Skip to content

Instantly share code, notes, and snippets.

View 0xabad1dea's full-sized avatar
🚫
no cooperation with ICE

0xabad1dea (Melissa Elliott) 0xabad1dea

🚫
no cooperation with ICE
459 followers · 7 following
View GitHub Profile
@roycewilliams
roycewilliams / clientside-software-update-verification-failures.md
Last active December 16, 2021 16:05
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
  • Software components regularly used to verify integrity in other software pipelines are
@fay59
fay59 / Quirks of C.md
Last active January 23, 2024 04:24
Quirks of C

Here's a list of mildly interesting things about the C language that I learned mostly by consuming Clang's ASTs. Although surprises are getting sparser, I might continue to update this document over time.

There are many more mildly interesting features of C++, but the language is literally known for being weird, whereas C is usually considered smaller and simpler, so this is (almost) only about C.

1. Combined type and variable/field declaration, inside a struct scope [https://godbolt.org/g/Rh94Go]

struct foo {
   struct bar {
 int x;
@Neo23x0
Neo23x0 / fp-hashes.py
Last active March 10, 2020 14:25
Typical False Positive Hashes
# This GIST has been transformed into a Git repository and does not receive updates anymore
#
# Please visit the github repo to get a current list
# https://github.com/Neo23x0/ti-falsepositives/
# Hashes that are often included in IOC lists but are false positives
HASH_WHITELIST = [
# Empty file
'd41d8cd98f00b204e9800998ecf8427e',
'da39a3ee5e6b4b0d3255bfef95601890afd80709',
@seanjensengrey
seanjensengrey / octal_x86.txt
Created April 1, 2018 16:28
x86 is an octal machine
# source:http://reocities.com/SiliconValley/heights/7052/opcode.txt
From: mark@omnifest.uwm.edu (Mark Hopkins)
Newsgroups: alt.lang.asm
Subject: A Summary of the 80486 Opcodes and Instructions
(1) The 80x86 is an Octal Machine
This is a follow-up and revision of an article posted in alt.lang.asm on
7-5-92 concerning the 80x86 instruction encoding.
The only proper way to understand 80x86 coding is to realize that ALL 80x86
@kostaz
kostaz / gist:6ce4034192ac3a0f08ec3e279c81d0b8
Created April 23, 2017 06:02 — forked from naodesu/gist:10620506
How to mount ubifs image in Linux.
# $UBIFS is ubifs image file
# make sure $IMAGE is a ubifs image file
blkid $(IMAGE)
$(IMAGE): ... TYPE="ubifs"
# size of created mtd is 256.0 MiB
modprobe nandsim first_id_byte=0x2c second_id_byte=0xda third_id_byte=0x90 fourth_id_byte=0x95
flash_erase /dev/mtd0 0 0
ubiformat /dev/mtd0 -s 2048 -O 2048
modprobe ubi
@humbertodias
humbertodias / gist:6237f80df9a4bccf98be298057a82cf2
Last active May 12, 2023 04:53
Qemu with ARM on Mac OSX
# QEmu
brew install qemu
# Home for out tests
mkdir ~/arm-emu
cd ~/arm-emu
# Download initrd and kernel
wget http://ftp.de.debian.org/debian/dists/jessie/main/installer-armel/current/images/versatile/netboot/initrd.gz
@eevee
eevee / extract-music.py
Created May 31, 2016 06:49
Python script to reconstitute music from a PICO-8 cartridge
# script to extract music from a pico-8
# requires exporting sounds from the pico-8 first!
# run as: python extract-music.py mygame.p8 sound%d.wav music%d.wav
# by eevee, do what you like with this code
from __future__ import print_function
import argparse
import struct
import wave
@eevee
eevee / gist:55426e5856f5825317b1
Last active January 28, 2021 22:51
adblock rules to hide mentions from people who don't follow you

Pop open "filter preferences" in adblock plus, and add the following rules to hide mentions from people who don't follow you (and who you don't follow).

For the interactions/notifications page:

twitter.com##.interaction-page [data-follows-you="false"][data-you-follow="false"]:not(.my-tweet)

For the mentions page:

twitter.com##.mentions-page [data-follows-you="false"][data-you-follow="false"]:not(.my-tweet)
@kg
kg / video2gif.bat
Created January 10, 2016 23:46
@if [%6]==[] goto error
@goto ok
:error
@echo USAGE: video2gif START_TIME DURATION WIDTH FRAME_RATE (DITHER_OPTIONS) (CROP_RECTANGLE width:height:x:y) INPUT OUTPUT
@goto end
:ok
@set PALETTE="%TEMP%\palette.png"
@bishboria
bishboria / springer-free-maths-books.md
Last active April 25, 2024 06:27
Springer made a bunch of books available for free, these were the direct links