Skip to content

Instantly share code, notes, and snippets.

Nicholas ("wiretapp") Albright nma-io

Block or report user

Report or block nma-io

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:4fd73f5031a5012bf0063ca962f6d3f0
### Keybase proof
I hereby claim:
* I am nma-io on github.
* I am nma_io (https://keybase.io/nma_io) on keybase.
* I have a public key ASB5e6gJqexrjBxhz6XjWxjilUicAEpypPaWsY_RFu7ZhQo
To claim this, I am signing this object:
@nma-io
nma-io / weblogic_exploit.md
Last active Mar 28, 2018
XMR Miner - Honeypot hit.
View weblogic_exploit.md

This one hit a weblogic honeypot.

Wallet ID: 43ZSpXdMerQGerimDrUviDN6qP3vkwnkZY1vvzTV22AbLW1oCCBDstNjXqrT3anyZ22j7DEE74GkbVcQFyH2nNiC3fchGfc

Uses minexmr.com and supportxmr.com

#Update
$WmiName = 'root\cimv2:PowerShell_Command'
@nma-io
nma-io / CryptoMiner Found in wild
Last active Nov 2, 2018
This was observed through our SOC via an unsuccessful JexBoss attack. We're calling it NineBooms
View CryptoMiner Found in wild
$counters = (Get-Counter '\Process(*)\% Processor Time').CounterSamples
$malwares = "Kilence","alm","vag_pag","office","pws_lotinfo_trans","aspnet_state","tasksvr","ekrn","iems","secscan","mysql","trustedinstaller","safedogsiteiis","write","360cleanhelper","sw_magik_gss","wd160session","smsservice","360rps","win1nit","npinst","xmrig","mrservicehost","360rp","hrate","xmr","laozi","csrs","postgres","csrv","safedogguardcenter","sl_gps_msg","javaservice","lsass","taskngr","dc","aipcopywlh64","xqjxke","sl_gps_rule","svhosts","qqexternal","streamserver","qv","sapstartsrv","avgcsrva","360se","alarmservice","nscpucnminer64","thunderplatform","xmrig32","ntrtscan","arp","a8service","msiexev","rsturboball","sl_join_bb808","ramdial","sl_upload809_1","beasvcx64","ptzproxyservice","connect","runtimebroker","system64","win1ogin","sql31","vmware","systemiissec","werfault","w3wp","snmpd","conhosts","taskhots","icrawlers_fbs_cjd","systmss","calcserviced","wmiprvser","bcompare","helppanc","memcached","qqpctray","see64","sl_join
@nma-io
nma-io / Security_Docker_101.md
Last active Mar 28, 2019
A quick guide to deploying some Security Docker Containers.
View Security_Docker_101.md

Install

Grab a copy of Docker for your platform here: https://www.docker.com/community-edition#/download Follow the installation guide and tune the docker system to run with as much memory and CPU as you're willing to feed to it.

Docker Containers I find useful for general security tasks:

Local Debian instance: debian:latest

Metasploit: remnux/metasploit

You can’t perform that action at this time.