jimdigriz

Notes on how to transfer files to airgapped systems.

AWS

ECS

Requirements:

• ECS Exec enabled on your container
• container need to have installed lrzsz (to provide a YMODEM receiver)

jimdigriz

#!/usr/bin/env python3

# DNS-SD SRP Client implementation (draft 23)
# https://datatracker.ietf.org/doc/draft-ietf-dnssd-srp/
#
# Copyright (C) 2023, coreMem Limited <info@coremem.com>
# SPDX-License-Identifier: ISC

# dependency: pip install dnspython~=2.4.0 cryptography~=41.0.0

jimdigriz

These instructions have been adapted from the official docs and avoid you have to run any lengthy scripts but you should still be able to get up and running within five minutes or so.

N.B. since the release of 7.5.x and 8.x there are no longer 32 bit releases (so no armhf) but someone noticed that the packages are architechiture neutral (ie. all) in amd64 so you can just pretend to be amd64 on arm64. When doing this, after the update you will still need to do the snappy fix described below.

I am targetting ARM64 but if you are using x86_64 (aka AMD64/amd64) then you should replace all occurances of arm64 (and armhf) with amd64.

Plumb in the Unifi packaging by running:

sudo curl -o /usr/share/keyrings/unifi-repo.gpg https://dl.ui.com/unifi/

jimdigriz

#!/usr/bin/env python3

import apt

CACHE = apt.Cache()

for pkg in filter(lambda p: p.installed, CACHE):
    origins = pkg.versions[pkg.candidate].origins
    if not any(map(lambda o: o.archive == 'stable', origins)):
        print(pkg, origins[0].archive, origins[0].site)

jimdigriz

/ Poorman's geoIP lookups for kdb+/q using Maxmind's (CSV) GeoIP database
/ Copyright (C) 2023, coreMem Limited <info@coremem.com>
/ SPDX-License-Identifier: Unlicense
/ Website: https://gist.github.com/jimdigriz/2dd4b249d2e3f24d8838f6466674f945
/ Usage:
/ q)/ unzip GeoLite2-Country-CSV_20230117.zip somewhere
/ q)\l maxmind.q
/ q)/ load the GeoIP data in
/ q)maxmind"GeoLite2-Country-CSV_20230117"
/ q)/ load in your dataset

jimdigriz

#!/bin/sh

# This script is used to maintain scrambled kdb+/q '*.q_' files within a git
# project. The unscrambled '*.q' files are retained as an encrypted CMS file
# using recipient certificates generated from a list of OpenSSH public keys
# stored at the top of the project in an '.authorized_keys' file.
#
# For this to work effectively, you need to include '*.q' in your .gitignore
#
# TODO sign the CMS and verify the signature is at least one that is listed

jimdigriz

apt update
apt -y upgrade --no-install-recommends
apt -y install --no-install-recommends \
        build-essential \
        ca-certificates \
        git \
        libdbus-1-dev \
        libnl-3-dev \
        libnl-genl-3-dev \
        libnl-route-3-dev \

jimdigriz

This document describes the process to debug 802.1X on Windows 10 and 11.

It targets the users of RADIUS servers so that they may capture information useful to their RADIUS vendor (ie. NetworkRADIUS) in resolving interoperability issues with the Microsoft EAP supplicant.

Related Links

• Enabling EAPHost Tracing

  • this does not produce usable information for anyone outside of Microsoft

jimdigriz

% https://www.rfc-editor.org/rfc/rfc5869
% https://en.wikipedia.org/wiki/HKDF#Example:_Python_implementation
-define(HASH_LENGTH, 32).       % maps:get(size, crypto:hash_info(sha256))
hkdf(Length, IKM, Salt0, Info) when not is_list(Salt0) andalso not is_binary(Salt0); Salt0 == []; Salt0 == <<>> ->
        Salt = binary:copy(<<0>>, ?HASH_LENGTH),
        hkdf(Length, IKM, Salt, Info);
hkdf(Length, IKM, Salt, Info) ->
        PRK = crypto:mac(hmac, sha256, Salt, IKM),
        hkdf(Length, IKM, Salt, Info, PRK, <<>>, <<>>, 0).
hkdf(Length, _IKM, _Salt, _Info, _PRK, _T0, OKM, I) when I == ceil(Length / ?HASH_LENGTH) ->

jimdigriz

Example of how to glue pyspengo to ldap3 to pull off a GSS-SPNEGO authentication.

. /path/to/your/env_configuration
export LDAP_HOST LDAP_HOST_CA LDAP_USERNAME LDAP_PASSWORD
python ldap-auth-ntlm.py