I hereby claim:
- I am jason-callaway on github.
- I am jasoncallaway (https://keybase.io/jasoncallaway) on keybase.
- I have a public key whose fingerprint is C3AF 762D 4E3A 9E39 E335 BE1C CAF6 1BBE 5571 5477
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
### Keybase proof | |
I hereby claim: | |
* I am jason-callaway on github. | |
* I am jasoncallaway (https://keybase.io/jasoncallaway) on keybase. | |
* I have a public key whose fingerprint is D9DB 8830 DBE0 2D60 6566 94F4 1BCC 8A43 D9DD 8914 | |
To claim this, I am signing this object: |
[OSEv3:children] | |
masters | |
nodes | |
[OSEv3:vars] | |
ansible_ssh_user=ec2-user | |
ansible_sudo=true | |
containerized=false | |
ansible_become=yes | |
debug_level=2 |
#!/bin/bash | |
for i in {1..40}; do | |
# Make the user | |
s="student${i}" | |
useradd -m ${s} | |
# Set up AWS CLI | |
mkdir -p ${s}/.aws | |
cp /root/.aws/* ${s}/.aws/ |
#!/bin/bash | |
# Tested on RHEL 7.2, 2 Oct 2016 | |
yum update -y | |
yum install -y curl policycoreutils openssh-server openssh-clients | |
systemctl enable sshd | |
systemctl start sshd | |
yum install -y postfix | |
systemctl enable postfix |
import time | |
from github import Github | |
# We have pre-fab issues in my_issues.py that I generated from the spreadsheet. | |
# TODO: make this automatic | |
from my_issues import * | |
''' | |
my_issues.py example: | |
i = {} |
#!/bin/python | |
import boto.ec2 | |
whitelist = ["id1", "id2", "id3"] | |
conn = boto.ec2.connect_to_region("us-east-1", | |
aws_access_key_id="redacted", | |
aws_secret_access_key="redacted") |
$ r2 /home/jason/.config/google-chrome/Default/Extensions/fahmaaghhglfmonjliepjlchgpgfmobi/1.381.0_0/_platform_specific/x86-64/libid3lib.so | |
-- Interpret radare2 scripts with '. <path-to-script>'. Similar to the bash source alias command. | |
[0x0000b080]> aa | |
[Cannot find function 'entry0' at 0x0000b080 entry0 (aa) | |
[x] Analyze all flags starting with sym. and entry0 (aa) | |
[0x0000b080]> afl | |
[0x0000b080]> v | |
[0x0000b080 4% 1456 /home/jason/.config/google-chrome/Default/Extensions/fahmaa | |
- offset - 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF comment | |
0x0000b080 ffff ffff ffff ffff ffff ffff ffff ffff ................ ; section 3 va=0x0000b080 pa=0x0001b080 sz=348032 vsz=348032 rwx=--r-x .text |
Following reproduced verbatim from Mudge and Sarah Zatko's [Def Con 24 presentation][0].
Value | Static Analysis Feature |
---|---|
-5 | No 64 bit version of application available |
-20 | Each missing application armoring feature. This includes ASLR, DEP, Heap Protection, and Stack Guards. |
-5 | Source code is not fortified at all. |
+5 | Source code is entirely fortified. If source was a mix of fortified and unfortified functions, then source did not change at all. |
-25 | Ick functions are present in the code. |
-15 | Bad functions are present in the code. If there are only randomness functions in this category, such as rand or srand , then the penalty is 7.5 instead. |
#!/usr/bin/env python3 | |
import numpy as np | |
import scipy.stats as stats | |
import sys | |
import pylab as pl | |
# to make afCc.txt | |
# find ctl-results/fedora/27 -type f -exec grep afCc {} \; | grep -v null | awk '{print $2}' | sed -e 's/,$//' > afCc.txt |