Skip to content

Instantly share code, notes, and snippets.

View apettinen's full-sized avatar

Antti Pettinen apettinen

17 followers · 19 following
  • Finland
View GitHub Profile
@pudquick
pudquick / brew.md
Last active June 24, 2024 19:41
Lightly "sandboxed" homebrew on macOS

brew is a bad neighbor

This isn't a guide about locking down homebrew so that it can't touch the rest of your system security-wise.

This guide doesn't fix the inherent security issues of a package management system that will literally yell at you if you try to do something about "huh, maybe it's not great my executables are writeable by my account without requiring authorization first".

But it absolutely is a guide about shoving it into its own little corner so that you can take it or leave it as you see fit, instead of just letting the project do what it likes like completely taking over permissions and ownership of a directory that might be in use by other software on your Mac and stomping all over their contents.

By following this guide you will:

  • Never have to run sudo to forcefully change permissions of some directory to be owned by your account
@yehgdotnet
yehgdotnet / get-shodan-favicon-hash.py
Last active April 8, 2024 18:30
Get Shodan FAVICON Hash
# https://twitter.com/brsn76945860/status/1171233054951501824
pip install mmh3
-----------------------------
# python 2
import mmh3
import requests
response = requests.get('https://cybersecurity.wtf/favicon.ico')
favicon = response.content.encode('base64')
@cleavenworth
cleavenworth / okta_flask_oidc_auth_example_with_pkce.py
Created December 16, 2019 23:52
This is a sample Python 3 app that hosts an OIDC app with Flask to authenticate against Okta and run example calls against the new Okta OAuth-scoped APIs. This example can also be used to host authentication for an OIDC webapp that does not use the OAuth API scopes. This was created with an MVP in mind as an example to demonstrate the ease of in…
#!/usr/bin/env python3
"""This is a sample Python 3 app that hosts an OIDC app with Flask to
authenticate against Okta and run example calls against the new Okta OAuth-scoped APIs.
This example can also be used to host authentication for an OIDC webapp that does not use
the OAuth API scopes.
This was created with an MVP in mind as an example to demonstrate the ease of interacting
with Okta's Authroization Code flow and should not be used in production without
additions to error/state-handling and strong scrutiny."""
@grahamgilbert
grahamgilbert / gist:0ddb239a004fb2c2bbcda4a60d2b4d43
Created November 21, 2019 02:37
select username,uuid,uid,gid,description,directory, case WHEN uuid in (SELECT users.uuid FROM user_groups INNER JOIN users ON user_groups.uid = users.uid WHERE user_groups.gid = 80) THEN "admin" ELSE "standard" END AS user_type from users;
@pudquick
pudquick / codesign.py
Last active January 14, 2020 16:44
Obtain codesigning information with pyobjc
import objc
from Foundation import NSBundle, NSURL
Security = NSBundle.bundleWithIdentifier_('com.apple.security')
class StaticCodeError(Exception):
pass
class SigningInfoError(Exception):
pass
@erikng
erikng / Privacy Preferences Policy Control Payload.md
Last active August 29, 2019 22:29
Privacy Preferences Policy Control Payload.md

Privacy Preferences Policy Control Payload

The Privacy Preferences payload is designated by specifying com.apple.TCC.configuration-profile-policy value as the PayloadType value.

It controls the settings that are displayed in the ”Privacy” tab of the ”Security & Privacy” pane in System Preferences.

This profile must be delivered via a user approved MDM server.

Availability: Available in macOS 10.14 and later.

In addition to the settings common to all payloads, this payload defines this key:

@pudquick
pudquick / temp_folders.py
Last active May 28, 2021 18:13
Some code for working with /var/folders temp folders on macOS via ctypes
import glob, os.path, pwd, os
from ctypes import CDLL, byref, create_string_buffer, c_uint32
from ctypes.util import find_library
libsys = CDLL(find_library('C'))
def user_temp_dir(uid):
path_buffer = create_string_buffer(1024)
result = libsys.__user_local_dirname(c_uint32(uid), 0, byref(path_buffer), 1024)
return path_buffer.value.rsplit('/0/',1)[0]
@opragel
opragel / forcefully_remove_mdm_1015.sh
Last active June 10, 2024 06:29
forcefully_remove_mdm_1015.sh
#!/bin/bash
# Seriously there still apparently aren't enough warning labels
# If you don't understand the consequences don't do it
REMOVE_PATHS=( # "/var/db/ConfigurationProfiles/.passcodePolicesAreInstalled"
# "/var/db/ConfigurationProfiles/.cloudConfigHasActivationRecord"
# "/var/db/ConfigurationProfiles/.cloudConfigNoActivationRecord"
# "/var/db/ConfigurationProfiles/.cloudConfigProfileObtained"
# "/var/db/ConfigurationProfiles/.cloudConfigRecordFound"
# "/var/db/ConfigurationProfiles/.profilesAreInstalled"
@jlehikoinen
jlehikoinen / set_outlook_as_default_application.py
Last active August 17, 2017 06:43
Set MS Outlook as default email application in macOS
#!/usr/bin/python
"""
set_outlook_as_default_application.py
Description:
Set Outlook as a default application for email, calendar and contacts
"""
@gregneagle
gregneagle / prefs_observer.py
Created August 1, 2017 18:20
Getting notified when a preference changes (using PyObjC)
from Foundation import NSObject, NSUserDefaults, NSKeyValueObservingOptionNew
from Foundation import NSRunLoop, NSDate
class PrefsObserver(NSObject):
def observe(self, domain, key):
self.domain = domain
self.key = key
if self:
self.defaults = NSUserDefaults.alloc().initWithSuiteName_(