Skip to content

Instantly share code, notes, and snippets.

View lrvick's full-sized avatar

Lance R. Vick lrvick

381 followers · 118 following
View GitHub Profile
@lrvick
lrvick / gist:7d18cc1cdf8d6e89e7f2a088f32d3a39
Created April 17, 2022 02:49
fido2 debug
lrvick@personal:~$ fido2-token -L
/dev/hidraw1: vendor=0x1050, product=0x0406 (Yubico Yubikey 4 U2F+CCID)
lrvick@personal:~$ strace fido2-cred -M -i cred_param /dev/hidraw1 > cred
execve("/usr/bin/fido2-cred", ["fido2-cred", "-M", "-i", "cred_param", "/dev/hidraw1"], 0x7ffca72914a0 /* 51 vars */) = 0
brk(NULL) = 0x5703cbf21000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=80772, ...}) = 0
mmap(NULL, 80772, PROT_READ, MAP_PRIVATE, 3, 0) = 0x789d7f439000
@lrvick
lrvick / resume.yaml
Created April 10, 2022 23:59
---
basics:
name: Lance R. Vick
label: Security Engineer
picture: 'https://lance.dev/img/profile.jpg'
email: lance@lrvick.net
phone: 650.686.8819
irc: lrvick@irc.freenode.net
url: 'https://lance.dev'
matrix: 'lrvick:matrix.org'
@lrvick
lrvick / gist:b0f4b744ab277582b1f9c50e0eb87e9e
Last active March 4, 2022 03:49
hax.md
Example: Compromise a password protected SSH key:
```
for pid in $(ps --no-headers -fC ssh-agent | awk '{print $2}'); do
mem="$(
grep stack "/proc/${pid}/maps" \
| sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' \
)"
begin=$(echo "$mem" | awk '{print $1}')
end=$(echo "$mem" | awk '{print $2}')
@lrvick
lrvick / README.md
Last active February 2, 2022 06:40
Basecamp BS - How to deal with a clueless non-technical manager that insists you log every last second of your day in Basecamp.

Basecamp BS

How to deal with a clueless non-technical manager that insists you log every last second of your day in Basecamp.

I used this for a few weeks to randomly fill in Basecamp time logs to free up time to actually do my job. He was actually commented how satisfied he was with the level of detail I was logging. Since he didn't catch on on his own, I finally explained it was all random scripted nonsense to prove the point that micro time-management serves no purpose. He never brought up time logging again

@lrvick
lrvick / pgp-policy.json
Created January 21, 2022 10:36
Example verification policy for OpenPGP based on arbitrary metadata values present in signatures in value ranges that must come from respective groups
[{
name: "release-engineers",
min: 1,
members: ['fingerprint1', 'fingerprint2'],
metadata: {
thoroughness: { min: 2 },
understanding: { min: 4 },
rating: { present: true }
}
},
@lrvick
lrvick / gpgbrute.sh
Created January 22, 2017 00:27
The script I used to brute force the password for my master GPG key using a wordlist generated via regldg
#!/bin/bash
tmpdir=$(mktemp -d)
export GNUPGHOME="$tmpdir"
echo "allow-loopback-pinentry" >> "$GNUPGHOME/gpg-agent.conf"
echo "pinentry-mode loopback" >> "$GNUPGHOME/gpg.conf"
function cleanup {
rm -rf "$GNUPGHOME"
}
trap cleanup EXIT
@lrvick
lrvick / flask_geventwebsocket_example.py
Created September 1, 2011 07:17
Simple Websocket echo client/server with Flask and gevent / gevent-websocket
from geventwebsocket.handler import WebSocketHandler
from gevent.pywsgi import WSGIServer
from flask import Flask, request, render_template
app = Flask(__name__)
@app.route('/')
def index():
return render_template('index.html')
@lrvick
lrvick / random_red_team.md
Created December 12, 2018 03:03
Random Red Team

Random Red Team

Summary

This document seeks to detail intentionally introducing security vulnerbilties into projects to test code review processes and foster a healthy and expected culture of distrust and higher security scrutiny during code reviews regardless of social standing, or experience level of the author.

Motivation

@lrvick
lrvick / hardening_playbook.md
Created January 25, 2019 10:33
Hardening Playbook: My dumping ground for my system hardening research, mostly focusing on Linux but paying attention to other systems.

Hardening Playbook

Threat profile

  • Attacker has unlimited funding
  • Attacker has decades of patience
  • Attacker knows everything you do and more
  • Attacker has no morals and can break any law
  • Attacker can compromise any single system
  • Attacker can compromise any single individual
@lrvick
lrvick / role.md
Last active July 28, 2021 17:43
My default canned response to all recruiters. Know what you want out of your career and articulate it specifically if you want to get it either at your current employer, or a different one.

I know exactly what I want in a long term role so I can save us some time.

For me to be willing to change jobs at this point I would expect:

  • A high level of autonomy where I am allowed to work weird hours.
  • Have my obsession for auditable everything be humored/tolerated
    • I prefer to work with open platforms like RISC-V and OpenPower and open operating systems like Linux, FreeBSD, OpenBSD, Sel4, etc
    • I am never asked to rely on any software I can't audit on any of my personal or company devices.
  • No need to go find clients myself or worry about the business side of the house
  • Travel/lodging covered for the 2-3 security conferences I try to attend every year.