sudoaza

"""
# RITSEC CTF 2022 - Crypto - Bad AES
## Custom AES implementation where Mix Columns and Shift Rows steps switch places

A secret government agency uses a 16-letter passphrase that is encrypted 
to create their passwords for their computers. An insider within the agency 
told me that everyday employees input their passphrase into this secret 
encryption scheme to receive their password for the day & the key used to 
encrypt their passphrase is changed by the agency daily.
(This is so their passwords change every day without the employee having 

prologic

Learn Go in ~5mins

This is inspired by A half-hour to learn Rust and Zig in 30 minutes.

Basics

Your first Go program as a classical "Hello World" is pretty simple:

First we create a workspace for our project:

noperator

Secure Containerized Pastebin

Easily deploy a secure containerized pastebin on a VPS.

Description

This project runs and configures two containers:

• PrivateBin: A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted and decrypted in the browser.
• SWAG: An Nginx webserver and reverse proxy with PHP support and a built-in Certbot client that automates free SSL server certificate generation and renewal processes.

swyxio

Full Livestream Recording here

(see YouTube channel for individual videos)

Github | Site | Discord | YouTube |

oconnor663

#! /usr/bin/env python3

import hashlib
import threading


def hash_buf(buf):
    return hashlib.sha256(buf).hexdigest()

0xdeadbife

ASN Discovery

Checklist

• Get ASN of target
• Get IP ranges
• Masscan all the ranges (common web ports)
• Double check to verify hosts alive
• Generate URL list
• Bruteforce all the URLs

rjhansen

SKS Keyserver Network Under Attack

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Terminological Note

"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.

Who am I?

wdormann

import os
import subprocess
import ctypes

# See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/

svcinfo = {}
nonadmin = ['AU', 'AN', 'BG', 'BU', 'DG', 'WD', 'IU', 'LG']
FNULL = open(os.devnull, 'w')

paivaric

server {
    listen 80;
    server_name your.domain.com;

    location = /analytics.js {
        # you have to compile nginx with http://nginx.org/en/docs/http/ngx_http_sub_module.html (this is not default)
        # and http://nginx.org/en/docs/http/ngx_http_proxy_module.html (it's a default module)
        
        proxy_set_header Accept-Encoding "";

EdOverflow

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output