- Run
fdisk
- Run
format C:
- Run
SYS A: C:
to copy MS-DOS system files to disk. - Reboot from disk.
- Run the following to create the Windows install directory:
MD C:\WINDOWS
MD C:\WINDOWS\OPTIONS
MD C:\WINDOWS\OPTIONS\CABS
:: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-install-on-a-hard-drive--flat-boot-or-non-ram | |
:: For Windows 8 and 8.1 series ADKs. May not work for earlier Windows PE AIKs. | |
:: Using C:\WinPE\ build dir. | |
copype.cmd x86 C:\WinPE\x86 :: to create x86 Windows PE media in x86 folder. (AMD64 is also available, but lacks WoW64 layer and will be less compatible with applications). | |
:: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/diskpart-scripts-and-examples | |
diskpart /s create_winpe_vhd.diskpart | |
dism /Apply-Image /ImageFile:"C:\WinPE\x86\media\sources\boot.wim" /Index:1 /ApplyDir:V:\ | |
BCDboot V:\Windows /s V: /f ALL |
# These steps worked when deleting a Fedora logical volume (lvm) partition on a UEFI system. | |
# They were run from a Fedora live session, and will probably work in Ubuntu based distros as well. | |
# Trying to delete an lvm / pv partition in Gparted will give you an error. | |
# To solve this, run the following: | |
lvs # lvscan to list logical volumes / volume group(s). | |
# If error about swap volume, run swapoff -a | |
# Replace vgname with the group name |
# Force linux to use 24-hour time everywhere, including login screen | |
sudo update-locale LC_TIME="C.UTF-8" |
# http://ddos.arbornetworks.com/2011/01/darkshell-a-ddos-bot-targetting-vendors-of-industrial-food-processing-equipment/ | |
def decrypt_darkshell(cipherbytes, start_idx=0x04, stop_idx=0xA8): | |
""" | |
De-obfuscates Darkshell comms encoded using the following method: | |
cipherbyte = 0xDE - [plainbyte - (plainbyte & 0x10) << 1] | |
The obfuscation is reversed as follows: | |
intermediate = 0xDE - cipherbyte | |
plainbyte = intermediate + (intermediate & 0x10) << 1 | |
""" |
title [ Security Level Low IN rules ] | |
begin | |
RulesDropFrom192 | |
drop from addr %LANADDR%:%LANMASK% >> done, alert 0 [WAN Traffic from LAN IP] | |
RulesPass | |
pass all | |
RulesDropAddress | |
drop from addr 0.0.0.0 >> done, alert 4 [ 0.0.0.0 Source IP Address] |
# https://nakedsecurity.sophos.com/2012/06/26/hotel-jobs-malware/ | |
b = bytearray(open('map.exe', 'rb').read()) | |
for i in range(len(b)): | |
if b[i] == 0x00 or b[i] == 0x95: | |
next | |
else: | |
b[i] ^= 0x95 | |
open('map.out', 'wb').write(b) |
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE language SYSTEM "language.dtd"> | |
<language name="YARA" section="Other" version="2" kateversion="5.0" indenter="cstyle" extensions="*.yar;*.yara" license="MIT"> | |
<highlighting> | |
<list name="keywords"> | |
<item>all</item> | |
<item>and</item> | |
<item>any</item> | |
<item>ascii</item> | |
<item>at</item> |
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE language SYSTEM "language.dtd"> | |
<language name="Snort/Suricata" section="Other" version="3" kateversion="5.0" extensions="*.rules;*.snort" license="MIT"> | |
<highlighting> | |
<list name="action"> | |
<item>activate </item> | |
<item>alert </item> | |
<item>drop </item> | |
<item>dynamic </item> | |
<item>log </item> |
fdisk
format C:
SYS A: C:
to copy MS-DOS system files to disk.MD C:\WINDOWS
MD C:\WINDOWS\OPTIONS
MD C:\WINDOWS\OPTIONS\CABS
mooo.com | |
chickenkiller.com | |
us.to | |
strangled.net | |
ignorelist.com | |
uk.to | |
crabdance.com | |
info.tm | |
jumpingcrab.com | |
twilightparadox.com |