Skip to content

Instantly share code, notes, and snippets.

View tuantmb's full-sized avatar
😹

Tuan T tuantmb

😹
  • Vietnam
View GitHub Profile
@tuantmb
tuantmb / rules-both.iptables
Created November 7, 2017 00:51 — forked from jirutka/rules-both.iptables
Basic iptables template for ordinary servers (both IPv4 and IPv6)
###############################################################################
# The MIT License
#
# Copyright 2012-2014 Jakub Jirutka <jakub@jirutka.cz>.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
@tuantmb
tuantmb / Wannacrypt0r-FACTSHEET.md
Created April 5, 2018 04:15 — forked from rain-1/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@tuantmb
tuantmb / bitsadmin.md
Created July 5, 2018 01:39 — forked from rosswd/bitsadmin.md
Use bitsadmin to download via the command line on Windows 7 (8?)

Download via the command line on Windows 7

If you want to test your connection or have some other reason to use the command line to download a file, this is how.

See http://superuser.com/a/284147 for more information.

Open cmd.exe and use this format:

bitsadmin /transfer debjob /download /priority normal http://cdimage.debian.org/debian-cd/current-live/i386/iso-hybrid/debian-live-8.7.1-i386-xfce-desktop.iso D:\Users\[Username]\Downloads\debian-live-8.7.1-i386-xfce-desktop.iso
@tuantmb
tuantmb / WebSockets.md
Created July 17, 2018 02:38 — forked from subudeepak/WebSockets.md
The problems and some security implications of websockets - Cross-site WebSockets Scripting (XSWS)

WebSockets - An Introduction

WebSockets is a modern HTML5 standard which makes communication between client and server a lot more simpler than ever. We are all familiar with the technology of sockets. Sockets have been fundamental to network communication for a long time but usually the communication over the browser has been restricted. The general restrictions

  • The server used to have a permanent listener while the client (aka browser) was not designated any fixed listener for a more long term connection. Hence, every communication was restricted to the client demanding and the server responding.
  • This meant that unless the client requested for a particular resource, the server was unable to push such a resource to the client.
  • This was detrimental since the client is then forced to check with the server at regular intervals. This meant a lot of libraries focused on optimizing asynchronous calls and identifying the response of asynchronous calls. Notably t
@tuantmb
tuantmb / rsa.py
Created August 29, 2018 11:57 — forked from tylerl/rsa.py
RSA Explained in Python
#!/usr/bin/env python
# This example demonstrates RSA public-key cryptography in an
# easy-to-follow manner. It works on integers alone, and uses much smaller numbers
# for the sake of clarity.
#####################################################################
# First we pick our primes. These will determine our keys.
#####################################################################
@tuantmb
tuantmb / firewalld.md
Created December 28, 2018 04:19 — forked from frengky/firewalld.md
FirewallD command line snippets for Linux

FirewallD command line snippets for Linux

Create new zone identified by an IP Address or interface This 'example' zone rules will applied to the connection from 192.168.1.2

  $ firewall-cmd --list-all-zones
  $ firewall-cmd --permanent --new-zone=example
  $ firewall-cmd --permanent --zone=example --add-source=192.168.1.2
  $ firewall-cmd --zone=example --list-sources
@tuantmb
tuantmb / LICENCE SUBLIME TEXT
Created January 13, 2019 15:44
Sublime Text 3 Serial key build is 3176
## Sublime Text 3 Serial key build is 3176
> * Added these lines into /etc/hosts
127.0.0.1 www.sublimetext.com
127.0.0.1 license.sublimehq.com
> * Used the license key
----- BEGIN LICENSE -----
@tuantmb
tuantmb / sshtranger_things.py
Created January 26, 2019 07:34 — forked from mehaase/sshtranger_things.py
SSHtranger Things Exploit POC
'''
Title: SSHtranger Things
Author: Mark E. Haase <mhaase@hyperiongray.com>
Homepage: https://www.hyperiongray.com
Date: 2019-01-17
CVE: CVE-2019-6111, CVE-2019-6110
Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1
We have nicknamed this "SSHtranger Things" because the bug is so old it could be
@tuantmb
tuantmb / gist:efa46694ec582b9933e6bf02ee1c46ff
Created March 20, 2019 02:30 — forked from atcuno/gist:3425484ac5cce5298932
HowTo: Privacy & Security Conscious Browsing

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents

@tuantmb
tuantmb / EnableAMSILogging.ps1
Created April 2, 2019 15:33 — forked from mattifestation/EnableAMSILogging.ps1
Enables AMSI logging to the AMSI/Operational event log
# Run this elevated, reboot, boom.
# Feel free to name this whatever you want
$AutoLoggerName = 'MyAMSILogger'
$AutoLoggerGuid = "{$((New-Guid).Guid)}"
New-AutologgerConfig -Name $AutoLoggerName -Guid $AutoLoggerGuid -Start Enabled
Add-EtwTraceProvider -AutologgerName $AutoLoggerName -Guid '{2A576B87-09A7-520E-C21A-4942F0271D67}' -Level 0xff -MatchAnyKeyword 0x80000000000001 -Property 0x41