Artem Smotrakov artem-smotrakov
☘️
artem-smotrakov
/ thingspeak.py
Created
October 24, 2017 06:14
Sending data to Thingspeak with MicroPython and ESP8266. See details on https://blog.gypsyengineer.com/fun/diy-electronics/micropython-esp8266-sending-data-to-thingspeak.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import dht | |
| import machine | |
| try: | |
| import usocket as socket | |
| except: | |
| import socket | |
| import ussl as ssl | |
| # a template of HTTP request to ThingSpeak to post temperature and humidity |
artem-smotrakov
/ main.c
Created
December 31, 2017 15:13
Here is a very simple example of a global buffer overflow. See more on https://blog.gypsyengineer.com/fun/security/global-buffer-overflows.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| char buffer[16]; | |
| int main(int argc, char **argv) { | |
| if(argc < 2) { | |
| printf("no parameters specified\n"); | |
| exit(-1); |
artem-smotrakov
/ gbo.c
Created
December 31, 2017 15:17
Here is an example of global buffer overflow. It's a simple program which takes a passphrase, and prints a secret phrase if the password is correct. More details on https://blog.gypsyengineer.com/fun/security/global-buffer-overflows.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| // access flag | |
| char access; | |
| // a buffer for password | |
| char buffer[16]; | |
artem-smotrakov
/ gbo.c
Created
December 31, 2017 15:19
An example of global buffer overflow, see more on https://blog.gypsyengineer.com/fun/security/global-buffer-overflows.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| char buffer[16]; | |
| int main(int argc, char **argv) { | |
| if(argc < 2) { | |
| printf("no parameters specified\n"); | |
| exit(-1); |
artem-smotrakov
/ gbo.c
Created
December 31, 2017 15:21
Overwriting a function pointer in global memory, see detail on https://blog.gypsyengineer.com/fun/security/global-buffer-overflows.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| void do_something(void) { | |
| printf("this is not a secret\n"); | |
| } | |
| void print_secret(void) { | |
| printf("this is a secret\n"); |
artem-smotrakov
/ gbo.c
Created
December 31, 2017 15:23
An example of a global buffer overflow with reading sensitive data, see more on https://blog.gypsyengineer.com/fun/security/global-buffer-overflows.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| char secret[32]; | |
| char public[32]; | |
| void print_strings(char *buffer, int len) { | |
| for (int i=0; i<len; i++) { | |
| if (buffer[i] != 0) { |
artem-smotrakov
/ Dockerfile
Last active
February 15, 2021 15:39
Running an SSH server in a Docker image as a debugging mode. See more details on https://blog.gypsyengineer.com/en/tips-and-tricks-en/running-an-ssh-server-in-a-docker-image-as-a-debugging-mode.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu | |
| RUN apt-get update | |
| # we're going to run a Python application | |
| RUN apt-get install -y python3.5 | |
| # configure an SSH server in case we want to debug something | |
| RUN apt-get install -y openssh-server | |
| RUN mkdir /var/run/sshd |
artem-smotrakov
/ build.gradle
Created
April 28, 2018 20:22
Setting a quality gate with OWASP Dependency Check for CVEs with CVSS score higher than 7. See details in https://blog.gypsyengineer.com/en/security/integrating-owasp-dependency-check.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| buildscript { | |
| repositories { | |
| mavenCentral() | |
| } | |
| dependencies { | |
| classpath 'org.springframework.boot:spring-boot-gradle-plugin:2.0.1.RELEASE' | |
| classpath 'org.owasp:dependency-check-gradle:3.1.2' | |
| } | |
| } |
artem-smotrakov
/ Jenkinsfile
Created
April 28, 2018 20:25
Publishing OWASP Dependency Check report in Jenkins. See details in https://blog.gypsyengineer.com/en/security/integrating-owasp-dependency-check.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pipeline { | |
| agent any | |
| stages { | |
| stage('Build') { | |
| steps { | |
| sh './gradlew build' | |
| } | |
| } | |
| stage('OWASP Dependency Check') { |
artem-smotrakov
/ Dockerfile
Last active
May 5, 2018 10:13
Building a Docker image with picotls TLS 1.3 server with enabled AddressSanitizer. Based on https://github.com/artem-smotrakov/tlsbunny
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this is a dockerfile which builds picotls, and start a local TLS 1.3 server | |
| # | |
| # the following commands build a docker image | |
| # | |
| # $ docker build --file Dockerfile --tag picotls/server/tls13 . | |
| # | |
| # the following command starts a local picotls server | |
| # | |
| # $ docker run -p 20101:20101 picotls/server/tls13 | |
| # |