## Wannacrypt0r-FACTSHEET.md

      
              1 file
            
          
              158 forks
            
          
              267 comments
            
          
              713 stars
            
          
                rain-1
                / Wannacrypt0r-FACTSHEET.md
            
            
              Last active
              March 10, 2024 11:03
                — forked from Epivalent/Wannacrypt0r-FACTSHEET.md
            
          
    WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm


Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

  
## solib-deps.sh
#!/bin/bash
set -e

# Given a shared library, print the symbols it uses from other libraries it
# directly depends on.

LIB=$1
# Use readelf rather than ldd here to only get direct dependencies.
DEPS=$(readelf -d $LIB | awk '/Shared library:/{ print substr($5, 2, length($5) - 2) }')

## pyuv and pycurl example
#!/usr/bin/env python
#
# Copyright 2009 Facebook
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#

## Getting-Cheat-Sheet.md

      
              1 file
            
          
              231 forks
            
          
              17 comments
            
          
              1122 stars
            
          
                akras14
                / Getting-Cheat-Sheet.md
            
            
              Last active
              June 1, 2024 13:22
            
          
    Git Cheat Sheet


Commands

Getting Started

git init
or

  
## datacite_api_test.py
import os, sys
import httplib2
import base64


endpoint_meta = 'https://test.datacite.org/mds/metadata?testMode=0'
endpoint_mint = 'https://test.datacite.org/mds/doi?testMode=0'
login = '<login here>'
password = '<pass here>'

## JPACryptoConverter.java

import java.security.Key;
import java.util.Properties;

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;

import org.slf4j.Logger;

## alexa.js
var request = require('request');
var unzip   = require('unzip');
var csv2    = require('csv2');

request.get('http://s3.amazonaws.com/alexa-static/top-1m.csv.zip')
    .pipe(unzip.Parse())
    .on('entry', function (entry) {
        entry.pipe(csv2()).on('data', console.log);
    })
;
	{
	"annotations": {
	"list": [
	{
	"builtIn": 1,
	"datasource": {
	"type": "datasource",
	"uid": "grafana"
	},
	"enable": true,
	import httpx
	from starlette.requests import Request
	from starlette.responses import StreamingResponse


	class Proxy:
	def __init__(self, hostname):
	self.hostname = hostname
	self.client = httpx.AsyncClient()
	#!/bin/bash
	set -e

	# Given a shared library, print the symbols it uses from other libraries it
	# directly depends on.

	LIB=$1
	# Use readelf rather than ldd here to only get direct dependencies.
	DEPS=$(readelf -d $LIB \| awk '/Shared library:/{ print substr($5, 2, length($5) - 2) }')
	#!/usr/bin/env python
	#
	# Copyright 2009 Facebook
	#
	# Licensed under the Apache License, Version 2.0 (the "License"); you may
	# not use this file except in compliance with the License. You may obtain
	# a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	import os, sys
	import httplib2
	import base64


	endpoint_meta = 'https://test.datacite.org/mds/metadata?testMode=0'
	endpoint_mint = 'https://test.datacite.org/mds/doi?testMode=0'
	login = '<login here>'
	password = '<pass here>'

	import java.security.Key;
	import java.util.Properties;

	import javax.crypto.Cipher;
	import javax.crypto.spec.SecretKeySpec;
	import javax.persistence.AttributeConverter;
	import javax.persistence.Converter;

	import org.slf4j.Logger;
	var request = require('request');
	var unzip = require('unzip');
	var csv2 = require('csv2');

	request.get('http://s3.amazonaws.com/alexa-static/top-1m.csv.zip')
	.pipe(unzip.Parse())
	.on('entry', function (entry) {
	entry.pipe(csv2()).on('data', console.log);
	})
	;