joostd

#!/usr/bin/env python

# verify attestation information to cryptographically prove that a given key is hardware-backed. 
# For instance:
#
# ./ssh-sk-attest.py --key id.pub --attestation attestation.bin --challenge challenge.bin --mds mds.jwt

# To generate an SSH pubkey, a challenge, and an attestation:
# openssl rand 128 > challenge.bin
# ssh-keygen -t ${KEYTYPE} -f ./id -N "" -O challenge=challenge.bin -O write-attestation=attestation.bin

take-five

Copyright 2020 Glia Inc.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER D

skiptomyliu

# Transparent Envoy Proxy that forwards http/https 
# Create iptables to route 80 + 443 to 10000:
# $ iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner envoyuser --dport 443 -j REDIRECT --to-port 10000
# $ iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner envoyuser --dport 80 -j REDIRECT --to-port 10000
# Run envoy
# $ envoy -c dynamic_fwd_http_sni.yaml -l debug

admin:
  access_log_path: /home/envoyuser/admin/admin_access.log
  address:

maestre3d

package sse

import (
	"encoding/json"
	"fmt"
	"github.com/alexandria-oss/core"
	"github.com/go-kit/kit/log"
	"net/http"
	"sync"
)

ddddxxx

// This file is based largely on the Runtime package - https://github.com/wickwirew/Runtime

extension KeyPath {
    
    var fieldName: String? {
        guard let offset = MemoryLayout<Root>.offset(of: self) else {
            return nil
        }
        let typePtr = unsafeBitCast(Root.self, to: UnsafeMutableRawPointer.self)
        let metadata = typePtr.assumingMemoryBound(to: StructMetadata.self)

Azoy

// macOS x86_64 syscall works as follows:
// Syscall id is moved into rax
// 1st argument is moved into rdi
// 2nd argument is moved into rsi
// 3rd argument is moved into rdx
// ... plus some more
// Return value is stored in rax (where we put syscall value)

// Mac syscall enum that contains the value to correctly call it
enum Syscall: Int {

hfossli

//
//  ASN1.swift
//  ASN1
//
//  Created by Håvard Fossli on 29.08.2018.
//  Copyright © 2018 Håvard Fossli. All rights reserved.
//

import Foundation

jessfraz

High-Level Security Profile Generator

(originally from my proposal on moby/moby#17142 (comment) but generic)

The profile would generate artificats of an apparmor profile and seccomp filters.

Obviously doesn't have to be toml since that's super hipster :p

Assumptions

• no one is going to sit and write out all the syscalls/capabilities their app needs
• automatic profiling would be super cool but like aa-genprof it is never

oinopion

-- Create a group
CREATE ROLE readaccess;

-- Grant access to existing tables
GRANT USAGE ON SCHEMA public TO readaccess;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readaccess;

-- Grant access to future tables
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readaccess;

lmmendes

Instructions to DUMP localy a Elasticache Redis database

Connect to Redis CLI

$ redis-cli

Enable the current redis as a slave for the master node