Skip to content

Instantly share code, notes, and snippets.

Avatar
☂️
Umbrella

rain1 rain-1

☂️
Umbrella
View GitHub Profile
@rain-1
rain-1 / minikanren.scm
Created Jan 6, 2019
minikanren.scm - based off orchid-hybrid mirukanren. works in Chez
View minikanren.scm
;; utils
(define (assp p l)
(if (null? l)
#f
(if (p (caar l))
(car l)
(assp p (cdr l)))))
@rain-1
rain-1 / boot.S
Created Sep 30, 2018
GNU assembly bootloader
View boot.S
.code16
.global _start
_start:
cli
xor %ax, %ax
mov %ax, %ds
mov $msg, %si
cld
loop:
lodsb
@rain-1
rain-1 / dcs.rkt
Last active Sep 17, 2019
Dotted Canonical S-expressions - DCSexps
View dcs.rkt
#lang racket
;; printing s-exps as DCS and TDCS, plus examples of what DCS and TDCS look like
(define (dcs l)
(cond ((pair? l)
(begin
(display ".")
(dcs (car l))
(dcs (cdr l))))
View build bash 5.0!
#!/bin/bash
# do this first
# ./configure
#
echo '#include <sys/types.h>' >> config.h
CFLAGS="-DHAVE_CONFIG_H -DSHELL -g -O2 -Wno-parentheses -Wno-format-security -DRCHECK -Dbotch=programming_error -DMALLOC_DEBUG"
##
View mrx.js
var text = "foobar";
text = text.replace(/o/g, "a");
text = text.replace(/a/g, "x");
document.write(text);
var text = "foobar";
View isqrt.c
#include <stdio.h>
#include <stdint.h>
uint64_t myisqrt(uint64_t n) {
int i;
uint64_t r, tmp;
r = 0;
for(i = 64/2-1; i >= 0; i--) {
tmp = r | (1 << i);
@rain-1
rain-1 / example.tsv
Last active Apr 30, 2020
Tab Separated Values file format specification version 2.0
View example.tsv
Name Age Address
Paul 23 1115 W Franklin
Bessy the Cow 5 Big Farm Way
Zeke 45 W Main St
@rain-1
rain-1 / makesfile
Created Apr 10, 2018
example makesfile to build jq
View makesfile
#!/bin/sh
set -e
set -x
function clean {
rm -f src/version.h
rm -f src/builtin.inc
rm -f src/*.o
rm -f jq
}
View Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@rain-1
rain-1 / wcry.md
Created May 12, 2017 — forked from anonymous/wcry.md
wcry.md
View wcry.md

Ransomware attack hits UK NHS, Spain Telefonica, 74 countries affected.

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: Windows 7 is vulnerable. It uses EternalBlue MS17-010 to propagate.

Malware samples