Skip to content

Instantly share code, notes, and snippets.

Avatar

Arkadiy Tetelman arkadiyt

View GitHub Profile
View torrc
## Configuration file for a typical Tor user
## Last updated 28 February 2019 for Tor 0.3.5.1-alpha.
## (may or may not work for much older or much newer versions of Tor.)
##
## Lines that begin with "## " try to explain what's going on. Lines
## that begin with just "#" are disabled commands: you can enable them
## by removing the "#" symbol.
##
## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
## for more options you can use in this file.
@arkadiyt
arkadiyt / token.rb
Last active Mar 6, 2021
Generate signed tokens in ruby
View token.rb
require 'base64'
require 'json'
require 'openssl'
require 'time'
def secure_compare(a, b)
return false unless a.bytesize == b.bytesize
l = a.unpack "C#{a.bytesize}"
View assume-exec.sh
#!/usr/bin/env bash
set -e
# Usage:
# ./assume-exec.sh --role-arn=<role-to-assume> \
# --role-session-name=<name-for-session> \
# --external-id=<external-id> -- <command-to-run>
while [ $# -gt 0 ]; do
case "$1" in
View cryptopals_set_8.md

Cryptopals is a set of cryptographic challenges, originally published here: https://cryptopals.com

Set 8 of the challenges was never published publicly, until late March 2018. However the cryptopals website was not updated to include the challenges. This gist compiles the 8th set of the Cryptopals challenges.

title link
57. Diffie-Hellman Revisited: Small Subgroup Confinement https://toadstyle.org/cryptopals/513b590b41d19eff3a0aa028023349fd.txt
58. Pollard's Method for Catching Kangaroos https://toadstyle.org/cryptopals/3e17c7b35fcf491d08c989081ed18c9a.txt
59. Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks https://toadstyle.org/cryptopals/a0833e607878a80fdc0808f889c721b1.txt
View main.py
import boto3
import certbot.main
import datetime
import os
import raven
import subprocess
def read_and_delete_file(path):
with open(path, 'r') as file:
contents = file.read()
@arkadiyt
arkadiyt / writeup.md
Created Aug 30, 2017
Rubygems vulnerability writeup
View writeup.md

Rubygems blog post: http://blog.rubygems.org/2017/08/27/2.6.13-released.html

Ruby-lang blog post: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

1) "a DNS request hijacking vulnerability"

Description:

Rubygems supports a gem server discovery mechanism, where if you set your gem source as https://example.com, the gem client will do a SRV dns lookup on _rubygems._tcp.example.com to determine where it should send requests to. A MITM can intercept that dns request and return whatever server they want, forcing the gem client to download code from a malicious server.

View whoishiring.csv
Month Link
August 2017 https://news.ycombinator.com/item?id=14901313
July 2017 https://news.ycombinator.com/item?id=14688684
June 2017 https://news.ycombinator.com/item?id=14460777
May 2017 https://news.ycombinator.com/item?id=14238005
April 2017 https://news.ycombinator.com/item?id=14023198
March 2017 https://news.ycombinator.com/item?id=13764728
February 2017 https://news.ycombinator.com/item?id=13541679
January 2017 https://news.ycombinator.com/item?id=13301832
December 2016 https://news.ycombinator.com/item?id=13080280
View keybase.md

Keybase proof

I hereby claim:

  • I am arkadiyt on github.
  • I am arkadiyt (https://keybase.io/arkadiyt) on keybase.
  • I have a public key whose fingerprint is F5A7 AB36 B8B6 6B9F 77D9 452C B6AE 1E34 2F87 804B

To claim this, I am signing this object: