Skip to content

Instantly share code, notes, and snippets.

Avatar
🚫
no cooperation with ICE

0xabad1dea 0xabad1dea

🚫
no cooperation with ICE
View GitHub Profile
@bnagy
bnagy / gpgmutt.md
Last active Sep 16, 2021
Mutt, Gmail and GPG
View gpgmutt.md

GPG / Mutt / Gmail

About

This is a collection of snippets, not a comprehensive guide. I suggest you start with Operational PGP.

Here is an incomplete list of things that are different from other approaches:

  • I don't use keyservers. Ever.
  • Yes, I use Gmail instead of some bespoke hipster freedom service
@kennwhite
kennwhite / vpn_psk_bingo.md
Last active Sep 22, 2021
Most VPN Services are Terrible
View vpn_psk_bingo.md

Most VPN Services are Terrible

Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.

This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016

@Wack0
Wack0 / gist:17c56b77a90073be81d3
Last active Jul 23, 2021
It's not just superfish that's the problem.
View gist:17c56b77a90073be81d3
Superfish uses an SDK from Komodia to do SSL MITM. That's probably known by now.
Superfish isn't the only product to use that sdk. there's others too.
Each product that uses the Komodia SDK to MITM, has its OWN CA cert and private
key pair. Seems a lot of people think they all use the superfish cert. That is
NOT the case.
First thing I checked was komodia's own parental control software,
Keep My Family Secure. (mentioned on komodia's own website).
@sfan5
sfan5 / image2xterm.py
Last active Jul 13, 2020
Converts images into color sequences (xterm-256color)
View image2xterm.py
#!/usr/bin/env python3
import sys
import getopt
from PIL import Image
xterm256colors = [ # http://pln.jonas.me/xterm-colors
(0, (0x00, 0x00, 0x00)), # SYSTEM
(1, (0x80, 0x00, 0x00)), # SYSTEM
(2, (0x00, 0x80, 0x00)), # SYSTEM
(3, (0x80, 0x80, 0x00)), # SYSTEM
View a-sad-sort.php
$foo = array(-1, NULL, 0, NULL, 0, NULL, -1);
echo "unsorted\n";
print_r($foo);
sort($foo);
echo "sorted once\n";
print_r($foo);
View goto_powered.py
# Inspired by the following sentence that I ran across this morning:
#
# "f_lineno is the current line number of the frame - writing to
# this from within a trace function jumps to the given line
# (only for the bottom-most frame). A debugger can implement a
# Jump command (aka Set Next Statement) by writing to f_lineno."
#
# https://docs.python.org/2/reference/datamodel.html
#
# There is an older implementation of a similar idea:
@grugq
grugq / gist:03167bed45e774551155
Last active Sep 7, 2021
operational pgp - draft
View gist:03167bed45e774551155

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.

View cloudflare_challenge
I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the
10th to get it (ok, looks like I was the 8th.) But I'm happy that I was able to prove to myself
that I too could do it.
First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially
believed that it would be highly improbable under normal conditions to obtain the private key
through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's
challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to
extract private keys. So I wanted to see first-hand if it was possible or not.
@takeshixx
takeshixx / hb-test.py
Last active Feb 5, 2021
OpenSSL heartbeat PoC with STARTTLS support.
View hb-test.py
#!/usr/bin/env python2
"""
Author: takeshix <takeshix@adversec.com>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""
import sys,struct,socket
from argparse import ArgumentParser
View 2048.c
M[16],X=16,W,k;main(){T(system("stty cbreak")
);puts(W&1?"WIN":"LOSE");}K[]={2,3,1};s(f,d,i
,j,l,P){for(i=4;i--;)for(j=k=l=0;k<4;)j<4?P=M
[w(d,i,j++)],W|=P>>11,l*P&&(f?M[w(d,i,k)]=l<<
(l==P):0,k++),l=l?P?l-P?P:0:l:P:(f?M[w(d,i,k)
]=l:0,++k,W|=2*!l,l=0);}w(d,i,j){return d?w(d
-1,j,3-i):4*i+j;}T(i){for(i=X+rand()%X;M[i%X]
*i;i--);i?M[i%X]=2<<rand()%2:0;for(W=i=0;i<4;
)s(0,i++);for(i=X,puts("\e[2J\e[H");i--;i%4||
puts(""))printf(M[i]?"%4d|":" |",M[i]);W-2