Skip to content

Instantly share code, notes, and snippets.

View ckuethe's full-sized avatar

Chris Kuethe ckuethe

79 followers · 183 following
View GitHub Profile
@osy
osy / tpm-rant.md
Last active June 3, 2024 01:13
TPM provides zero practical security

TPM provides zero practical security

TPM (Trusted Platform Module) is as useful for preventing real attackers as the TSA is at preventing real terrorists. The architecture is fundamentally flawed and most existing implementations are completely broken. I thought this argument was settled decades ago[1] when "trusted computing" was introduced mostly as a way to provide DRM and ownership capabilities to organizations. It has largely failed to impact the consumer market when it was introduced back in the early 2000s. However, recently there seems to be a movement by certain parties to reintroduce this failed product back to the market. Microsoft argues that in order to use Windows 11, you need TPM 2.0 compatible hardware because[2]:

The Trusted Platform Module(TPM) requirement ena

@JVital2013
JVital2013 / How-To-Hand-Track-Polar-Orbiting-Satellites.md
Last active March 16, 2023 05:45
How to Hand-Track Polar-orbiting satellites

How to Hand-Track Polar-Orbiting Weather Satellites

This is how I hand-track polar-orbiting weather satellites using an old equatorial mount telescope tripod and a 1.7 GHz grid dish. This may not be the best way to do it, and other ideas are welcome!

If you're unfamiliar with HRPT reception, this is not the right place to learn about it. Head over to https://sgcderek.github.io/blog/beginner-hrpt-guide.html for that. This write-up only focuses on hand-tracking to record a baseband.

Hardware Required

The crux of the "tracking" design is the equatorial mount. These are not cheap to buy new, it's destructive to mount a dish to it, and the mount is not used the way it's designed - but for my needs, it works! I had an old one from the early 1990s lying around, so it was convenient and essentially free. Of course, you can use another mount - but you'll need to ask for someone else's opinion on how that works since equatorial is all I know 😄.

@jwbee
jwbee / readme.md
Last active October 15, 2022 03:44
Help me identify possible tracking device found in my car

Help me identify possible tracking device found in my car

TL;DR

I found a non-OEM electronic gadget in my car. It is wired into the ignition, and contains a 435.10 MHz radio reciever, a microcontroller, and two relays. I suspect it might be a device that allows third parties to unlock the doors and start the car with a radio.

Details

I was driving my 2020 Honda Insight EX when it started to make the annoying sound of an electromechanical relay rapidly switching on and off. When I got home I looked under the dash and straight away I could see someone other than Honda had been in here. The first thing I saw was this surface-mounted switch that doesn't belong there.

@nstarke
nstarke / netgear-private-key-disclosure.md
Last active April 30, 2024 06:02
Netgear TLS Private Key Disclosure through Device Firmware Images

Netgear Signed TLS Cert Private Key Disclosure

Overview

There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.

These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.

The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.

@Alabate
Alabate / usb-android-emulator-ubuntu.md
Last active June 20, 2023 10:48
Use custom USB device with Android emulator by using custom built kernel on Ubuntu 18.04

Use custom USB device with Android emulator by using custom built kernel on Ubuntu 18.04

The android emulator doesn't support all usb devices because they are disabled in the kernel. So we need to build it with another configuration. My goal was to build the same version as it was before, but with just configuration modifications.

Find current android version

Start the emulator without modifications, go into

Configuration > System > About emulated device > Android version

@AnatomicJC
AnatomicJC / android-backup-apk-and-datas.md
Last active June 20, 2024 09:36
Backup android app, data included, no root needed, with adb

Backup android app, data included, no root needed, with adb

Note: This gist may be outdated, thanks to all contributors in comments.

adb is the Android CLI tool with which you can interact with your android device, from your PC

You must enable developer mode (tap 7 times on the build version in parameters) and install adb on your PC.

Don't hesitate to read comments, there is useful tips, thanks guys for this !

@lizthegrey
lizthegrey / attributes.rb
Last active February 24, 2024 14:11
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@adulau
adulau / ghidra-community.md
Last active November 11, 2023 13:16
Ghidra community - collection
@Integralist
Integralist / Python Asyncio Timing Decorator.py
Last active March 17, 2024 10:02
Python Asyncio Timing Decorator
import asyncio
import time
def timeit(func):
async def process(func, *args, **params):
if asyncio.iscoroutinefunction(func):
print('this function is a coroutine: {}'.format(func.__name__))
return await func(*args, **params)
else:
@yann2192
yann2192 / hardening_usbarmory.md
Last active November 22, 2023 11:36
Hardening USB Armory

Hardening the USB Armory

As a good crypto nerd, I usually use an entirely encrypted linux FS: / but also /boot using grub LUKS support. It's a good setup but it's not perfect, the BIOS and the bootloader are not protected.

I recently got a USBArmory and I wanted to apply the same (or a better) setup.

I found some useful links but no clear howto. So this is my setup.