Skip to content

Instantly share code, notes, and snippets.


Arkadiy Tetelman arkadiyt

View GitHub Profile
View torrc
## Configuration file for a typical Tor user
## Last updated 28 February 2019 for Tor
## (may or may not work for much older or much newer versions of Tor.)
## Lines that begin with "## " try to explain what's going on. Lines
## that begin with just "#" are disabled commands: you can enable them
## by removing the "#" symbol.
## See 'man tor', or,
## for more options you can use in this file.
arkadiyt / token.rb
Last active Mar 6, 2021
Generate signed tokens in ruby
View token.rb
require 'base64'
require 'json'
require 'openssl'
require 'time'
def secure_compare(a, b)
return false unless a.bytesize == b.bytesize
l = a.unpack "C#{a.bytesize}"
#!/usr/bin/env bash
set -e
# Usage:
# ./ --role-arn=<role-to-assume> \
# --role-session-name=<name-for-session> \
# --external-id=<external-id> -- <command-to-run>
while [ $# -gt 0 ]; do
case "$1" in

Cryptopals is a set of cryptographic challenges, originally published here:

Set 8 of the challenges was never published publicly, until late March 2018. However the cryptopals website was not updated to include the challenges. This gist compiles the 8th set of the Cryptopals challenges.

title link
57. Diffie-Hellman Revisited: Small Subgroup Confinement
58. Pollard's Method for Catching Kangaroos
59. Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks
import boto3
import certbot.main
import datetime
import os
import raven
import subprocess
def read_and_delete_file(path):
with open(path, 'r') as file:
contents =
arkadiyt /
Created Aug 30, 2017
Rubygems vulnerability writeup

Rubygems blog post:

Ruby-lang blog post:

1) "a DNS request hijacking vulnerability"


Rubygems supports a gem server discovery mechanism, where if you set your gem source as, the gem client will do a SRV dns lookup on to determine where it should send requests to. A MITM can intercept that dns request and return whatever server they want, forcing the gem client to download code from a malicious server.

View whoishiring.csv
Month Link
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016

Keybase proof

I hereby claim:

  • I am arkadiyt on github.
  • I am arkadiyt ( on keybase.
  • I have a public key whose fingerprint is F5A7 AB36 B8B6 6B9F 77D9 452C B6AE 1E34 2F87 804B

To claim this, I am signing this object: