wesinator

:: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-install-on-a-hard-drive--flat-boot-or-non-ram
:: For Windows 8 and 8.1 series ADKs. May not work for earlier Windows PE AIKs.
:: Using C:\WinPE\ build dir.
copype.cmd x86 C:\WinPE\x86 :: to create x86 Windows PE media in x86 folder. (AMD64 is also available, but lacks WoW64 layer and will be less compatible with applications).

:: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/diskpart-scripts-and-examples
diskpart /s create_winpe_vhd.diskpart

dism /Apply-Image /ImageFile:"C:\WinPE\x86\media\sources\boot.wim" /Index:1 /ApplyDir:V:\
BCDboot V:\Windows /s V: /f ALL

wesinator

# These steps worked when deleting a Fedora logical volume (lvm) partition on a UEFI system.
# They were run from a Fedora live session, and will probably work in Ubuntu based distros as well.

# Trying to delete an lvm / pv partition in Gparted will give you an error.
# To solve this, run the following:

lvs # lvscan to list logical volumes / volume group(s).

# If error about swap volume, run swapoff -a
# Replace vgname with the group name

wesinator

# Force linux to use 24-hour time everywhere, including login screen
sudo update-locale LC_TIME="C.UTF-8"

wesinator

# http://ddos.arbornetworks.com/2011/01/darkshell-a-ddos-bot-targetting-vendors-of-industrial-food-processing-equipment/

def decrypt_darkshell(cipherbytes, start_idx=0x04, stop_idx=0xA8):
   """     
   De-obfuscates Darkshell comms encoded using the following method:
     cipherbyte = 0xDE - [plainbyte - (plainbyte & 0x10) << 1]
   The obfuscation is reversed as follows:
     intermediate = 0xDE - cipherbyte
     plainbyte = intermediate + (intermediate & 0x10) << 1
   """    

wesinator

title       [ Security Level Low IN rules ]

begin
RulesDropFrom192
drop from addr %LANADDR%:%LANMASK% >> done, alert 0 [WAN Traffic from LAN IP]
RulesPass
pass all

RulesDropAddress
drop from addr 0.0.0.0 >> done, alert 4 [ 0.0.0.0 Source IP Address]

wesinator

# https://nakedsecurity.sophos.com/2012/06/26/hotel-jobs-malware/

b = bytearray(open('map.exe', 'rb').read())
for i in range(len(b)):
    if b[i] == 0x00 or b[i] == 0x95:
        next
    else:
        b[i] ^= 0x95
open('map.out', 'wb').write(b)

wesinator

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE language SYSTEM "language.dtd">
<language name="YARA" section="Other" version="2" kateversion="5.0" indenter="cstyle" extensions="*.yar;*.yara" license="MIT">
  <highlighting>
    <list name="keywords">
      <item>all</item>
      <item>and</item>
      <item>any</item>
      <item>ascii</item>
      <item>at</item>

wesinator

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE language SYSTEM "language.dtd">
<language name="Snort/Suricata" section="Other" version="3" kateversion="5.0" extensions="*.rules;*.snort" license="MIT">
  <highlighting>
    <list name="action">
        <item>activate </item>
        <item>alert </item>
        <item>drop </item>
        <item>dynamic </item>
        <item>log </item>

wesinator

1. Run fdisk
2. Run format C:
3. Run SYS A: C: to copy MS-DOS system files to disk.
4. Reboot from disk.
5. Run the following to create the Windows install directory:

MD C:\WINDOWS
MD C:\WINDOWS\OPTIONS
MD C:\WINDOWS\OPTIONS\CABS

wesinator

mooo.com
chickenkiller.com
us.to
strangled.net
ignorelist.com
uk.to
crabdance.com
info.tm
jumpingcrab.com
twilightparadox.com