smx-smx

XZ Backdoor symbol deobfuscation. Updated as i make progress

thesamesam

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

tprelog

#!/usr/bin/env bash

#
# Enable docker and docker-compose on TrueNAS SCALE (no Kubernetes)
#
# This script is a hack! Use it at your own risk!!
# Using this script to enable Docker is NOT SUPPORTED by ix-systems!
# You CANNOT use SCALE Apps while using this script!
#
# 1  Create a dedicated Docker dataset in one of your zpools

Jip-Hop

#!/usr/bin/env bash

#
# Enable docker and docker-compose on TrueNAS SCALE (no Kubernetes)
#
# This script is a hack! Use it at your own risk!!
# Using this script to enable Docker is NOT SUPPORTED by ix-systems!
# You CANNOT use SCALE Apps while using this script!
#
# 1  Create a dedicated Docker zvol on one of your zpools: zfs create -V 100G data/_docker

zthxxx

Note

For every body who using Win10/11 with new Office that you need to know:

to active Office without crack, just follow https://github.com/WindowsAddict/IDM-Activation-Script,

you wiil only need to run

irm https://massgrave.dev/ias | iex

nardev

display torig borig;   # Display the top and bottom origins
group all;             # Group everything
smash (C>0 0);         # Smash everything in the group
display none tname bname tval bval; # OPTIONAL: limit changes to
names and values
group all;             # Group everything including smashed texts.
change font vector (C>0 0); # Change the font to a vector font
change size 50mil (C>0 0); # Change the font size
change ratio 15 (C>0 0); # Change the width:height ratio

gboudreau

Generating Authy passwords on other authenticators

---

*update: TBC, but this new might affect how easy it is to use this technique past August 2024: Authy is shutting down its desktop app | The 2FA app Authy will only be available on Android and iOS starting in August

---

This gist, based in part on a gist by Brian Hartvigsen, allows you to export from Authy your TOTP tokens you have stored there.
Those can be "standard" 6-digits / 30 secs tokens, or Authy's own version, the 7-digits / 10 secs tokens.

leolorenzoluis

# Bash best practices and style-guide

Just simple methods to keep the code clean.

Inspired by [progrium/bashstyle](https://github.com/progrium/bashstyle) and [Kfir Lavi post](http://www.kfirlavi.com/blog/2012/11/14/defensive-bash-programming/).


## Quick big rules
* All code goes in a function
* Always double quote variables

noromanba

how to disable apt-daily.timer

$ systemctl stop apt-daily.timer
$ systemctl disable apt-daily.timer
$ systemctl mask apt-daily.service
$ systemctl daemon-reload

check current status

gbaman

Setting up Pi Zero OTG - The quick way (No USB keyboard, mouse, HDMI monitor needed)

More details - http://blog.gbaman.info/?p=791

For this method, alongside your Pi Zero, MicroUSB cable and MicroSD card, only an additional computer is required, which can be running Windows (with Bonjour, iTunes or Quicktime installed), Mac OS or Linux (with Avahi Daemon installed, for example Ubuntu has it built in).
1. Flash Raspbian Jessie full or Raspbian Jessie Lite onto the SD card.
2. Once Raspbian is flashed, open up the boot partition (in Windows Explorer, Finder etc) and add to the bottom of the config.txt file dtoverlay=dwc2 on a new line, then save the file.
3. If using a recent release of Jessie (Dec 2016 onwards), then create a new file simply called ssh in the SD card as well. By default SSH i