Skip to content

Instantly share code, notes, and snippets.

View GangGreenTemperTatum's full-sized avatar
🍣

Ads Dawson GangGreenTemperTatum

🍣
View GitHub Profile
@GangGreenTemperTatum
GangGreenTemperTatum / README.md
Created June 17, 2024 16:24 — forked from rossja/README.md
Huggingface SFConvertbot Pull Request Scanner

HuggingFace SF_Convertbot Scanner

This script is designed to assist in identifying pull requests to HuggingFace repositories that are sourced from the SFConvertbot user.

The SFConvertbot user is part of an automated tool used by HuggingFace to provide safetensor versions of models. As published by HiddenLayer this bot can be used by malicious actors to potentially insert malicious content into models.

This tool is a simple script to query all models released by a HuggingFace author, and checks all

@GangGreenTemperTatum
GangGreenTemperTatum / OWASP_Van_CTF_Working_Group.md
Last active March 1, 2024 17:18
OWASP Vancouver group virtual CTF/Labs 👾 Working Group Monthly Session 👋

Introducing a new OWASP Vancouver group virtual CTF/Labs 👾 Working Group Monthly Session Cadence! 👋

  • What and why?
    • The purpose of this monthly cadence is for a group of individuals in Canada, (primarily Vancouver) to get together and tackle a randomly picked CTF orientated primarily around AppSec and ethical hacking
    • The meeting is virtual, to accommodate other timezones and for people who find it hard to travel etc
    • Share the wealth and learn valuable insight, experience and skills from others!
    • This is a no commitment, no judgement and a safe learning experience and environment for all - There are no silly questions and anyone is welcome!
  • How do I signup?
    • Subscribe to @Ads public calendar here 📌
  • Anything else to know?
  • The idea is, I w
@GangGreenTemperTatum
GangGreenTemperTatum / publishings.md
Last active December 11, 2023 20:46
Publishings
@GangGreenTemperTatum
GangGreenTemperTatum / gcp_compute_firewalls.md
Last active June 21, 2023 19:48
Best Practice for Securing GCP `compute` Resources via SSH

Best Practice for Securing GCP compute Resources via SSH

This gist does not cover firewall rule logging FYI.

  1. Require use of IAP to access via gcloud ssh I.E, here
  2. Create a firewall rule allowing port 22/ssh only from IAP CIDR: 35.235.240.0/20
  3. Set rule destination to explicitly list the networks or network tags (note: don't confuse with IAM tags) or service account (the compute SA attached to instance) you want to opt-in for remote access
  4. Use the "Secondary source" option (which is OR, not AND) with tags as well to allow specific machine-to-machine access if needed (of just define another rule) Using tags is a reasonable way to externalize the attribute to allow access.
@GangGreenTemperTatum
GangGreenTemperTatum / Creating a CSR and SSL Certificate with SAN Extensions.md
Last active June 8, 2023 15:08
Creating a CSR and SSL Certificate with SAN Extensions

Creating a CSR and SSL Certificate with SAN Extensions

Problem:

As per here Few days ago (after an update) FF simply refused to accept my self-signed certificate anymore, Firefox requires SAN (Subject Alternative Names) present:

It must be due to removed "subject common name" fallback support from certificate validation. This fallback mode was previously enabled only for manually installed certificates. The CA Browser Forum Baseline Requirements have required the presence of the "subjectAltName" extension since 2012, and use of the subject common name was deprecated in RFC 2818. Firefox from 101.0 onward no longer use certificate CN (Common Name) for matching domain name to certificate and have migrated to only using SAN (Subject Alternate Name) so if you self sign for internal devices you’ll need to regenerate.