kconner

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

RickCogley

This set of "low-hanging fruit" security headers can be set for most websites to cover a range or potential problems and get a better ranking on https://securityheaders.com/. You should not that this does not cover CORS/CSP headers, because they are not "one size fits all" and require trial and error to set. Among these standard headers, the "Permissions-Policy" (previously "Feature-Policy") header requires a bit of thought, and trial and error, so be sure to review and edit as appropriate.

Generally speaking, although you can set some of these directly in HTML, you usually set security headers on the server side, for example in a .htaccess file on Apache, in a file like vercel.json in the root of your site if you're hosting on Vercel (similar for Netlify and can be done in their config file, see below), or under "web rules, header rules" UI if you're hosting on WP Engine (see screenshot).

It's also super simple to implement a static HTML site deployed on Deno Deploy, and served via Deno Oak. See th

gladiatx0r

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

• Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
• Relaying that machine authentication to LDAPS for configuring RBCD
• RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

ssokolow

#!/usr/bin/env python3
"""Flatpak CLI Shortcut Generator

A simple no-argument tool that generates launchers with traditional non-flatpak
command names for your installed Flatpak applications in ~/.local/bin/flatpak.

Does full collision detection and warns you if you forgot to add its output
directory to your PATH. Also overrules the command-line specified in the
``.desktop`` file if the Flatpak maintainer didn't include support for
command-line arguments.

startergo

• Download the full installer:

softwareupdate --list-full-installers
Finding available software
Software Update found the following full installers:
* Title: macOS Ventura, Version: 13.1, Size: 11931164KiB, Build: 22C65
* Title: macOS Ventura, Version: 13.0.1, Size: 11866460KiB, Build: 22A400
* Title: macOS Ventura, Version: 13.0, Size: 11866804KiB, Build: 22A380
* Title: macOS Monterey, Version: 12.6.2, Size: 12104568KiB, Build: 21G320
* Title: macOS Monterey, Version: 12.6.1, Size: 12108491KiB, Build: 21G217

kbeckmann

import time
import psutil
import multiprocessing as mp
from multiprocessing import Process

def f(thread, duty, freq, q):
    p = psutil.Process()
    p.cpu_affinity([thread])

    while True:

Neo23x0

Base64 Patterns - Learning Aid

Base64 Code	Mnemonic Aid	Decoded*	Description
JAB	🗣 Jabber	$.	Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env:
TVq	📺 Television	MZ	MZ header
SUVY	🚙 SUV	IEX	PowerShell Invoke Expression
SQBFAF	🐣 Squab favorite	I.E.	PowerShell Invoke Expression (UTF-16)
SQBuAH	🐣 Squab uahhh	I.n.	PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz
PAA	💪 "Pah!"	<.	Often used by Emotet (UTF-16)

JoeyBurzynski

58 bytes of CSS to look great nearly everywhere

When making this website, i wanted a simple, reasonable way to make it look good on most displays. Not counting any minimization techniques, the following 58 bytes worked well for me:

main {
  max-width: 38rem;
  padding: 2rem;
  margin: auto;
}

dojoe

On systems with UEFI Secure Boot enabled, recent Linux kernels will only load signed modules, so it's about time DKMS grew the capability to sign modules it's building.

These scripts are extended and scriptified variants of https://computerlinguist.org/make-dkms-sign-kernel-modules-for-secure-boot-on-ubuntu-1604.html and https://askubuntu.com/questions/760671/could-not-load-vboxdrv-after-upgrade-to-ubuntu-16-04-and-i-want-to-keep-secur/768310#768310 and add some error checking, a passphrase around your signing key, and support for compressed modules.

dkms-sign-module is a wrapper for the more generic sign-modules which can also be used outside of DKMS.

Installation

1. Create a directory under /root, say /root/module-signing, put the three scripts below in there and make them executable: chmod u+x one-time-setup sign-modules dkms-sign-module

dknoodle

$userPath = $env:USERPROFILE
$pathExclusions = New-Object System.Collections.ArrayList
$processExclusions = New-Object System.Collections.ArrayList

$pathExclusions.Add('C:\Windows\Microsoft.NET') > $null
$pathExclusions.Add('C:\Windows\assembly') > $null
$pathExclusions.Add($userPath + '\AppData\Local\Microsoft\VisualStudio') > $null
$pathExclusions.Add('C:\ProgramData\Microsoft\VisualStudio\Packages') > $null
$pathExclusions.Add('C:\Program Files (x86)\MSBuild') > $null
$pathExclusions.Add('C:\Program Files (x86)\Microsoft Visual Studio 14.0') > $null