jesux

import os
import sys
import time
import struct
import select
import binascii

import bluetooth
from bluetooth import _bluetooth as bt

cryptolok

#!/bin/bash

# small tool to retreive vk.com (vkontakte) users hidden metadata (state, access, dates, counts, etc) anonymously (without login)

# sudo apt install curl

parse(){
    local IFS=\>
    read -d \< CELL VALUE
}

rain-1

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

• Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
• Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
• Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
• Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
• Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

x0rz

# Usage: ./dns_check.py <list_of_domain_names.txt>
import dns.resolver
import requests
import re
import json
import sys

resolver = dns.resolver.Resolver()
resolver.timeout = 5
resolver.lifetime = 5

iam1980

Shadow Brokers EQGRP Lost in Translation resources - work in progress

scrapped from @x0rz,@etlow,@Dinosn,@hackerfantastic,@highmeh,@cyb3rops and others

Repositories

• https://github.com/x0rz/EQGRP_Lost_in_Translation
• https://github.com/fuzzbunch/fuzzbunch

Analysis

• A quick analysis of the latest Shadow Brokers dump https://labs.nettitude.com/blog/a-quick-analysis-of-the-latest-shadow-brokers-dump/
• Timestamps

mattifestation

function Invoke-UACBypass {
<#
.SYNOPSIS

Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy.

Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None

0x27

#!/usr/bin/python2
# coding: utf-8
# Example of how not to code PHP... Not a serious exploit, just one for fun as
# an example of how fucking badly people screw up. Picked an app while githubbin'
# and heres the ruinage.
# Exploits trivial command injection, followed by abusing the lolsudo implemented.
# Seriously, this dudes programming licence needs to be revoked.
# BONUS: Includes SCTP Backconnect for Great Justice reasons :D
# Screenshot: http://i.imgur.com/0CWDs8m.png
# Twitter: @dailydavedavids

jwinterm

#!/usr/bin/env python
import requests
import json
import re
import datetime
import sys
import matplotlib as mpl
mpl.use('Agg')
import matplotlib.pyplot as plt
from math import cos, sin, pi

h0tw1r3

continue
dir=/var/www/downloads
file-allocation=falloc
max-connection-per-server=4
max-concurrent-downloads=2
max-overall-download-limit=0
min-split-size=25M
rpc-allow-origin-all=true
rpc-secret=YouShouldChangeThis
input-file=/var/tmp/aria2c.session

hubgit

Anonymising PDFs

PDF metadata

Metadata in PDF files can be stored in at least two places:

• the Info Dictionary, a limited set of key/value pairs
• XMP packets, which contain RDF statements expressed as XML

PDF files