Skip to content

Instantly share code, notes, and snippets.

View m-barthelemy's full-sized avatar

Matthieu Barthelemy m-barthelemy

View GitHub Profile
@joostd
joostd / ssh-sk-attest.py
Last active April 23, 2024 07:34
Verify an OpenSSH key attestation to cryptographically prove that a given key is hardware-backed.
#!/usr/bin/env python
# verify attestation information to cryptographically prove that a given key is hardware-backed.
# For instance:
#
# ./ssh-sk-attest.py --key id.pub --attestation attestation.bin --challenge challenge.bin --mds mds.jwt
# To generate an SSH pubkey, a challenge, and an attestation:
# openssl rand 128 > challenge.bin
# ssh-keygen -t ${KEYTYPE} -f ./id -N "" -O challenge=challenge.bin -O write-attestation=attestation.bin
@take-five
take-five / LICENSE.md
Last active April 1, 2024 22:55
Fast logical replication initializer for PostgreSQL

Copyright 2020 Glia Inc.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER D

@skiptomyliu
skiptomyliu / dynamic_fwd_http_sni.yaml
Last active December 24, 2022 11:06
Dynamic Forward Proxy HTTP + SNI
# Transparent Envoy Proxy that forwards http/https
# Create iptables to route 80 + 443 to 10000:
# $ iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner envoyuser --dport 443 -j REDIRECT --to-port 10000
# $ iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner envoyuser --dport 80 -j REDIRECT --to-port 10000
# Run envoy
# $ envoy -c dynamic_fwd_http_sni.yaml -l debug
admin:
access_log_path: /home/envoyuser/admin/admin_access.log
address:
@maestre3d
maestre3d / sse.go
Created July 25, 2020 17:15
Server Sent Events (SSE) broker written in Go
package sse
import (
"encoding/json"
"fmt"
"github.com/alexandria-oss/core"
"github.com/go-kit/kit/log"
"net/http"
"sync"
)
@ddddxxx
ddddxxx / KeyPath+fieldName.swift
Last active April 28, 2023 10:24
KeyPath Introspection
// This file is based largely on the Runtime package - https://github.com/wickwirew/Runtime
extension KeyPath {
var fieldName: String? {
guard let offset = MemoryLayout<Root>.offset(of: self) else {
return nil
}
let typePtr = unsafeBitCast(Root.self, to: UnsafeMutableRawPointer.self)
let metadata = typePtr.assumingMemoryBound(to: StructMetadata.self)
@Azoy
Azoy / syscall.swift
Last active August 25, 2023 21:49
Raw system calls in Swift
// macOS x86_64 syscall works as follows:
// Syscall id is moved into rax
// 1st argument is moved into rdi
// 2nd argument is moved into rsi
// 3rd argument is moved into rdx
// ... plus some more
// Return value is stored in rax (where we put syscall value)
// Mac syscall enum that contains the value to correctly call it
enum Syscall: Int {
@hfossli
hfossli / ASN1.swift
Created November 9, 2018 13:37
ASN1 DER encoder and decoder in swift
//
// ASN1.swift
// ASN1
//
// Created by Håvard Fossli on 29.08.2018.
// Copyright © 2018 Håvard Fossli. All rights reserved.
//
import Foundation
@jessfraz
jessfraz / proposal.md
Created February 3, 2017 00:09
High-Level Security Profile Generator

High-Level Security Profile Generator

(originally from my proposal on moby/moby#17142 (comment) but generic)

The profile would generate artificats of an apparmor profile and seccomp filters.

Obviously doesn't have to be toml since that's super hipster :p

Assumptions

  • no one is going to sit and write out all the syscalls/capabilities their app needs
  • automatic profiling would be super cool but like aa-genprof it is never
@oinopion
oinopion / read-access.sql
Created October 5, 2016 13:00
How to create read only user in PostgreSQL
-- Create a group
CREATE ROLE readaccess;
-- Grant access to existing tables
GRANT USAGE ON SCHEMA public TO readaccess;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readaccess;
-- Grant access to future tables
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readaccess;
@lmmendes
lmmendes / elasticache_dump_to_rdb.md
Last active May 28, 2021 07:36
Save Amazon ElastiCache Redis to file dump.rdb

Instructions to DUMP localy a Elasticache Redis database

Connect to Redis CLI

$ redis-cli

Enable the current redis as a slave for the master node