Skip to content

Instantly share code, notes, and snippets.

require 'json'
require 'net/http'
require 'date'
module ATProto
class Session
def initialize(username, password)
@atp_host = ""
@atp_auth_token = ""
@did = ""
@username = username
echuber2 / hanoi_solution_erichuber_commented_Lib.hs
Created April 24, 2018 10:01
CS 421 Spring 2018 - Tower of Hanoi practice problem example solution
-- Tower of Hanoi practice problem by Mattox Beckman
-- example solution by Eric Huber (may be inelegant) 20180424
module Lib where
import Data.Hashable
import qualified Data.HashSet as H
type Stack = [Int]
type Config = (Stack, Stack, Stack)

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active June 1, 2024 04:56 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

vedant1811 / info.txt
Last active May 11, 2020 01:10
Saves all chat history of a telegram user. use as `telegram-cli -D -s save_chat_history.lua`
I had to change this in the telegram CLI to make it work:
atcuno / gist:3425484ac5cce5298932
Last active March 25, 2024 13:55
HowTo: Privacy & Security Conscious Browsing

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents

local xtl_cond_a_result= not (GAMESTATE:IsPlayerEnabled(PLAYER_1) and GAMESTATE:IsPlayerEnabled(PLAYER_2)
and GAMESTATE:GetCurrentSteps(PLAYER_1):GetDifficulty() ~= GAMESTATE:GetCurrentSteps(PLAYER_2):GetDifficulty())
-- XML is so terrible. At least, I hope XML being terrible is the reason why this piece of code was repeated 17 times.
-- score1 = tonumber(string.sub(SCREENMAN:GetTopScreen():GetChild('ScoreP1'):GetChild('ScoreDisplayPercentage Percent'):GetChild('PercentP1'):GetText(), 1, -2))
-- And it's clumsy too, going through the actor tree, hoping those actors exist (they don't if the preferences aren't set to specific things), and then parsing the text.
-- Much better to just fetch the score from STATSMAN. -Kyz
local function get_score(pn)
-- Normally I'd cache the PlayerStageStats for each player in a local
lexruee / bluetooth raspberry-pi
Created January 22, 2015 05:12
install bluetooth and pybluez
sudo apt-get update
sudo apt-get install python-pip python-dev ipython
sudo apt-get install bluetooth libbluetooth-dev
sudo pip install pybluez
dergachev /
Last active May 24, 2024 13:43
How to use setuid to install a root backdoor.

Why You Can't Un-Root a Compromised Machine

Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.

While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).

If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur

yanofsky / LICENSE
Last active June 5, 2024 21:51
A script to download all of a user's tweets into a csv
This is free and unencumbered software released into the public domain.
Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
In jurisdictions that recognize copyright laws, the author or authors
of this software dedicate any and all copyright interest in the
software to the public domain. We make this dedication for the benefit