Skip to content

Instantly share code, notes, and snippets.


Moved to

A new version of this report is located at ProPublica. Includes more detail and a comment from Susan Prosser, Vice President of Industry Relations at DomainTools, about the how the DomainTools "IP Explorer" tool gathers the "C block owner" value.

The new version mostly just adds information, but previous versions of this gist can still be seen at the "Revisions" button to the left. Earlier versions should be considered draft quality.

mtigas /
Last active Dec 19, 2015
Simple subclass of Django PBKDF2PasswordHasher (which uses pbkdf2+sha256) that ups `iterations` to 3x the Django default and adjusts digest to use SHA384 (to fit within the 128 char limit in DB).
from django import VERSION
if (VERSION[0] == 1) and (VERSION[1] >= 4):
from django.contrib.auth.hashers import PBKDF2PasswordHasher
import hashlib
class PBKDF2SHA384PasswordHasher(PBKDF2PasswordHasher):
# don't use SHA512: growing the `iterations` too much will likely
# cause name:itr:hash to grow beyond the 128 character limit for
# the `password` field in DB

Patches for ssldump

Patches for [ssldump][ssldump] (the last ssldump-0.9b3.tar.gz version).

You can install a Mac OS X version of ssldump with these patches included, using [Homebrew][brew]. Check for instructions.

Patch 2-ssldump-tls12.diff adds information about new TLSv1.2 cipher suites

mtigas / gist:5959014
Last active Dec 19, 2015
List of some cybersecurity-related sessions from recent journalism conferences
View gist:5959014



mtigas /
Last active Dec 11, 2015 — forked from argv0/gist:3627514
oh god what have i done
usage: [-h] [--num NUM] archive_dir
Generate some tweets based on the CSV in a Twitter archive download
positional arguments:
archive_dir path your unzipped Twitter archive
optional arguments:
-h, --help show this help message and exit
View base.html
<!doctype html>
{% block extra_head_tags %}{% endblock %}
{% block content %}{% endblock %}
View gist:4323274
sudo aptitude remove nginx-light nginx nginx-common nginx-full
sudo apt-get install python-software-properties software-properties-common
sudo add-apt-repository ppa:chris-lea/nginx-devel
sudo aptitude update
sudo apt-get install nginx-light
mtigas /
Last active Apr 21, 2017
this is the nginx config for, with config to avoid the BEAST exploit (by using TLS 1.2+ ciphers or RC4) and enable SSL perfect forward secrecy (by preferring ECDHE ciphers)

[][mta] server configuration

This gist contains the nginx and tor configurations for the [][mta] servers, mainly to show:

  • Use of the chris-lea/nginx-devel PPA to allow use of SPDY.
  • ssl_ciphers selection to mitigate BEAST attack, enable [perfect forward secrecy][pfs] if possible and select the strongest possible ciphers within those bounds. (Exception is made for several ciphers at the end of list, for compatibility reasons.)