This is inspired by A half-hour to learn Rust and Zig in 30 minutes.
Your first Go program as a classical "Hello World" is pretty simple:
First we create a workspace for our project:
""" | |
# RITSEC CTF 2022 - Crypto - Bad AES | |
## Custom AES implementation where Mix Columns and Shift Rows steps switch places | |
A secret government agency uses a 16-letter passphrase that is encrypted | |
to create their passwords for their computers. An insider within the agency | |
told me that everyday employees input their passphrase into this secret | |
encryption scheme to receive their password for the day & the key used to | |
encrypt their passphrase is changed by the agency daily. | |
(This is so their passwords change every day without the employee having |
This is inspired by A half-hour to learn Rust and Zig in 30 minutes.
Your first Go program as a classical "Hello World" is pretty simple:
First we create a workspace for our project:
Easily deploy a secure containerized pastebin on a VPS.
This project runs and configures two containers:
(see YouTube channel for individual videos)
#! /usr/bin/env python3 | |
import hashlib | |
import threading | |
def hash_buf(buf): | |
return hashlib.sha256(buf).hexdigest() | |
This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.
"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.
import os | |
import subprocess | |
import ctypes | |
# See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/ | |
svcinfo = {} | |
nonadmin = ['AU', 'AN', 'BG', 'BU', 'DG', 'WD', 'IU', 'LG'] | |
FNULL = open(os.devnull, 'w') |
server { | |
listen 80; | |
server_name your.domain.com; | |
location = /analytics.js { | |
# you have to compile nginx with http://nginx.org/en/docs/http/ngx_http_sub_module.html (this is not default) | |
# and http://nginx.org/en/docs/http/ngx_http_proxy_module.html (it's a default module) | |
proxy_set_header Accept-Encoding ""; |
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output