Skip to content

Instantly share code, notes, and snippets.

View Techbrunch's full-sized avatar

Techbrunch

39 followers · 14 following
View GitHub Profile
@willurd
willurd / web-servers.md
Last active May 21, 2024 09:23
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active May 20, 2024 17:48
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@brandonb927
brandonb927 / osx-for-hackers.sh
Last active May 14, 2024 18:00
OSX for Hackers: Yosemite/El Capitan Edition. This script tries not to be *too* opinionated and any major changes to your system require a prompt. You've been warned.
#!/bin/sh
###
# SOME COMMANDS WILL NOT WORK ON macOS (Sierra or newer)
# For Sierra or newer, see https://github.com/mathiasbynens/dotfiles/blob/master/.macos
###
# Alot of these configs have been taken from the various places
# on the web, most from here
# https://github.com/mathiasbynens/dotfiles/blob/5b3c8418ed42d93af2e647dc9d122f25cc034871/.osx
@wosephjeber
wosephjeber / ngrok-installation.md
Last active May 6, 2024 20:19
Installing ngrok on Mac

Installing ngrok on OSX

For Homebrew v2.6.x and below:

brew cask install ngrok

For Homebrew v2.7.x and above:

@iangreenleaf
iangreenleaf / gist:b206d09c587e8fc6399e
Last active May 5, 2024 14:52
Rails naming conventions

Rails naming conventions

General Ruby conventions

Class names are CamelCase.

Methods and variables are snake_case.

Methods with a ? suffix will return a boolean.

@yossorion
yossorion / what-i-wish-id-known-about-equity-before-joining-a-unicorn.md
Last active April 7, 2024 22:55
What I Wish I'd Known About Equity Before Joining A Unicorn

What I Wish I'd Known About Equity Before Joining A Unicorn

Disclaimer: This piece is written anonymously. The names of a few particular companies are mentioned, but as common examples only.

This is a short write-up on things that I wish I'd known and considered before joining a private company (aka startup, aka unicorn in some cases). I'm not trying to make the case that you should never join a private company, but the power imbalance between founder and employee is extreme, and that potential candidates would

@grugq
grugq / gist:03167bed45e774551155
Last active April 6, 2024 10:12
operational pgp - draft

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.

@curi0usJack
curi0usJack / .htaccess
Last active March 13, 2024 10:17
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
#
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@tresni
tresni / gist:83b9181588c7393f6853
Last active February 19, 2024 08:00
Authy to 1Password

Moving Authy to 1Password

1Password 5.3 for OSX, 5.2 for iOS, and 4.1.0.538 for Windows support OTP. I've been using Authy for a while now, but the fact is, I haven't really been using 2FA for some time. As mentioned by 1Password in a recent blog post, having the OTP generator and password on the same device is very much not 2FA. It's just an expiring OTP, which can help, but let's not kid ourselves too much.

With that out of the way. One of the things that was interesting to me was moving my OTP out of Authy and into 1Password. I like the control I get with 1Password, but I didn't want to have to reset all my OTP right away, that would suck. So, I got to dissecting the Authy Chrome App to see what I could do.

Run the Authy Chrome app and make sure it's unlocked.

Now, enable Developer mode in Chrome. We'll need this to inspect the background application that stores al

@AndrewKvalheim
AndrewKvalheim / mastodon-notes.md
Last active February 9, 2024 18:30
Notes on running a personal Mastodon instance

Personal Mastodon instance

Effective total cost: $3–5/mo

Setup

Decide on an EC2 instance type:

  1. At AWS Console → EC2 → Instance Types, filter for ≥1 GB RAM and sort by price.
  • t4g.micro is lowest.