Skip to content

Instantly share code, notes, and snippets.

View matthieuxyz's full-sized avatar

Matthieu matthieuxyz

11 followers · 4 following
View GitHub Profile
@house9
house9 / git-workflow.rb
Created February 4, 2012 01:54
Git Workflow - add/commit/pull --rebase/push
Always start with
# get the latest code
git checkout master
git pull --rebase
# ==============
Setup to work on new branch / feature
You are going to be doing one of two things before adding new changes:
@marktheunissen
marktheunissen / pedantically_commented_playbook.yml
Last active June 5, 2024 22:16 — forked from phred/pedantically_commented_playbook.yml
Insanely complete Ansible playbook, showing off all the options
This playbook has been removed as it is now very outdated.
@grugq
grugq / gist:03167bed45e774551155
Last active April 6, 2024 10:12
operational pgp - draft

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.

@thiloplanz
thiloplanz / Zero_knowledge_db.md
Last active June 2, 2024 16:40
Zero-knowledge databases

Zero knowledge databases

The idea

The idea is to provide a database as a service to end users in such a way that no one except the user herself can access the data, not even the hosting provider or the database administrator.

Advantages

  • A privacy- and/or security-conscious user will have more trust in such a setup.
  • The service provider cannot be coerced to release the data they were trusted with, and he cannot be held responsible for the content he is storing.
@mik30s
mik30s / webcam_capture.cpp
Last active October 16, 2023 05:06
Simple C++ program to capture a webcam frame in Linux
#include <iostream>
#include <stdio.h>
#include <stdlib.h>
#include <linux/ioctl.h>
#include <linux/types.h>
#include <linux/v4l2-common.h>
#include <linux/v4l2-controls.h>
#include <linux/videodev2.h>
#include <fcntl.h>
#include <unistd.h>
@williballenthin
williballenthin / hint_calls.py
Last active April 4, 2024 03:40
'''
IDA plugin to display the calls and strings referenced by a function as hints.
Installation: put this file in your %IDADIR%/plugins/ directory.
Author: Willi Ballenthin <william.ballenthin@fireeye.com>
Licence: Apache 2.0
'''
import idc
import idaapi
import idautils
@rsmudge
rsmudge / comexec.cna
Created January 6, 2017 22:06
Lateral Movement with the MMC20.Application COM Object (Aggressor Script Alias)
# Lateral Movement alias
# https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
# register help for our alias
beacon_command_register("com-exec", "lateral movement with DCOM",
"Synopsis: com-exec [target] [listener]\n\n" .
"Run a payload on a target via DCOM MMC20.Application Object");
# here's our alias to collect our arguments
alias com-exec {
@hfiref0x
hfiref0x / main.c
Last active May 15, 2023 17:33
NtLoadEnclaveData Windows 10 RS3 DSE bypass
// Original source link https://twitter.com/hFireF0X/status/887930221466443776
// If you are here from any other link - do know that they just steal original info without giving any credit to source
// This bug has been fixed in 16273 public build.
#include "global.h"
HINSTANCE g_hInstance;
HANDLE g_ConOut = NULL;
BOOL g_ConsoleOutput = FALSE;
WCHAR g_BE = 0xFEFF;
@mackwage
mackwage / windows_hardening.cmd
Last active June 8, 2024 16:54
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@typokign
typokign / zoomsucks.md
Last active September 8, 2023 05:06
Zoom Sucks

Zoom Sucks

  • Zoom abuses the installer flow on MacOS to bypass permissions dialogs (source)
  • Zoom sends identifying device info to Facebook, even when users don't have a Facebook account (source) (fixed)
  • A bug in Zoom sent identifying information (including email addresses and profile pictures) of thousands of users to strangers (source)
  • Zoom claims that meetings are end-to-end encrypted in their white paper and marketing materials, but meetings are only encrypted in transit, and are available in plaintext to Zoom servers and employees. (source)
  • zoomAutenticationTool can be used to escalat