Skip to content

Instantly share code, notes, and snippets.

View kravietz's full-sized avatar

Paweł Krawczyk kravietz

83 followers · 22 following
View GitHub Profile
@joepie91
joepie91 / vpn.md
Last active May 5, 2024 17:55
Don't use VPN services.

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

  • A Russian translation of this article can be found here, contributed by Timur Demin.
  • A Turkish translation can be found here, contributed by agyild.
  • There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
@ageis
ageis / systemd_service_hardening.md
Last active May 4, 2024 15:57
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
@hubgit
hubgit / README.md
Last active May 2, 2024 10:55
Remove metadata from a PDF file, using exiftool and qpdf. Note that embedded objects may still contain metadata.

Anonymising PDFs

PDF metadata

Metadata in PDF files can be stored in at least two places:

  • the Info Dictionary, a limited set of key/value pairs
  • XMP packets, which contain RDF statements expressed as XML

PDF files

@rjhansen
rjhansen / keyservers.md
Last active April 14, 2024 12:28
SKS Keyserver Network Under Attack

SKS Keyserver Network Under Attack

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Terminological Note

"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.

Who am I?

@kwk
kwk / Makefile
Last active March 17, 2024 22:54
Compiling with Address Sanitizer (ASAN) with CLANG and with GCC-4.8
.PHONY: using-gcc using-gcc-static using-clang
using-gcc:
g++-4.8 -o main-gcc -lasan -O -g -fsanitize=address -fno-omit-frame-pointer main.cpp && \
ASAN_OPTIONS=symbolize=1 ASAN_SYMBOLIZER_PATH=$(shell which llvm-symbolizer) ./main-gcc
using-gcc-static:
g++-4.8 -o main-gcc-static -static-libstdc++ -static-libasan -O -g -fsanitize=address -fno-omit-frame-pointer main.cpp && \
ASAN_OPTIONS=symbolize=1 ASAN_SYMBOLIZER_PATH=$(shell which llvm-symbolizer) ./main-gcc-static
@larsch
larsch / archlinuxarm-on-nanopi-r2s.md
Created October 10, 2020 10:48
Installing Arch Linux AArch64 on the NanoPi R2S

Installing Arch Linux AArch64 on the NanoPi R2S

There is current no support for the NanoPi R2S in ArchLinuxArm, but it's possible to run it using the generic aarch64 installation.

Prepare sd-card/image

  1. Copy bootloader and uBoot from an armbian image using for the NanoPi R2S using dd (sectors 32 to 32767) everything before the partition, except the partition table).
  2. Create an ext4 partition on /dev/mmcblk0p1 at offset of 32768 sectors (16384 KiB):
Device         Boot Start      End  Sectors  Size Id Type
@jult
jult / blockpeers.sh
Last active March 5, 2024 07:33
blocking p2p peer snoopers and evil corp (for Tixati IP filter and such)
#!/bin/sh
# This script runs every other night at 04:56 CET on a webserver I maintain
# Results are always at: https://jult.net/block.txt ( or https://jult.net/block.txt.gz )
# And much smaller, stripped of BS; https://jult.net/bloc.txt
# For use in Tixati IP filter: https://jult.net/bloc.txt.gz !!!
# And finally a txt file with just the bold IP-ranges: https://jult.net/bl.txt (or https://jult.net/bl.txt.gz )
# Download open block-lists, unpack, filter:
curl -s https://www.iblocklist.com/lists.php | grep -A 2 Bluetack | xargs wget -qO - --limit-rate=500k | gunzip -f | egrep -v '^#' > /tmp/xbp
@dwisiswant0
dwisiswant0 / st8out.sh
Last active February 17, 2024 16:48
St8out - Extra one-liner for reconnaissance
#!/bin/bash
#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor
@ruario
ruario / 1-README.md
Last active February 7, 2024 18:46
A script that fetches a ChromeOS image for ARM32 and extracts the Widevine binary, saving it in a compressed archive for use with Vivaldi

The included script 'widevine-flash_armhf.sh' fetches a ChromeOS image for ARM and extracts the Widevine binary, saving it in a compressed archive. Since it downloads a fairly large file (2Gb+ on disk after download) it is recommended that you run the script on a machine that has plenty of disk space.

To install the resultant archive, issue the following on your ARM machine–after copying over the archive if needed:

sudo tar Cfx / widevine-flash-20200124_armhf.tgz

(Where 'widevine-flash-20200124_armhf.tgz' is updated to reflect the actual name of the created archive)

@hasherezade
hasherezade / test.reg
Last active December 31, 2023 19:26
Demo: persistence key not visible for sysinternals autoruns (in a default configuration - read more: https://twitter.com/hasherezade/status/849756054145699840)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
@="Rundll32.exe SHELL32.DLL,ShellExec_RunDLL \"C:\\ProgramData\\test.exe\""