Skip to content

Instantly share code, notes, and snippets.

View AriESQ's full-sized avatar

AriESQ AriESQ

29 followers · 352 following
View GitHub Profile
@AriESQ
AriESQ / gist:d594893751e2e343544ba60865cb752f
Created January 24, 2023 00:14
Adding a root certificate store to a docker scratch base image
FROM scratch
COPY --from=alpine:latest /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /your/binary /somewhere/binary
@AriESQ
AriESQ / bashrc
Created May 3, 2022 15:58
OSX Bash default .bashrc .bash_profile
# System-wide .bashrc file for interactive bash(1) shells.
if [ -z "$PS1" ]; then
return
fi
PS1='\h:\W \u\$ '
# Make bash check its window size after a process completes
shopt -s checkwinsize
[ -r "/etc/bashrc_$TERM_PROGRAM" ] && . "/etc/bashrc_$TERM_PROGRAM"
@AriESQ
AriESQ / randstructLLVM.txt
Last active April 20, 2022 20:43
randstruct compile time randomization in GCC and LLVM/Clang. Will it impact #reproducibleBuilds?
Original story: https://www.phoronix.com/scan.php?page=news_item&px=Clang-Linux-RandStruct
LLVM/Clang
https://github.com/llvm/llvm-project/commit/3f0587d0c668202bb89d29a25432aa290e551a31
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=for-next/randstruct
https://lists.llvm.org/pipermail/cfe-dev/2019-March/061607.html
GCC:
https://www.openwall.com/lists/kernel-hardening/2017/04/06/14
https://hardenedlinux.github.io/system-security/2016/08/01/reproducbile-builds-for-pax-grsecurity.html
@AriESQ
AriESQ / robocopy-help.txt
Created April 5, 2022 21:36
output of robocopy /? on Win10
C:\>robocopy /?
-------------------------------------------------------------------------------
ROBOCOPY :: Robust File Copy for Windows
-------------------------------------------------------------------------------
Started : Tuesday, April 5, 2022 17:35:18
Usage :: ROBOCOPY source destination [file [file]...] [options]
source :: Source Directory (drive:\path or \\server\share\path).
@AriESQ
AriESQ / KlayswapHack.txt
Last active February 18, 2022 04:33
Klayswap crypto exchange hack via BGP hijacking and x509 certificate issue.
S. Korean cryptocurrency exchange Klayswap was attacked and had cryptocurrency stolen.
The attackers compromised a third-party customer service messaging tool developers.kakao.com via BGP hijack, after taking control
over the IP address block, the attacker used domain validation to acquire a TLS certificate from a public issuer, ZeroSSL. The target
did not have a Certificate Authorization Authority DNS record, which may have mitigated this attack.
The fraudulent certificates can be seen here:
https://crt.sh/?q=developers.kakao.com
Sources:
@AriESQ
AriESQ / PintaInstallChromeOSCrostini.txt
Last active February 8, 2022 01:10
Installing Pinta, a Paint.net clone for Linux on ChromeOS Crostini (Debian Bullseye)
Following the instructions on https://github.com/PintaProject/Pinta
On ChromeOS the default LXC container Penguin is a very minimal install of
Debian 11 Bullseye. It is a good practice to start by doing an apt update and
upgrade, also you may be missing some basic build software, so we will install
several basic software packages to get started:
sudo apt update
sudo apt upgrade
sudo apt install -y autotools-dev autoconf-archive build-essential gcc gettext