Skip to content

Instantly share code, notes, and snippets.

View herrjemand's full-sized avatar
🎯

Ackermann Yuriy herrjemand

🎯
View GitHub Profile
@emlun
emlun / README.md
Last active February 20, 2020 15:19
DRAFT: WebAuthn recovery credentials extension
@watahani
watahani / verifySafetyNetAttestation.js
Last active December 4, 2020 09:18
verify SafetyNet Attestation
const base64url = require("base64url")
const cbor = require('cbor')
const crypto = require('crypto')
const jsrsasign = require('jsrsasign')
//sample attestation ;)
const attestationResponse = {
"attestationObject": "o2NmbXRxYW5kcm9pZC1zYWZldHluZXRnYXR0U3RtdKJjdmVyaDE0MzY2MDE5aHJlc3BvbnNlWRS9ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbmcxWXlJNld5Sk5TVWxHYTJwRFEwSkljV2RCZDBsQ1FXZEpVVkpZY205T01GcFBaRkpyUWtGQlFVRkJRVkIxYm5wQlRrSm5hM0ZvYTJsSE9YY3dRa0ZSYzBaQlJFSkRUVkZ6ZDBOUldVUldVVkZIUlhkS1ZsVjZSV1ZOUW5kSFFURlZSVU5vVFZaU01qbDJXako0YkVsR1VubGtXRTR3U1VaT2JHTnVXbkJaTWxaNlRWSk5kMFZSV1VSV1VWRkVSWGR3U0ZaR1RXZFJNRVZuVFZVNGVFMUNORmhFVkVVMFRWUkJlRTFFUVROTlZHc3dUbFp2V0VSVVJUVk5WRUYzVDFSQk0wMVVhekJPVm05M1lrUkZURTFCYTBkQk1WVkZRbWhOUTFaV1RYaEZla0ZTUW1kT1ZrSkJaMVJEYTA1b1lrZHNiV0l6U25WaFYwVjRSbXBCVlVKblRsWkNRV05VUkZVeGRtUlhOVEJaVjJ4MVNVWmFjRnBZWTNoRmVrRlNRbWRPVmtKQmIxUkRhMlIyWWpKa2MxcFRRazFVUlUxNFIzcEJXa0puVGxaQ1FVMVVSVzFHTUdSSFZucGtRelZvWW0xU2VXSXliR3RNYlU1MllsUkRRMEZUU1hkRVVWbEtTMjlhU1doMlkwNUJVVVZDUWxGQlJHZG5SVkJCUkVORFFWRnZRMmRuUlVKQl

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@umidjons
umidjons / aes-256-cbc-nodejs-crypto.md
Last active March 13, 2022 07:12
AES-256-CBC example in Node.js using crypto module

AES-256-CBC example in Node.js using crypto module

'use strict';
const crypto = require('crypto');

// get password's md5 hash
let password = 'test';
let password_hash = crypto.createHash('md5').update(password, 'utf-8').digest('hex').toUpperCase();
console.log('key=', password_hash); // 098F6BCD4621D373CADE4E832627B4F6
@apowers313
apowers313 / UAFTLV.js
Last active June 11, 2023 07:06
UAF TLV Decoder Example
var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
// Use a lookup table to find the index.
var lookup = new Uint8Array(256);
for (var i = 0; i < chars.length; i++) {
lookup[chars.charCodeAt(i)] = i;
}
// stolen from:
// https://github.com/niklasvh/base64-arraybuffer/blob/master/lib/base64-arraybuffer.js
@joepie91
joepie91 / random.md
Last active April 10, 2024 18:45
Secure random values (in Node.js)

Not all random values are created equal - for security-related code, you need a specific kind of random value.

A summary of this article, if you don't want to read the entire thing:

  • Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
  • Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
  • If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.
  • If you want to generate random numbers in a range: Use random-number-csprng.

You should seriously consider reading the entire article, though - it's

@stinger
stinger / Swift3URLComponent.swift
Created June 21, 2016 11:03
Swift 3: Using URLComponents
//: # Swift 3: Using URLComponents
import Foundation
//: ### Compose the componens
var url = URLComponents()
url.scheme = "http"
url.host = "google.com"
//: ### Pass the query string parameters
url.queryItems = [
URLQueryItem(name: "test", value: "data"),
@secvalve
secvalve / baxel.sh
Created May 25, 2016 00:34
A bash script that uses CURL to get a file in parts, ala axel. Usage: baxel numparts url eg ./baxel 3 http://www.google.com/robots.txt
#!/bin/bash
#$1 numparts, #$2 url
#Get length
TL=$(curl -sI $2 | grep Content-Length | awk '{printf "%d", $2}')
echo "$s is $TL Bytes Long”
#GetChunks
for i in `seq 0 $(( $1 - 1 ))`;
do
@application2000
application2000 / how-to-install-latest-gcc-on-ubuntu-lts.txt
Last active February 21, 2024 03:02
How to install latest gcc on Ubuntu LTS (12.04, 14.04, 16.04)
These commands are based on a askubuntu answer http://askubuntu.com/a/581497
To install gcc-6 (gcc-6.1.1), I had to do more stuff as shown below.
USE THOSE COMMANDS AT YOUR OWN RISK. I SHALL NOT BE RESPONSIBLE FOR ANYTHING.
ABSOLUTELY NO WARRANTY.
If you are still reading let's carry on with the code.
sudo apt-get update && \
sudo apt-get install build-essential software-properties-common -y && \
sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y && \
@skratchdot
skratchdot / arrayBufferToString.js
Created March 3, 2016 04:43
Array Buffer -> String and String -> ArrayBuffer conversions in javascript
// source: http://stackoverflow.com/a/11058858
function ab2str(buf) {
return String.fromCharCode.apply(null, new Uint16Array(buf));
}