Skip to content

Instantly share code, notes, and snippets.

Avatar
There's nothing more permanent than a temporary hack.

Alex Flores audibleblink

There's nothing more permanent than a temporary hack.
View GitHub Profile
View binary_search.rb
# hopefully the descriptive names eliminate the need for comment
def search(collection, the_item_for_which_i_am_searching, the_lower_bounds=0, the_upper_bounds=collection.length)
the_middle_index = (the_lower_bounds + the_upper_bounds) / 2
the_middle_item = collection[the_middle_index]
return the_middle_index if the_middle_item == the_item_for_which_i_am_searching
return -1 if the_upper_bounds <= the_lower_bounds
@audibleblink
audibleblink / Resources.md
Last active May 29, 2016
Resources for Learning iOS
View Resources.md
[1]: https://www.udemy.com/swift-learn-apples-new-programming-language-by-examples/
[2]: https://www.udacity.com/course/ud585
[3]: http://www.lynda.com/Swift-tutorials/Swift-Programming-Language-First-Look/182175-2.html
[4]: https://www.bloc.io/swiftris-build-your-first-ios-game-with-swift
[5]: http://www.bignerdranch.com/we-teach/how-to-prepare/ios-device-provisioning.html
[6]: https://parse.com
[7]: http://www.weheartswift.com/swift-programming-scratch-100-exercises/
[8]: https://www.weheartswift.com/object-oriented-programming-swift/
[9]: http://www.learnswift.io/blog/2014/6/12/size-classes-with-xcode-6-and-swift
[10]: http://www.raywenderlich.com/83129/beginning-auto-layout-tutorial-swift-part-1
@audibleblink
audibleblink / list.rb
Last active Aug 29, 2015
reimplemented unix tree
View list.rb
#!/usr/bin/env ruby
# without the glyphs, if you prefer
def list entry=Dir.pwd
Dir.entries(entry)[2..-1].each do |item|
puts File.basename(item)
list("#{entry}/#{item}") if File.directory?("#{entry}/#{item}")
end
end
@audibleblink
audibleblink / io.ngrok.client.plist
Last active Aug 13, 2021
launchd file to keep ngrok alive; requires you have an ngrok config file with your connection definitions
View io.ngrok.client.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>io.ngrok.start</string>
<key>KeepAlive</key>
<true/>
<key>ProgramArguments</key>
<array>
@audibleblink
audibleblink / wd-ex.md
Last active Oct 15, 2019
Compromised Web Developer Extension Steals Cloudflare Tokens
View wd-ex.md

Compromised Web Developer Extension Steals Cloudflare Tokens

Upon receiving news that the popular Chrome Extension, Web Developer, had been compromised, I became curious about exactly how malicious the highjacking was. Most sites are reporting that it injects ads. It's more nefarious than that. Since the extension calls out to an attacker-controlled URL, the payload hosted at that URL could be changed to anything at any time.

At the time of inspection, the code checks to see if the victim is on the Cloudflare domain. If it is, it starts an XHR request to fetch the users' API token and ships it, along with the victim's email, to a remote server.

@audibleblink
audibleblink / hpb3_links.txt
Last active Aug 8, 2021
All links from Hacker Playbook 3, with bit.ly links unfurled
View hpb3_links.txt
@audibleblink
audibleblink / openssl.MD
Created Dec 10, 2018 — forked from jchandra74/openssl.MD
HOWTO: Create Your Own Self-Signed Certificate with Subject Alternative Names Using OpenSSL in Ubuntu Bash for Window
View openssl.MD

HOWTO: Create Your Own Self-Signed Certificate with Subject Alternative Names Using OpenSSL in Ubuntu Bash for Window

Overview

My main development workstation is a Windows 10 machine, so we'll approach this from that viewpoint.

Recently, Google Chrome started giving me a warning when I open a site that uses https and self-signed certificate on my local development machine due to some SSL certificate issues like the one below:

Self-Signed SSL Issue in Chrome

View ShellcodeRDI.go
package main
/*
*
* This is just a Go implementation of https://github.com/monoxgas/sRDI/
* Useful if you're trying to generate shellcode for reflective DLL
* injection in Go, otherwise probably not much use :)
*
* The project, shellcode, most comments within this project
* are all from the original project by @SilentBreakSec's Nick Landers (@monoxgas)
@audibleblink
audibleblink / getsystem.go
Created Jul 15, 2019 — forked from lesnuages/getsystem.go
Inject shellcode in a system process, leveraging SeDebugPrivilege
View getsystem.go
package main
import (
"io/ioutil"
"log"
"net/http"
"os"
"runtime"
"syscall"
"unsafe"
View meth-not-even-once
93fb02c5-3f3f-40de-856d-7328555dce79