Skip to content

Instantly share code, notes, and snippets.


Lance R. Vick lrvick

View GitHub Profile
View Makefile
mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST)))
current_dir := $(notdir $(patsubst %/,%,$(dir $(mkfile_path))))
userid = $(shell id -u)
groupid = $(shell id -g)
image = "bitgo/$(current_dir):latest"
default: build
lint: helm-lint
fetch: submodule-update
latest: submodule-latest build
View gist:f106d30826eb4680f2e447c5967a11db
[lrvick@qatan crosshatch-PQ3A.190801.002]$ ls -lah crosshatch-avb_pkmd.bin
-rw-r--r-- 1 lrvick lrvick 520 Aug 6 2019 crosshatch-avb_pkmd.bin
[lrvick@qatan crosshatch-PQ3A.190801.002]$ sudo ./fastboot flash avb_custom_key crosshatch-avb_pkmd.bin
target reported max download size of 268435456 bytes
Sending 'avb_custom_key' (0 KB)...
OKAY [ 0.120s]
Writing 'avb_custom_key'...
FAILED (remote: Failed flash avb custom key Device Error)
Finished. Total time: 0.687s
lrvick /
Last active Feb 13, 2020
PhysSec Shopping List

PhysSec Shopping List

Need to get into a building? Start a police car? Borrow a bulldozer? Go to a restricted elevator floor? It is pretty easy with the right tools and sometimes a bit of practice.

Knowing what those tools even are is half the battle. This guide attempts to solve that for you for for free.

Actually obtaining these tools is non-trivial but -all- of them can be obtained

lrvick /
Last active Mar 6, 2020
My default canned response to all recruiters. Know what you want out of your career and articulate it specifically if you want to get it either at your current employer, or a different one.

I know exactly what I want in a long term role so I can save us some time.

For me to be willing to change jobs at this point I would expect:

  • A high level of autonomy where I am allowed to work weird hours.
  • Have my obsession for auditable everything be humored/tolerated
    • I prefer to work with open platforms like RISC-V and OpenPower and open operating systems like Linux, FreeBSD, OpenBSD, Sel4, etc
    • I am never asked to rely on any software I can't audit on any of my personal or company devices.
  • No need to go find clients myself or worry about the business side of the house
  • Travel/lodging covered for the 2-3 security conferences I try to attend every year.
View xinitrc
# Let GPG know about our current terminal
gpg-connect-agent updatestartuptty /bye
# Start compositor for faster rendering for terminals etc
compton &
# Set wallpaper
nitrogen --set-scaled ~/.wallpaper/yourcoolwallpaper.jpg
lrvick / usbninja.ino
Last active Sep 6, 2019
One size fits all BadUSB attack for Mac/Windows for the USBNinja. Logs all attacks to server. Server can optionally provide a unique payload for each target hostname/user combo.
View usbninja.ino
#include <NinjaKeyboard.h>
void setup(){}
void loop() {}
void payloadA(){
lrvick /
Last active Feb 20, 2019
An opinionated git workflow optimized for a strong resistance to tampering by any single party.

Distributed Trust Git Flow


  • Remove chance of undetected malicious or accidental mutations of code in VCS
  • The VCS and review tool servers as well as their maintainers must never be trusted.
  • We must be able to cryptographically prove
    • Who authored all commits
    • Who on engineering team signed the release candidate tag on a ref
    • Who on release team signed the release tag for a ref
lrvick /
Created Jan 25, 2019
Hardening Playbook: My dumping ground for my system hardening research, mostly focusing on Linux but paying attention to other systems.

Hardening Playbook

Threat profile

  • Attacker has unlimited funding
  • Attacker has decades of patience
  • Attacker knows everything you do and more
  • Attacker has no morals and can break any law
  • Attacker can compromise any single system
  • Attacker can compromise any single individual

Random Red Team


This document seeks to detail intentionally introducing security vulnerbilties into projects to test code review processes and foster a healthy and expected culture of distrust and higher security scrutiny during code reviews regardless of social standing, or experience level of the author.


lrvick /
Created Oct 2, 2018
Git diff-tree issues

Git 2.11.0

$ git rev-parse HEAD
$ git diff-tree -p "HEAD^"..HEAD | sha256sum
ae4fc1d2285ab6ac84cdd8ff6235f5534b6ded467dd8f586cbe1bfe885cc1afe  -
$ git diff-tree -p "HEAD^"..HEAD | git patch-id --stable
d9c0bf01265096e69f24b6e10d6c471f92d203c3 0000000000000000000000000000000000000000
You can’t perform that action at this time.