Instantly share code, notes, and snippets.

☂️
Umbrella

rain1 rain-1

View GitHub Profile
View fishbowl.c
// This program runs another program in a "fishbowl" set to the
// current working directory. The idea is that the subprocess
// should only be able to edit files in that path or anything
// descended from it. It can read outside the fishbowl but if it
// attempts to create or edit files outside of it that syscall
// is blocked (by switching it to getpid which does nothing).
//
// A malicious program can bypass the fishbowl using threads to
// make a syscall and then swap the path after verification.
// This is not a security tool, it is just to protect against
View wcry.md

Ransomware attack hits UK NHS, Spain Telefonica, 74 countries affected.

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: Windows 7 is vulnerable. It uses EternalBlue MS17-010 to propagate.

Malware samples

View Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

View makesfile
#!/bin/sh
set -e
set -x
function clean {
rm -f src/version.h
rm -f src/builtin.inc
rm -f src/*.o
rm -f jq
}
View example.tsv
Name Age Address
Paul 23 1115 W Franklin
Bessy the Cow 5 Big Farm Way
Zeke 45 W Main St
View isqrt.c
#include <stdio.h>
#include <stdint.h>
uint64_t myisqrt(uint64_t n) {
int i;
uint64_t r, tmp;
r = 0;
for(i = 64/2-1; i >= 0; i--) {
tmp = r | (1 << i);
View mrx.js
var text = "foobar";
text = text.replace(/o/g, "a");
text = text.replace(/a/g, "x");
document.write(text);
var text = "foobar";
View build bash 5.0!
#!/bin/bash
# do this first
# ./configure
#
echo '#include <sys/types.h>' >> config.h
CFLAGS="-DHAVE_CONFIG_H -DSHELL -g -O2 -Wno-parentheses -Wno-format-security -DRCHECK -Dbotch=programming_error -DMALLOC_DEBUG"
##
View dcs.rkt
#lang racket
;; printing s-exps as DCS and TDCS, plus examples of what DCS and TDCS look like
(define (dcs l)
(cond ((pair? l)
(begin
(display ".")
(dcs (car l))
(dcs (cdr l))))
View boot.S
.code16
.global _start
_start:
cli
xor %ax, %ax
mov %ax, %ds
mov $msg, %si
cld
loop:
lodsb