Skip to content

Instantly share code, notes, and snippets.

View herrjemand's full-sized avatar

Ackermann Yuriy herrjemand

View GitHub Profile
emlun /
Last active February 20, 2020 15:19
DRAFT: WebAuthn recovery credentials extension
watahani / verifySafetyNetAttestation.js
Last active December 4, 2020 09:18
verify SafetyNet Attestation
const base64url = require("base64url")
const cbor = require('cbor')
const crypto = require('crypto')
const jsrsasign = require('jsrsasign')
//sample attestation ;)
const attestationResponse = {

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

umidjons /
Last active March 13, 2022 07:12
AES-256-CBC example in Node.js using crypto module

AES-256-CBC example in Node.js using crypto module

'use strict';
const crypto = require('crypto');

// get password's md5 hash
let password = 'test';
let password_hash = crypto.createHash('md5').update(password, 'utf-8').digest('hex').toUpperCase();
console.log('key=', password_hash); // 098F6BCD4621D373CADE4E832627B4F6
apowers313 / UAFTLV.js
Last active June 11, 2023 07:06
UAF TLV Decoder Example
var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
// Use a lookup table to find the index.
var lookup = new Uint8Array(256);
for (var i = 0; i < chars.length; i++) {
lookup[chars.charCodeAt(i)] = i;
// stolen from:
joepie91 /
Last active April 10, 2024 18:45
Secure random values (in Node.js)

Not all random values are created equal - for security-related code, you need a specific kind of random value.

A summary of this article, if you don't want to read the entire thing:

  • Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
  • Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
  • If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.
  • If you want to generate random numbers in a range: Use random-number-csprng.

You should seriously consider reading the entire article, though - it's

stinger / Swift3URLComponent.swift
Created June 21, 2016 11:03
Swift 3: Using URLComponents
//: # Swift 3: Using URLComponents
import Foundation
//: ### Compose the componens
var url = URLComponents()
url.scheme = "http" = ""
//: ### Pass the query string parameters
url.queryItems = [
URLQueryItem(name: "test", value: "data"),
secvalve /
Created May 25, 2016 00:34
A bash script that uses CURL to get a file in parts, ala axel. Usage: baxel numparts url eg ./baxel 3
#$1 numparts, #$2 url
#Get length
TL=$(curl -sI $2 | grep Content-Length | awk '{printf "%d", $2}')
echo "$s is $TL Bytes Long”
for i in `seq 0 $(( $1 - 1 ))`;
application2000 / how-to-install-latest-gcc-on-ubuntu-lts.txt
Last active February 21, 2024 03:02
How to install latest gcc on Ubuntu LTS (12.04, 14.04, 16.04)
These commands are based on a askubuntu answer
To install gcc-6 (gcc-6.1.1), I had to do more stuff as shown below.
If you are still reading let's carry on with the code.
sudo apt-get update && \
sudo apt-get install build-essential software-properties-common -y && \
sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y && \
skratchdot / arrayBufferToString.js
Created March 3, 2016 04:43
Array Buffer -> String and String -> ArrayBuffer conversions in javascript
// source:
function ab2str(buf) {
return String.fromCharCode.apply(null, new Uint16Array(buf));