Skip to content

Instantly share code, notes, and snippets.

Alex James al3xtjames

Block or report user

Report or block al3xtjames

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@marcan
marcan / roca_test.py
Last active Jan 12, 2018
Non-obfuscated version of the ROCA Infineon RSA key test
View roca_test.py
#!/usr/bin/python
import sys
# Credit: https://crypto.stackexchange.com/questions/52292/what-is-fast-prime
generators = [
(2, 11), (6, 13), (8, 17), (9, 19), (3, 37), (26, 53), (20, 61), (35, 71),
(24, 73), (13, 79), (6, 97), (51, 103), (53, 107), (54, 109), (42, 127),
(50, 151), (78, 157),
]
@marcan
marcan / smbloris.c
Last active Jul 31, 2019
SMBLoris attack proof of concept
View smbloris.c
/* SMBLoris attack proof-of-concept
*
* Copyright 2017 Hector Martin "marcan" <marcan@marcan.st>
*
* Licensed under the terms of the 2-clause BSD license.
*
* This is a proof of concept of a publicly disclosed vulnerability.
* Please do not go around randomly DoSing people with it.
*
* Tips: do not use your local IP as source, or if you do, use iptables to block
@spaze
spaze / opera-vpn.md
Last active Aug 8, 2019
Opera VPN behind the curtains is just a proxy, here's how it works
View opera-vpn.md

When setting up (that's immediately when user enables it in settings) Opera VPN sends few API requests to https://api.surfeasy.com to obtain credentials and proxy IPs, see below, also see The Oprah Proxy.

The browser then talks to a proxy de0.opera-proxy.net (when VPN location is set to Germany), it's IP address can only be resolved from within Opera when VPN is on, it's 185.108.219.42 (or similar, see below). It's an HTTP/S proxy which requires auth.

When loading a page with Opera VPN enabled, the browser sends a lot of requests to de0.opera-proxy.net with Proxy-Authorization request header.

The Proxy-Authorization header decoded: CC68FE24C34B5B2414FB1DC116342EADA7D5C46B:9B9BE3FAE674A33D1820315F4CC94372926C8210B6AEC0B662EC7CAD611D86A3 (that's sha1(device_id):device_password, where device_id and device_password come from the POST /v2/register_device API call, please note that this decoded header is from another Opera installation and thus contains

View gist:8d9d494da56fbe6d8992
commit 3f5e3bdbb45bc2cd9ae95972420eb11b0340f120
Author: Matthew Garrett <mjg59@coreos.com>
Date: Mon Feb 1 13:31:00 2016 +1100
Block most UEFI variable deletions
Some systems appear to become upset if certain UEFI non-volatile variables
are delted, to the point of no longer POSTing successfully. For a short-term
fix, let's just block deletion of most variables while we figure out a
better approach.
@freundTech
freundTech / js-horror.js
Last active May 12, 2016
Possibly the worst JavaScript ever written
View js-horror.js
this[([]+!![])[!![]+!![]+!![]]+"v"+([]+![])[![]+!![]]+([]+![])[!![]+!![]]](([]+![])[![]+![]]+([]+[][[]])[![]+![]]+([]+[][[]])[![]+!![]]+([]+typeof([]))[!![]+!![]+!![]+!![]]+([]+!![])[![]+![]]+([]+[][[]])[!![]+!![]+!![]+!![]+!![]]+([]+typeof([]))[![]+![]]+([]+[][[]])[![]+!![]]+" "+([]+![])[![]+!![]]+([]+!![])[![]+!![]]+([]+!![])[![]+!![]]+([]+![])[![]+!![]]+"y"+([]+[][[]])[!![]+!![]+!![]+!![]+!![]]+([]+![])[![]+![]]+"y"+"("+([]+!![])[![]+![]]+")"+"{"+"v"+([]+![])[![]+!![]]+([]+!![])[![]+!![]]+" "+([]+typeof([]))[![]+![]]+"="+"{"+([]+![])[![]+!![]]+":"+"\""+"("+"["+"]"+"+"+"!"+"["+"]"+")"+"["+"!"+"["+"]"+"+"+"!"+"!"+"["+"]"+"]"+"\""+","+(typeof(![]))[![]+![]]+":"+"\""+"("+([]+!![])[![]+![]]+"y"+"p"+([]+!![])[!![]+!![]+!![]]+([]+typeof([]))[![]+![]]+([]+![])[![]+![]]+"("+"!"+"["+"]"+")"+")"+"["+"!"+"["+"]"+"+"+"!"+"["+"]"+"]"+"\""+","+([]+typeof([]))[!![]+!![]+!![]+!![]]+":"+"\""+"("+"["+"]"+"+"+([]+!![])[![]+![]]+"y"+"p"+([]+!![])[!![]+!![]+!![]]+([]+typeof([]))[![]+![]]+([]+![])[![]+![]]+"("+"["+"]"+")"+")"+"[
@zchee
zchee / kernel-debug-kit-10.10.4-build-14E46
Created Jul 3, 2015
Kernel Debug Kit 10.10.4 build 14E46
View kernel-debug-kit-10.10.4-build-14E46
OS X Yosemite Kernel Debug Kit Read Me
Please Note: After installation, the Kernel Debug Kit will be available at:
/Library/Developer/KDKs/
———————————————————————————————
The kernel file location has changed.
The kernel file location has moved to /System/Library/Kernels/kernel
DEVELOPMENT and DEBUG kernels
The OS X Yosemite Kernel Debug Kit includes the DEVELOPMENT and DEBUG kernel builds. These both have additional assertions and error checking compared to the RELEASE kernel. The DEVELOPMENT kernel can be used for every-day use and has minimal performance overhead, while the DEBUG kernel has much more error checking.
@kennwhite
kennwhite / vpn_psk_bingo.md
Last active Aug 17, 2019
Most VPN Services are Terrible
View vpn_psk_bingo.md

Most VPN Services are Terrible

Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.

This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016

@comex
comex / wormdump.c
Created Apr 9, 2015
Some old broken code in case it helps anyone
View wormdump.c
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/kern_event.h>
#include <stdio.h>
#include <stdint.h>
#include <stdbool.h>
#include <stdlib.h>
#include <assert.h>
#include <string.h>
#include <net/ethernet.h>
@0xbb
0xbb / README.md
Last active Jan 29, 2017
Macbook Pro 11,3 - Linux - AppleMuxControl reverse engineering
View README.md
@steakknife
steakknife / osx_kernel_debug_two_boxes.md
Last active Aug 11, 2018
Two-box osx kernel debugging
View osx_kernel_debug_two_boxes.md

Two-box osx kernel development

This is an officially unsupported two-box setup, suitable for real kernel (and sometimes kext) development.

Target box setup w/ development kernel

Make sure the box has plenty, but not too much, ram, unless you enjoy wasting time doing either virtual or actual paging.

You can’t perform that action at this time.