Dumping memory on Linux system can be cumbersome especially that the behavior might be different among different GNU/Linux distribution or Linux kernel version. In the early days, the easiest was to dump the memory from the memory device (/dev/mem) but over time the access was more and more restricted in order to avoid malicious process to directly access the kernel memory directly. The kernel option CONFIG_STRICT_DEVMEM was introduced in kernel version 2.6 and upper (2.6.36–2.6.39, 3.0–3.8, 3.8+HEAD). So you'll need to use a Linux kernel module in order to acquire memory.
Luis San Martin pathcl
fredbourni
/ ec2-list-instances-all-regions.py
Created
May 12, 2017 21:43
AWS EC2 List All Resources for Pre-Defined Regions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| regions = frozenset([ | |
| 'us-east-1', | |
| 'us-east-2', | |
| 'us-west-1', | |
| 'us-west-2', | |
| 'eu-central-1', | |
| 'eu-west-1', | |
| 'eu-west-2', |
pathcl
/ npm-using-https-for-git.sh
Created
May 9, 2019 09:19
— forked from taoyuan/npm-using-https-for-git.sh
Force git to use https:// instead of git://
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| git config --global url."https://github.com/".insteadOf git@github.com: | |
| git config --global url."https://".insteadOf git:// |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| layout: default | |
| --- | |
| <div class="blog-index"> | |
| {% assign post = site.posts.first %} | |
| {% assign content = post.content %} | |
| {% include post_detail.html %} | |
| </div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "fmt" | |
| "os" | |
| "os/signal" | |
| "syscall" | |
| ) | |
| func main() { |
var23rav
/ MoveFile.go
Last active
October 21, 2023 15:34
GoLang: os.Rename() give error "invalid cross-device link" for Docker container with Volumes. MoveFile(source, destination) will work moving file between folders
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ( | |
| "fmt" | |
| "io" | |
| "os" | |
| ) | |
| /* | |
| GoLang: os.Rename() give error "invalid cross-device link" for Docker container with Volumes. | |
| MoveFile(source, destination) will work moving file between folders | |
| */ |
adulau
/ DumpLinuxMemory.md
Created
March 5, 2013 22:03
Acquiring memory from a running Linux system (notes)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BASEDIR = $(shell pwd) | |
| RULELIST = $(shell gcloud compute forwarding-rules list --format='value[terminator=" "](name)') | |
| include Makefile.properties | |
| all: cluster app | |
| app: db api frontend | |
| # Requests a GKE cluster | |
| cluster: |
0xKayvan
/ gitlab-reenable-signin.sh
Last active
January 3, 2024 20:56
enable gitlab sign-in after accidentally disable it in admin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo gitlab-rails console | |
| ApplicationSetting.last.update_attributes(signin_enabled: true) | |
| exit | |
| sudo gitlab-ctl restart |
rushilgupta
/ GoConcurrency.md
Last active
January 25, 2024 14:59
Concurrency in golang and a mini Load-balancer
Concurrency is a domain I have wanted to explore for a long time because the locks and the race conditions have always intimidated me. I recall somebody suggesting concurrency patterns in golang because they said "you share the data and not the variables".
Amused by that, I searched for "concurrency in golang" and bumped into this awesome slide by Rob Pike: https://talks.golang.org/2012/waza.slide#1 which does a great job of explaining channels, concurrency patterns and a mini-architecture of load-balancer (also explains the above one-liner).
Let's dig in:
rain-1
/ Wannacrypt0r-FACTSHEET.md
Last active
March 10, 2024 11:03
— forked from Epivalent/Wannacrypt0r-FACTSHEET.md
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comis up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
OlderNewer