geerlingguy

#!/bin/bash

# The default BAR address space available on the CM4 may be too small to allow
# some devices to initialize correctly. To avoid 'failed to assign memory'
# errors on boot, you can increase the range of the PCIe bus in the Raspberry
# Pi's Device Tree (a .dtb file specific to each Pi model).
#
# You should probably read up on Device Trees if you don't know what they are:
# https://www.raspberrypi.org/documentation/configuration/device-tree.md
#

SwitHak

CVE-2020-10713 AKA BootHole

• Logo
• Cool Name : BootHole

General

• GRUB2 -> GRand Unified Bootloader version 2 -Don't hurry up on the patches, RedHat have some bug within and also test before production. -It's a cool vuln, cool name, cool logo, but take your time to test the patches, boot isn't something you patching every month, take care !
• TBD

SwitHak

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

• Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
• The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
• The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

• NSA description:
• NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.

mtigas

#!/bin/bash

# needs openssl 1.1+
# needs `basez` https://manpages.debian.org/testing/basez/base32hex.1.en.html
#   (but something else that decodes the base64 and re-encodes the raw key bytes
#    to base32 is probably fine too)

##### generate a key

openssl genpkey -algorithm x25519 -out /tmp/k1.prv.pem

7MinSec

How to Build a Cuckoo Sandbox Malware Analysis System

I had a heck of a time getting a Cuckoo sandbox running, and below I hope to help you get one up and running relatively quickly by detailing out the steps and gotchas I stumbled across along the way. I mention this in the references at the end of this gist, but what you see here is heavily influenced by this article from Nviso

Build your Linux Cuckoo VM

1. Setup a Ubuntu 16.04 64-bit desktop VM (download here) in VMWare with the following properties:

• 100GB hard drive
• 2 procs
• 8 gigs of RAM

andrewlkho

These instructions are for implementing HTTPS on a NFSN-hosted static site using a certificate from Let's Encrypt. The certificate is generated manually on a separate computer.

Start off by installing the letsencrypt client. This requires sudo privileges and will install a bunch of packages:

% curl -O https://dl.eff.org/certbot-auto
% chmod +x ./certbot-auto
% ./certbot-auto

Generate the certificate. This will require you to publish some challenge responses on NFSN. I find it easiest to use tmux with letsencrypt running in one window and an SSH session to NFSN in another:

joepie91

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

• A Russian translation of this article can be found here, contributed by Timur Demin.
• A Turkish translation can be found here, contributed by agyild.
• There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.