Skip to content

Instantly share code, notes, and snippets.

View 0xabad1dea's full-sized avatar
🚫
no cooperation with ICE

0xabad1dea (Melissa Elliott) 0xabad1dea

🚫
no cooperation with ICE
View GitHub Profile
@eevee
eevee / gist:55426e5856f5825317b1
Last active January 28, 2021 22:51
adblock rules to hide mentions from people who don't follow you

Pop open "filter preferences" in adblock plus, and add the following rules to hide mentions from people who don't follow you (and who you don't follow).

For the interactions/notifications page:

twitter.com##.interaction-page [data-follows-you="false"][data-you-follow="false"]:not(.my-tweet)

For the mentions page:

twitter.com##.mentions-page [data-follows-you="false"][data-you-follow="false"]:not(.my-tweet)
@colinmahns
colinmahns / otrdm.md
Last active March 31, 2021 19:33
HOWTO: Twitter DM with OTR

Twitter DM + OTR: A quick and dirty tutorial

With the recent removal of the 140-character limit in Direct Messages by Twitter, DM's have now become a much more useful platform for communicating between individuals and groups. Sadly, DM's are still sent in plaintext between users and Twitter has no plans currently on encrypting these messages, at least as of August 2015. Since these are stored in plaintext at rest, an adversary can see the content of the message you are sending, which the two parties might not wish to happen. Fortunately as a few applications with basic Twitter support which also have excellent support for OTR, all hope isn't lo

@Wack0
Wack0 / gist:17c56b77a90073be81d3
Last active July 23, 2021 12:54
It's not just superfish that's the problem.
Superfish uses an SDK from Komodia to do SSL MITM. That's probably known by now.
Superfish isn't the only product to use that sdk. there's others too.
Each product that uses the Komodia SDK to MITM, has its OWN CA cert and private
key pair. Seems a lot of people think they all use the superfish cert. That is
NOT the case.
First thing I checked was komodia's own parental control software,
Keep My Family Secure. (mentioned on komodia's own website).
if [ $EUID != 0 ]; then
echo "It's a weird tree."
else
echo ' _ __'
echo ' / `\ (~._ ./ )'
echo ' \__/ __`-_\__/ ./'
echo ' _ \ \/ \ \ |_ __'
echo ' ( ) \__/ -^ \ / \'
echo ' \_/ " \ | o o |.. / __'
echo " \\. --' ==== / || / \\ "
@roycewilliams
roycewilliams / clientside-software-update-verification-failures.md
Last active December 16, 2021 16:05
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
  • Software components regularly used to verify integrity in other software pipelines are
@moyix
moyix / list_dsc.py
Created February 5, 2022 22:45
Script that uses python-apt to get some info about source packages
#!/usr/bin/env python
import re
import sys, os
sys.path.append('/usr/lib/python3/dist-packages')
import apt
import apt_pkg
import argparse
def urljoin(*args):
@kostaz
kostaz / gist:6ce4034192ac3a0f08ec3e279c81d0b8
Created April 23, 2017 06:02 — forked from naodesu/gist:10620506
How to mount ubifs image in Linux.
# $UBIFS is ubifs image file
# make sure $IMAGE is a ubifs image file
blkid $(IMAGE)
$(IMAGE): ... TYPE="ubifs"
# size of created mtd is 256.0 MiB
modprobe nandsim first_id_byte=0x2c second_id_byte=0xda third_id_byte=0x90 fourth_id_byte=0x95
flash_erase /dev/mtd0 0 0
ubiformat /dev/mtd0 -s 2048 -O 2048
modprobe ubi

Hacking the SX Core modchip

Background

On October 2nd 2020, CVE-2020-15808 was publicly announced, detailing an out-of-bounds memory read/write vulnerability in STM's microcontroller firmware. Any chip containing STM's USB CDC driver library contains the bugged code, which represents a large amount of products on the market. While bugged STM libraries may be bad enough, this problem is much more widespread. Several companies manufacture "clones" of STM chips which, due to mostly identical MMIO (Memory Mapped Input/Output) addresses, fully support the affected STM vendor code. Most clone manufacturers don't offer their own libraries, so developers must either write their own from scratch, or they can use the STM's existing libraries, and most clone manufacturers encourage this.

Armed with this information, I became interested in exploiting and dumping the flash on the "Team Xecuter" SX Core modchip for the Nintendo Switch. The MCU used on the ch

@justecorruptio
justecorruptio / 2048.c
Created April 4, 2014 03:49
Tiny 2048 in C!
M[16],X=16,W,k;main(){T(system("stty cbreak")
);puts(W&1?"WIN":"LOSE");}K[]={2,3,1};s(f,d,i
,j,l,P){for(i=4;i--;)for(j=k=l=0;k<4;)j<4?P=M
[w(d,i,j++)],W|=P>>11,l*P&&(f?M[w(d,i,k)]=l<<
(l==P):0,k++),l=l?P?l-P?P:0:l:P:(f?M[w(d,i,k)
]=l:0,++k,W|=2*!l,l=0);}w(d,i,j){return d?w(d
-1,j,3-i):4*i+j;}T(i){for(i=X+rand()%X;M[i%X]
*i;i--);i?M[i%X]=2<<rand()%2:0;for(W=i=0;i<4;
)s(0,i++);for(i=X,puts("\e[2J\e[H");i--;i%4||
puts(""))printf(M[i]?"%4d|":" |",M[i]);W-2

Awesome List of Rust Footguns

This will be a living document where I will ocassionally add new "gotchas" I discover with Rust. Do note that I am still learning Rust. I mean, who isn't?

Drops are not guaranteed

8 May 2021.

Dear diary,