Skip to content

Instantly share code, notes, and snippets.

View lingnet's full-sized avatar

Aaron lingnet

  • United States
  • 12:18 (UTC -07:00)
View GitHub Profile
@lingnet
lingnet / html_to_text.py
Created March 4, 2019 19:16 — forked from jspri/html_to_text.py
Converts html to plain text in python3. Only standard libraries used.
"""
HTML <-> text conversions.
http://stackoverflow.com/questions/328356/extracting-text-from-html-file-using-python
"""
from html.parser import HTMLParser
from html.entities import name2codepoint
import re
class _HTMLToText(HTMLParser):
def __init__(self):
@lingnet
lingnet / npm support ticket #53774
Created February 28, 2019 23:13
npm support ticket #53774
• send a secret gist from your linked @lingnet Github account, you can reference this ticket #53774
@lingnet
lingnet / nodejs-cheatsheet.js
Created August 7, 2018 22:37 — forked from LeCoupa/nodejs-cheatsheet.js
Complete Node.js CheatSheet --> UPDATED VERSION --> https://github.com/LeCoupa/awesome-cheatsheets
/* *******************************************************************************************
* THE UPDATED VERSION IS AVAILABLE AT
* https://github.com/LeCoupa/awesome-cheatsheets
* ******************************************************************************************* */
// 0. Synopsis.
// http://nodejs.org/api/synopsis.html

Keybase proof

I hereby claim:

  • I am lingnet on github.
  • I am al34841219 (https://keybase.io/al34841219) on keybase.
  • I have a public key whose fingerprint is A3FA 4246 652D 582D 6DD3 DC15 E2F6 3105 BCCE 14E5

To claim this, I am signing this object:

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@lingnet
lingnet / keybase.md
Last active December 4, 2017 05:34
keybase

Keybase proof

I hereby claim:

  • I am lingnet on github.
  • I am al34841219 (https://keybase.io/al34841219) on keybase.
  • I have a public key whose fingerprint is A3FA 4246 652D 582D 6DD3 DC15 E2F6 3105 BCCE 14E5

To claim this, I am signing this object:

Get-WmiObject Win32_LogicalDisk |
? { $_.DriveType -eq 3 } |
Select DeviceID,
@{ Name = 'FreeSpaceMB'; Expression = { $_.FreeSpace / 1MB } },
@{ Name = 'SizeMB'; Expression = { $_.Size / 1MB } },
@{ Name = 'FreeSpacePct'; Expression = { $_.FreeSpace / $_.Size } }