Skip to content

Instantly share code, notes, and snippets.

View sha8e's full-sized avatar

sha8e

34 followers · 216 following
View GitHub Profile
@thuandt
thuandt / install_xenserver_usb.md
Created October 30, 2013 15:56
Create XenServer USB Install

Installing XenServer 6.2.0 from a USB Stick

  • Download the XenServer 6.2.0 ISO image

  • Format a USB stick using FAT32.

  • Use unetbootin to install the ISO to the USB stick. Use the “DiskImage” option instead of the “Distribution” one, and point it right to the ISO file.

  • Now we need to fix up some boot stuff (All paths are relative to the root of the USB drive)

@mrlesmithjr
mrlesmithjr / bro-ids_logstash.conf
Last active January 19, 2022 07:34
# Bro-IDS Logstash parser
# Parts of this taken from http://www.appliednsm.com/wp-content/uploads/logstash-SObro22-parse.conf_.txt
#Logs being parsed:
#app_stats.log
#conn.log
#dns.log
#dpd.log
#files.log
#http.log
@obsidianforensics
obsidianforensics / USN_to_Gource.sql
Last active April 22, 2021 02:32
SQL Query to Convert Triforce USN DB to Gource Custom Log
/* SQL to convert a Triforce ANJP USN Journal database to a Gource custom log
by ryan@obsidianfornesics.com
Convert the human-friendly timestamp to epoch seconds: */
SELECT CAST(round((JULIANDAY(ur_datetime)-2440587.5)*86400,0) as integer),
'USN', -- gource needs a 'User', so I set it statically to 'USN'
CASE ur_reason_s -- gource supports three file 'update types':
WHEN 'File_Create' THEN 'A' -- 'A' for adding a file
WHEN 'File_Delete,Close' THEN 'D' -- 'D' for deleting
ELSE 'M' -- and 'M' for modifying
@shpedoikal
shpedoikal / ubuntu-netflow-dns-log.ks
Created June 21, 2015 17:16
Ubuntu kickstart script for SiLK netflow collection and dns logging
#
# Kickstart an Ubuntu image
# - 2 network interfaces, and internal and external
# - forward all traffic from internal -> external
# - Log all traffic using the SiLK netflow package to /data
# - Log all DNS traffic as pcaps in /var/log/ulogd
# - Backup all netflow and dns to an external server
#
# Before using this kickstart script, search and replace 'kyoder' with your username
#
@rygorous
rygorous / gist:e0f055bfb74e3d5f0af20690759de5a7
Created May 8, 2016 06:54
A bit of background on compilers exploiting signed overflow
Why do compilers even bother with exploiting undefinedness signed overflow? And what are those
mysterious cases where it helps?
A lot of people (myself included) are against transforms that aggressively exploit undefined behavior, but
I think it's useful to know what compiler writers are accomplishing by this.
TL;DR: C doesn't work very well if int!=register width, but (for backwards compat) int is 32-bit on all
major 64-bit targets, and this causes quite hairy problems for code generation and optimization in some
fairly common cases. The signed overflow UB exploitation is an attempt to work around this.
@application2000
application2000 / how-to-install-latest-gcc-on-ubuntu-lts.txt
Last active May 23, 2024 07:53
How to install latest gcc on Ubuntu LTS (12.04, 14.04, 16.04)
These commands are based on a askubuntu answer http://askubuntu.com/a/581497
To install gcc-6 (gcc-6.1.1), I had to do more stuff as shown below.
USE THOSE COMMANDS AT YOUR OWN RISK. I SHALL NOT BE RESPONSIBLE FOR ANYTHING.
ABSOLUTELY NO WARRANTY.
If you are still reading let's carry on with the code.
sudo apt-get update && \
sudo apt-get install build-essential software-properties-common -y && \
sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y && \
@abajwa-hw
abajwa-hw / install_ambari_hdf.sh
Created October 19, 2016 14:41
Install Ambari and HDF 2.0 mpack on RHEL7
#Based on http://docs.hortonworks.com/HDPDocuments/HDF2/HDF-2.0.0/bk_ambari-installation/content/index.html
export host_os=centos7
export ambari_version=2.4.1.0
export hdf_ambari_mpack_url="http://public-repo-1.hortonworks.com/HDF/${host_os}/2.x/updates/2.0.0.0/tars/hdf_ambari_mp/hdf-ambari-mpack-2.0.0.0-579.tar.gz"
export ambari_repo="http://public-repo-1.hortonworks.com/ambari/${host_os}/2.x/updates/${ambari_version}/ambari.repo"
#1. turn off firewall
systemctl stop firewalld.service
systemctl disable firewalld
@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active March 10, 2024 11:03 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@vulnersCom
vulnersCom / Petya_ransomware.md
Last active July 6, 2023 19:30

#petya #petrWrap #notPetya

Win32/Diskcoder.Petya.C

Ransomware attack.

About

This gist was built by the community of the researchers and was scribed by Kir and Igor from the QIWI/Vulners. We are grateful for the help of all those who sent us the data, links and information. Together we can make this world a better place!

Gist updates