adulau

Tor2web and tor proxies public list

List of services which are giving access to Tor network and especially Tor hidden services via web interface. We keep track of potential injection or abuse from such service (the column Scam).

List

Url	Status	Domain	Log	Techno	Scam
https://onion.re/	UP	onion.re	full	custom	no

adulau

Introduction

This Gist aims to centralise the most relevant public sources of information related to the HTTP/2 Rapid Reset vulnerability. This vulnerability has been disclosed jointly by Google, Amazon AWS, and Cloudflare on 10 October 2023 at 12:00 UTC.

Please help us make this page as comprehensive as possible by contributing relevant references, vendor advisories and statements, mitigations, etc.

References

• CVE-2023-44487, CIRCL CVE Search
• How AWS protects customers from DDoS events, AWS

adulau

CPE mapping with the product or software name

Problem

IdentifyingNumber : {D307B5CF-D1F0-48A4-8DA3-54765F535208}
Name              : SQL Server 2012 SQL Data Quality Common
Vendor            : Microsoft Corporation
Version           : 11.2.5058.0
Caption : SQL Server 2012 SQL Data Quality Common

adulau

List of GnuPG/OpenPGP replacement (not OpenPGP compatible)

• https://github.com/wbl/cpgb CPGB is the Curve Privacy Guard B, a secure replacement for GPG using ECC. (Status: Dead? last-update:2011)
• https://github.com/carlos8f/salty Alternative public key encryption using NaCl. (Status: Dead? last-update: 2016)
• https://github.com/TotalTechGeek/DiscreteCrypt This tool is an alternative to software like PGP, with a focus on Discrete Log Cryptography. The algorithm is currently in v2.2.5. (Status: Active)
• https://saltpack.org/ a modern crypto messaging format (Status: Active)
• https://github.com/stealth/opmsg opmsg is a replacement for gpg which can encrypt/sign/verify your mails or create/verify detached signatures of local files. (Status: Active)

List of GnuPG replacement (OpenPGP compatible)

adulau

hashlookup.circl.lu

CIRCL hash lookup is a public API to lookup hash values against known database of files. NSRL RDS database is included. More database will be included in the future. The API is accessible via HTTP ReST API and the API is also described as an OpenAPI.

Get information about the hash lookup database (via ReST)

curl -X 'GET' \
  'https://hashlookup.circl.lu/info' \
 -H 'accept: application/json'

adulau

Introduction

As the Ghidra open source community is growing, trying to document the new projects around Ghidra. Feel free to fork the gist and propose improvements.

CPU support

• New 6502 language module for Ghidra
• Atmel AVR helpers for Ghidra - ATmega328p
• Processor definitions for DMG and CGB in Ghidra - Gameboy CPU (LR35902) (WiP)
• ghidra based disassembly of the x68000's IPL.

adulau

How to acquire memory from a running Linux system

Dumping memory on Linux system can be cumbersome especially that the behavior might be different among different GNU/Linux distribution or Linux kernel version. In the early days, the easiest was to dump the memory from the memory device (/dev/mem) but over time the access was more and more restricted in order to avoid malicious process to directly access the kernel memory directly. The kernel option CONFIG_STRICT_DEVMEM was introduced in kernel version 2.6 and upper (2.6.36–2.6.39, 3.0–3.8, 3.8+HEAD). So you'll need to use a Linux kernel module in order to acquire memory.

fmem

adulau

Getting CPEs

adulau@maurer:~$ curl -w "@curl-format.txt" -o /dev/null -s "https://services.nvd.nist.gov/rest/json/cpes/2.0/?resultsPerPage=20&startIndex=0"
     time_namelookup:  0,120529s
        time_connect:  0,225630s
     time_appconnect:  0,386989s
    time_pretransfer:  0,387033s
       time_redirect:  0,000000s
 time_starttransfer: 5,810461s

adulau

{
  "addDynamicDns": [
    {
      "ukrainianworldcongress_org.clickip.de": {
        "A": [
          "85.215.86.53"
        ],
        "MX": [
          "100 relay.rzone.de",
          "20 clickip.de"

adulau

Tools

GitBook

A good one (PDF, EPUB export included) but the project is halted and moved to a proprietary model. https://github.com/GitbookIO/gitbook What is the best fork to use?

Docusaurus