Skip to content

Instantly share code, notes, and snippets.

View mavam's full-sized avatar

Matthias Vallentin mavam

378 followers · 95 following
View GitHub Profile
@chadbrewbaker
chadbrewbaker / corelight-logs.schema.json
Created October 18, 2021 16:36
Latest Corelight schema - still beta, might be breaking changes
{
"$schema": "https://json-schema.org/draft/2019-09/schema",
"$id": "https://corelight.com/software-sensor.schema.json",
"title": "Corelight Logs",
"description": "Definition of all of the potential logs for this installation",
"$defs": {
"time": {"type": "string", "pattern": "[0-9]{4}-[0-1][0-9]-[0-3][0-9]T[0-2][0-9]:[0-5][0-9]:[0-5][0-9]\\.?[0-9]{0,6}Z"},
"port": {"type": "integer", "minimum": 0, "maximum": 65535},
"count": {"type": "integer", "minimum": 0, "maximum": 18446744073709551615},
"int": {"type": "integer", "minimum": -9223372036854775807, "maximum": 9223372036854775807},
@lava
lava / tls_reverse_shell.md
Last active June 1, 2022 11:39
CI Debugging with a TLS reverse shell

Interactive Debugging on Github Actions

Did you ever run into some issue where a job would behave slightly different in you CI environment than on your local machine? Did you ever wish you could run just a few commands in a shell on your build machine?

These are, of course rhetorical questions. And if you're using Github Actions to run your CI jobs, you'll have noticed that this use case is not supported at all. There are some workarounds (e.g. https://github.com/nektos/act), but since they're not officially supported they can be a bit unstable. Also, even they usually don't reproduce the exact environment found on github's servers.

Minimal Reverse Shell

@lava
lava / git_merge_cheatsheet.md
Created January 17, 2020 09:49
Git Merge Commit Cheatsheet

Git Merge Commit Cheatsheet

Show contents of merge commits in git log -p output:

git log -c

Show changes to current branch in the last 24 hours:

git rev-list --no-merges HEAD \

@simonhf
simonhf / _libarchive-read-blocking.md
Last active October 28, 2023 05:30
Experiments with libarchive read blocking: Part 1

Experiments with libarchive read blocking: Part 1

Disclaimer: Don't know much about libarchive... yet!

Step 1: Describe the issue

  • When reading a streamed archive using archive_read_open() [1] and archive_read_extract() [2] then a callback is called one or more times to read chunks of the archive.
  • This creates an issue if (a) your program needs to wait for the next chunk to arrive, and/or (b) you want to process multiple archive streams in the same thread.
  • Effectively archive_read_open() [1] and archive_read_extract() [2] block until all the necessary number of archive stream chunks have been read via the callback.
@dietmarkuehl
dietmarkuehl / lets-hash-things-over.md
Last active April 19, 2023 12:17
Create a combined hash proposal.

Let's Hash Things Out

At the Albuquerque meeting P0814 "hash_combine() Again" was discussed and accepted for further work by LEWG. Unfortunately, this proposal throws out multiple improvements on hashing supportapproach and disregards a substantial amount of work leading to superior hashing support. This proposal is an attempt to bring the various bits together to avoid accepting an inferior approach into the standard C++ library.

@lattner
lattner / TaskConcurrencyManifesto.md
Last active April 25, 2024 18:22
Swift Concurrency Manifesto
@dferg
dferg / howto-split-dns-macos.md
Last active April 20, 2024 22:51

Introduction

Sometimes you may want to use a DNS server for specific domain requests and another DNS server for all other requests. This is helpful, for instance, when connected to a VPN. For hosts behind that VPN you want to use the VPN's DNS server but all other hosts you want to use Google's public DNS. This is called "DNS splitting."

Here, we run dnsmasq as a background service on macOS. The dnsmasq configuration described below implements DNS splitting.

Install

brew install dnsmasq
@yurishkuro
yurishkuro / gist:10cb2dc42f42a007a8ce0e055ed0d171
Last active April 16, 2024 19:28 — forked from kchida/gist:d1c15f3968f4f8272c49
etcd vs consul vs ???
  • What do Etcd, Consul, and Zookeeper do?
    • Service Registration:
      • Host, port number, and sometimes authentication credentials, protocols, versions numbers, and/or environment details.
    • Service Discovery:
      • Ability for client application to query the central registry to learn of service location.
    • Consistent and durable general-purpose K/V store across distributed system.
      • Some solutions support this better than others.
      • Based on Paxos or some derivative (i.e. Raft) algorithm to quickly converge to a consistent state.
  • Centralized locking can be based on this K/V store.
@NickSeagull
NickSeagull / cheatsheet
Created January 3, 2017 13:48
Cheatsheet for the fugitive.vim VIM-Madrid meetup
# Basic commands
:Git [args] # does what you'd expect
all of your `~/.gitconfig` aliases are available.
:Git! [args] # same as before, dumping output to a tmp file
Moving inside a repo.
@wxsBSD
wxsBSD / ssl-profiling-local.bro
Last active April 3, 2020 01:21

SSL Profiling in Bro

I wrote profiling applications over SSL recently and this is my attempt at doing so in Bro. I haven't written a Bro script before this one so I'm betting I've got a bunch of things wrong here. The code comes in two parts. The first is the main script which has the core logic. The second part is the "local" script which defines the application profiles you are interested in.

The Main Script

@load base/protocols/conn
@load base/protocols/ssl
@load base/frameworks/notice