# IDA (disassembler) and Hex-Rays (decompiler) plugin for Apple AMX | |
# | |
# WIP research. (This was edited to add more info after someone posted it to | |
# Hacker News. Click "Revisions" to see full changes.) | |
# | |
# Copyright (c) 2020 dougallj | |
# Based on Python port of VMX intrinsics plugin: | |
# Copyright (c) 2019 w4kfu - Synacktiv |
Note: Nexus group repositories (good example in this StackOverflow question) are out of this tutorial's scope. In any case, deployment to group repositories is currently still an open issue for Nexus 3 (and not intended ever to be implemented in Nexus 2). Thus, it is assumed that we'll push & pull to/from the same repository, and ignore the idea of groups hereon in.
-
Ask your sysadmin for a username & password allowing you to log into your organistation's Nexus Repository Manager.
-
Test the login credentials on the Nexus Repository manager at: http://localhost:8081/nexus/#view-repositories (
localhost
in our case is replaced by a static IP, and can only be connected to over VPN). If your organisation requires a VPN to connect to it, connect to that VPN before proceeding with this tutori
These instructions are based on this article: https://www.alexruf.net/2016/05/23/setup-gogs-git-service.html.
Setup Raspberry Pi with minimal Raspbian image. You need to connect to the HDMI port and set the following:
sudo raspi-config
There you need to enable the SSH server and you should change the hostname.
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
#!/usr/bin/env bash | |
# set -x | |
if [[ $EUID -ne 0 ]]; then | |
echo "You must be root to run this script" | |
exit 1 | |
fi | |
# Returns all available interfaces, except "lo" and "veth*". |
# to generate your dhparam.pem file, run in the terminal | |
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048 |