This gist was built by the community of the researchers and was scribed by Kir and Igor from the QIWI/Vulners. We are grateful for the help of all those who sent us the data, links and information. Together we can make this world a better place!
Alexander Bolshakov spacepatcher
enigma0x3
/ rpc_dump_rs5.txt
Created
January 22, 2019 16:57
— forked from masthoon/rpc_dump_rs5.txt
RPC interfaces RS5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------------------------- | |
| <WinProcess "smss.exe" pid 368 at 0x5306908L> | |
| 64 | |
| [!!] Invalid rpcrt4 base: 0x0 vs 0x7ffec24f0000 | |
| -------------------------------------------------------------------------------- | |
| <WinProcess "csrss.exe" pid 472 at 0x5306e48L> | |
| 64 | |
| Interfaces : | |
| Endpoints : |
vulnersCom
/ Petya_ransomware.md
Last active
July 6, 2023 19:30
Assuming that the following environment variables are set:
KAFKA_HOMEwhere Kafka is installed on local machine (e.g./opt/kafka)ZK_HOSTSidentifies running zookeeper ensemble, e.g.ZK_HOSTS=192.168.0.99:2181KAFKA_BROKERSidentifies running Kafka brokers, e.g.KAFKA_BROKERS=192.168.0.99:9092
Start Zookepper and Kafka servers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Logparser | |
| ############### | |
| # Security Log | |
| ############### | |
| # Find Event id | |
| & 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'" |