Skip to content

Instantly share code, notes, and snippets.

View azet's full-sized avatar
🔐
hacking audio devices, diving caves, breaking codes

Aaron Zauner azet

🔐
hacking audio devices, diving caves, breaking codes
193 followers · 243 following
View GitHub Profile
@azet
azet / a_qvfx10k_setup_with_qemu.md
Last active February 18, 2022 14:14
vqfx10k on kvm/qmu

install vQFX10k on KVM/QEMU for Testing or QA

This vQFX Platform is supposed to be used with vagrant and ships with a few nice fabrics that spin up on the go. But there's a few problems with that - which may not be instantly obvious if you plan on using it for testing or QA in your NetOps department:

  1. This Vagrant configuration relies and only supports virtualization via Virtualbox
    • so far no plans have been announced to switch from Virtualbox to another out of the box solution, so you'll have to hack this up a bit. libvirt, kvm/qemu makes this relatively simple, but you have to get familiar with their tools (again).
  2. vQFX comes in two "VMs": a Routing Engine (RE) and a Packet Forwarding Engine (PFE)
  • this is due to the way the hardware is actually set-up and working on a real bare metal switch or router (same story for vMX). ASICs are supplied in the form of shim kernel modules that make it possible to unit-test more advanced features or do functional testing before deploying on real (ide
@karanlyons
karanlyons / log4shell_regexes.py
Last active March 7, 2022 03:49
log4shell Regexes
import re
from urllib.parse import unquote
FLAGS = re.IGNORECASE | re.DOTALL
ESC_DOLLAR = r'(?:\$|[\\%]u0024||\\x24|\\0?44|%24)'
ESC_LCURLY = r'(?:\{|[\\%]u007B|\\x7B|\\173|%7B)'
ESC_RCURLY = r'(?:\}|[\\%]u007D|\\x7D|\\175|%7D)'
_U_PERCENT_ESCAPE_RE = re.compile(r'%(u[0-9a-f]{4})', flags=FLAGS)
_PERCENT_ESCAPE_RE = re.compile(r'%[0-9a-f]{2}', flags=FLAGS)
@toricls
toricls / lima-on-m1-mac-installation-guide.md
Last active April 25, 2024 15:30
Using Lima to run containers with containerd and nerdctl (without Docker Desktop) on M1 Macs

Lima (Linux virtual machines, on macOS) installation guide for M1 Mac.

Sep. 27th 2021 UPDATED

Now we can install patched version of QEMU via Homebrew (thank you everyone for the info!). Here is the updated instruction with it:

Used M1 Mac mini 2020 with macOS Big Sur Version 11.6.

1. Install QEMU & Lima

@sdondley
sdondley / tmux split-window subcommand.md
Last active May 2, 2024 10:28
Super Guide to the split-window tmux Subcommand (and Beyond)

Super Guide to the split-window tmux Subcommand (and Beyond)

Guide overview

tmux, like other great software, is deceptive. On the one hand, it's fairly easy to get set up and start using right away. On the other hand, it's difficult to take advantage of tmux's adanced power features without spending some quality alone time with the manual. But the problem with manuals is that they aren't geared toward beginners. They are geared toward helping seasoned developers and computer enthusiasts quickly obtain the

@leoluk
leoluk / custom_middleware.py
Created January 24, 2019 19:46
Netbox OAuth Login
"""
Custom LOGIN_REQUIRED middleware which allows OAuth URLs.
"""
import utilities.middleware
from django.conf import settings
class CustomLoginRequiredMiddleware(utilities.middleware.LoginRequiredMiddleware):
def __call__(self, request):
@robcowart
robcowart / nprobe.conf
Created May 20, 2018 10:04
Improved nProbe Configuration File
# This configuration for nProbe exposes many more options than is available in the file provided
# when downloading nProbe.
#
# Most likely you will only need to change the -n and -i options for your environment. However, a
# number of other options are documented in case you need them.
#
# The provided template works very well with ElastiFlow - A solution to collect and analyze network
# flow data using the Elastic Stack. ElastiFlow is available from:
# https://github.com/robcowart/elastiflow
@peternguyen93
peternguyen93 / ghost_in_the_heap.py
Created November 8, 2017 14:42
#!/usr/bin/python
# Author : peternguyen
from Pwn import *
# p = Pwn(mode=1,port=8887)
p = Pwn(mode=1,host='52.193.196.17',port=56746)
def select(op):
p.read_until('Your choice: ')
@defuse
defuse / side-channel-password-guessing.md
Last active March 11, 2021 03:28

This was a comment I posted on bcrypt-ruby/bcrypt-ruby#43 (before I realized that issue was 5 years old!) which got deleted so I moved it here.

Let's make the attack concrete to see if it works. I have a dictionary of 232 candidate passwords I want to try against a user account. I know the user's salt. There is no rate limiting. Ideally, it should take 232 online queries to search through all of my candidate passwords. Here's the attack:

  1. Using my knowledge of the salt, I hash ~216 random preimages until I find one for every possible 2-byte prefix of the hash.
  2. Now I send each of those 216 preimages in turn to the server and observe the side-channel. I may have to repeat this a few times in order to improve the SNR, let's say 100 times. So in 100*216 online queries I learn the first 2 bytes of the hash.
  3. Now that I know the first 2 bytes of the hash, I do 232 offline work to hash all of my candidate passwords a
@defuse
defuse / primes.sh
Created March 20, 2017 23:53
Test OpenSSL RSA Random Number Generator
#!/bin/bash
# primes.sh -- @DefuseSec
echo -n >/tmp/primes.txt
# Generate 1000 primes.
for i in {1..500}; do
# Use 192-bit keys for speed (could potentially mask RNG bugs that only affect bigger keys)
openssl genrsa 192 2>/dev/null | \
openssl rsa -text 2>/dev/null |\
@azet
azet / get_alexa_1m_mx_rrs
Last active September 6, 2017 08:55
Retrieves MX and A records for 'Alexa Top 1 Million' hosts and prints them as pretty formatted JSON objects to stdout.
#!/usr/bin/env bash
#
# Retrieves MX and A records for 'Alexa Top 1 Million' hosts
# and prints them as pretty formatted JSON objects to stdout.
#
# *Optional* parallelism support with GNU Parallel (recommended):
# $ sudo apt-get install parallel
#
# Authors: Aaron Zauner <azet@azet.org>
# License: CC0 1.0 (https://creativecommons.org/publicdomain/zero/1.0)