Skip to content

Instantly share code, notes, and snippets.

View JLLeitschuh's full-sized avatar

Jonathan Leitschuh JLLeitschuh

734 followers · 71 following
View GitHub Profile
@JLLeitschuh
JLLeitschuh / Artifact Server HTTPS Only Annoucements.md
Last active December 17, 2023 22:30

Artifact Server Annoucements

This document captures the links to all of the different artifact server hosts that have announced they will be formally depricating downloading dependencies over HTTP and will only be supporting HTTPS starting in January 2020.

mitm_build

Want to take over the Java ecosystem? All you need is a MITM!

Maven Sonatype

@karanlyons
karanlyons / ZoomDaemon.yara
Last active July 12, 2021 14:07
Fixes for Zoom, RingCentral, Zhumu (and additional white labels) RCE vulnerabilities
private rule Macho
{
meta:
description = "private rule to match Mach-O binaries (copied from Apple's XProtect)"
condition:
uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca
}
rule ZoomDaemon
{
@Blaisorblade
Blaisorblade / report.md
Last active June 18, 2019 12:15
Maven still allows SHA1 signatures — no immediate danger yet

Does Maven still use SHA1 in PGP signatures? Is that a danger?

Even recent releases use MD5 and SHA1 checksums, and both algorithms are vulnerable to collisions, so we should not trust those checksums. This is known. But at least there's a PGP signature, and that we can trust, right? Not so fast. (Some of) those signatures also use SHA1!

The danger does not appear immediate, but it appears one should start migrating to more secure signatures, and eventually forbid artifacts signed only with SHA1.

@mala
mala / 0.md
Last active March 18, 2023 11:53
Vulnerabilities related to url parser, etc / shibuya.xss #8
@rafaeltuelho
rafaeltuelho / install-gosu-centos.md
Last active February 23, 2022 04:56
installing gosu on a centos docker box 
# Install gosu.  https://github.com/tianon/gosu
ENV GOSU_VERSION=1.11
RUN gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
    && curl -o /usr/local/bin/gosu -SL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64" \
    && curl -o /usr/local/bin/gosu.asc -SL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64.asc" \
    && gpg --verify /usr/local/bin/gosu.asc \
    && rm /usr/local/bin/gosu.asc \
    && rm -r /root/.gnupg/ \
 && chmod +x /usr/local/bin/gosu \
@nquinlan
nquinlan / universities.csv
Created December 19, 2014 14:58
A list of university websites and domains. Machine readable. Created from: http://doors.stanford.edu/universities.html
Abilene Christian University http://www.acu.edu/ acu.edu
Adelphi University http://www.adelphi.edu/ adelphi.edu
Agnes Scott College http://www.scottlan.edu/ scottlan.edu
Air Force Institute of Technology http://www.afit.af.mil/ afit.af.mil
Alabama A&M University http://www.aamu.edu/ aamu.edu
Alabama State University http://www.alasu.edu/ alasu.edu
Alaska Pacific University http://alaskapacific.edu alaskapacific.edu
Albertson College of Idaho http://www.acofi.edu/ acofi.edu
Albion College http://www.albion.edu/ albion.edu
Alderson-Broaddus College http://ab.edu ab.edu
@chrisdarroch
chrisdarroch / idea
Created October 17, 2013 03:40
Open a project in IntelliJ IDEA from your command line!
#!/bin/sh
# check for where the latest version of IDEA is installed
IDEA=`ls -1d /Applications/IntelliJ\ * | tail -n1`
wd=`pwd`
# were we given a directory?
if [ -d "$1" ]; then
# echo "checking for things in the working dir given"
wd=`ls -1d "$1" | head -n1`