Skip to content

Instantly share code, notes, and snippets.

View cbp44's full-sized avatar

cbp44-prenetics cbp44

View GitHub Profile
@nstarke
nstarke / netgear-private-key-disclosure.md
Last active April 30, 2024 06:02
Netgear TLS Private Key Disclosure through Device Firmware Images

Netgear Signed TLS Cert Private Key Disclosure

Overview

There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.

These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.

The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.

@nstarke
nstarke / extract-netgear-chk-firmware.md
Created May 12, 2019 14:56
Extract Netgear .chk Firmware

Extract Netgear .chk Firmware

I recently ran into a situation where binwalk -M -e $FIRMWARE failed me. This was for a Netgear firmware image that ended in a .chkextension.

The firmware file name was R7960P-V1.0.1.34_1.0.20.chk.

This is the output when I ran binwalk R7960P-V1.0.1.34_1.0.20.chk:

$ binwalk R7960P-V1.0.1.34_1.0.20.chk
@mikermcneil
mikermcneil / whats-the-big-deal.md
Last active November 5, 2022 11:03
What's the big deal with Node.js and `await`?

What's the big deal with Node.js and await?

So I really don't like most new things. The only reason I even got involved with Node.js early on was because of its sweeping promise: "One language, spoken by developers across the world." By consolidating parallel efforts, it would accelerate the pace of innovation, and quickly lead to more transformative and disruptive developer tools. It would create tremendous value for software businesses by unlocking efficiencies in the hiring and implementation process. And best of all everyone would waste less time on boring stuff.

Still, there was a problem. While it's true most developers have touched some JavaScript callbacks up there in browserland, in the bowels of the application server, there tends to be a lot more asynchronous things going on. And that causes all sorts of issues. All those callbacks also make for a way steeper

@joshbuchea
joshbuchea / semantic-commit-messages.md
Last active June 19, 2024 21:51
Semantic Commit Messages

Semantic Commit Messages

See how a minor change to your commit message style can make you a better programmer.

Format: <type>(<scope>): <subject>

<scope> is optional

Example

@briansmith
briansmith / how-to-generate-and-use-private-keys-with-openssl-tool.md
Last active April 11, 2024 17:02
How to generate & use private keys using the OpenSSL command line tool

How to Generate & Use Private Keys using OpenSSL's Command Line Tool

These commands generate and use private keys in unencrypted binary (not Base64 “PEM”) PKCS#8 format. The PKCS#8 format is used here because it is the most interoperable format when dealing with software that isn't based on OpenSSL.

OpenSSL has a variety of commands that can be used to operate on private key files, some of which are specific to RSA (e.g. openssl rsa and openssl genrsa) or which have other limitations. Here we always use

@Brainiarc7
Brainiarc7 / skylake-tuning-linux.md
Last active June 12, 2024 04:15
This gist will show you how to tune your Intel-based Skylake, Kabylake and beyond Integrated Graphics Core for performance and reliability through GuC and HuC firmware usage on Linux.

Tuning Intel Skylake and beyond for optimal performance and feature level support on Linux:

Note that on Skylake, Kabylake (and the now cancelled "Broxton") SKUs, functionality such as power saving, GPU scheduling and HDMI audio have been moved onto binary-only firmware, and as such, the GuC and the HuC blobs must be loaded at run-time to access this functionality.

Enabling GuC and HuC on Skylake and above requires a few extra parameters be passed to the kernel before boot.

Instructions provided for both Fedora and Ubuntu (including Debian):

Note that the firmware for these GPUs is often packaged by your distributor, and as such, you can confirm the firmware blob's availability by running:

@andrejcremoznik
andrejcremoznik / k780.md
Last active June 13, 2024 14:04
Logitech K780 switch media and function keys on linux

Media/function keys on K780

K780 doesn't have a hard switch to lock the function keys. Logitech provides a utility to do this on Windows and iOS but not on Linux. You need to manually remap the keys.

Below works for Arch Linux, other systemd based distros should be about the same.

There's a problem with the F1-F3 keys as they're hardware specific and don't emit an event if pressed on their own and therefore can't be remapped. I might be wrong as I haven't spend any time on researching that.

Edit: about htat, see @tangruize comments below https://gist.github.com/andrejcremoznik/e56234138305226abd41fe4d1d2561a3#gistcomment-3390489

@thepacketgeek
thepacketgeek / calc_mask_length.py
Created July 24, 2015 15:19
Convert Subnet Mask to CIDR length
def calc_mask_length(mask):
""" Convert subnet mask (255.255.255.0) to CIDR mask length (/24) """
return sum([bin(int(x)).count('1') for x in mask.split('.')])
print calc_mask_length('255.255.255.0')
# 24
@kennwhite
kennwhite / vpn_psk_bingo.md
Last active February 24, 2024 12:19
Most VPN Services are Terrible

Most VPN Services are Terrible

Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.

This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016