Skip to content

Instantly share code, notes, and snippets.

View graysonchao's full-sized avatar

Grayson Chao graysonchao

  • Berkeley, CA
View GitHub Profile
panopticon:~ gchao$ sudo tcpdump
Password:
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pktap, link-type PKTAP (Packet Tap), capture size 65535 bytes
22:58:01.535356 IP 209.212.144.79.jetcmeserver > 10.0.1.21.53064: Flags [.], seq 971326800:971328248, ack 758627056, win 501, options [nop,nop,TS val 898360544 ecr 244484858], length 1448
22:58:01.536414 IP 209.212.144.79.jetcmeserver > 10.0.1.21.53064: Flags [P.], seq 1448:2494, ack 1, win 501, options [nop,nop,TS val 898360544 ecr 244484858], length 1046
22:58:01.536442 IP 10.0.1.21.53064 > 209.212.144.79.jetcmeserver: Flags [.], ack 2494, win 8126, options [nop,nop,TS val 244484944 ecr 898360544], length 0
22:58:01.541432 IP 209.212.144.79.jetcmeserver > 10.0.1.21.53064: Flags [P.], seq 2494:3931, ack 1, win 501, options [nop,nop,TS val 898360545 ecr 244484883], length 1437
22:58:01.541465 IP 10.0.1.21.53064 > 209.212.144.79.jetcmeserver: Flags [.], ack 3931, win 8036, options [nop,nop,T
@graysonchao
graysonchao / paramiko_yubikey.py
Last active October 14, 2023 13:58
RSA+YubiKey 2FA example using Paramiko
username = raw_input("Enter SSH username:")
yubikey_string = getpass.getpass('Enter YubiKey OTP:')
client = paramiko.client.SSHClient()
# Any means of getting the PKey will do. This code assumes you've only got one key loaded in your active ssh-agent.
# See also:
# - http://docs.paramiko.org/en/1.17/api/keys.html#paramiko.pkey.PKey
# - http://docs.paramiko.org/en/1.17/api/client.html#paramiko.client.SSHClient.connect
my_pkey = paramiko.agent.Agent().get_keys()[0]
@graysonchao
graysonchao / DFIR.md
Last active January 19, 2024 11:51
Digital Forensics & Incident Response Notes (cleanup in progress)

#DFIR These are my notes from BlackHat 2016 Digital Forensics & Incident Response Training

##Windows Drive Forensics NTFS: host default <---- Course focus ReFS: eventually the host default (not yet) <---- basically nothing FAT: external drives <--- a little focus ExFat: high-cap external drives <--- basically nothing

Our tools will mostly deal with NTFS and FAT.

Keybase proof

I hereby claim:

  • I am graysonchao on github.
  • I am grays0n (https://keybase.io/grays0n) on keybase.
  • I have a public key whose fingerprint is 86A4 396C CA5D 0092 BDF2 2D07 33A2 2568 3402 4217

To claim this, I am signing this object:

@graysonchao
graysonchao / test_suite.py
Last active October 4, 2017 16:48
CS168 proj2 test runner w/ filtering
#!/usr/bin/env python2.7
"""
Test runner for dv_router.py and learning_switch.py.
Add your own tests by creating new files in tests/ and updating main
below.
"""
from __future__ import print_function
@graysonchao
graysonchao / project3_tests.py
Last active November 16, 2017 05:57
Project 3 Updated Test Runner
import argparse
import os
import re
import sys
import traceback
from tests import *
import tests
import client
@graysonchao
graysonchao / cache_is_not_flow_specific.py
Created November 16, 2017 04:00
cache_is_not_flow_specific.py
import os
import sys
import client
import test_utils
import wan
from simple_tests import simple_send_test
def cache_is_not_flow_specific(middlebox_module, testing_part_1):