Skip to content

Instantly share code, notes, and snippets.

View isnuryusuf's full-sized avatar
💭
I may be slow to respond.

Yusuf Hadiwinata Sutandar isnuryusuf

💭
I may be slow to respond.
  • PT Biznet Gio Nusantara
  • Bekasi
View GitHub Profile
@isnuryusuf
isnuryusuf / EspWebserver.ino
Created June 16, 2022 14:28 — forked from SamirTafesh/EspWebserver.ino
WEBSERVER on Arduino Mega and ESP8266
// Date: 30/01/2016
// WEB SERVER - Arduino MEGA2560 and ESP8266-01 WIFI module
// on MEGA2560 we are using Hardware Serial1 to connect ESP8266 Module (Pins 18 & 19)
// For this demonstration, I am connecting:
// 3 Leds & 1 Relay As output, To Be Controlled
// Web Page to Control these Outputs
// 1 Light Sensor and 1 Temperature Resitor As input to update the Web page Content (light Intensity ans Temperature) NOT implemented Yet (SOON)

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm.

SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

WannaCry|WannaDecrypt0r NSA-Cybereweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.

SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Malware samples

// ==UserScript==
// @id iitc-plugin-Mir
// @name IITC plugin: Hawk Eyes
// @category Misc
// @version 1.0.20150105.02
// @namespace https://github.com/jonatkins/ingress-intel-total-conversion
// @updateURL https://gist.github.com/pad92/1c1439c0b2026860e9b0/raw/e92ee8e40dc297d11e8f01336442a765cbfbb178/iitc-plugin-hawk_eyes.user.js
// @downloadURL https://gist.github.com/pad92/1c1439c0b2026860e9b0/raw/e92ee8e40dc297d11e8f01336442a765cbfbb178/iitc-plugin-hawk_eyes.user.js
// @description See all portals, neutrals included, regardless of the zoom used.
// @include https://www.ingress.com/intel*
#!/usr/bin/env python
# Looks like the serial number verification for space ships is similar to that
# of your robot. Try to find a serial that verifies for this space ship
import sys
def check_serial(serial):
if (not set(serial).issubset(set(map(str,range(10))))):
print ("only numbers allowed")
return False