Skip to content

Instantly share code, notes, and snippets.

View nganhkhoa's full-sized avatar

Nguyễn Anh Khoa nganhkhoa

60 followers · 192 following
View GitHub Profile
@nganhkhoa
nganhkhoa / jni_all.h
Created July 24, 2020 05:25 — forked from Jinmo/jni_all.h
Useful when reversing JNI on IDA Pro
/*
* Copyright (c) 1996, 1998, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
@nganhkhoa
nganhkhoa / stop-using-jwts.md
Created December 3, 2019 15:47 — forked from samsch/stop-using-jwts.md
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions
@nganhkhoa
nganhkhoa / openssl_commands.md
Created July 9, 2018 14:00 — forked from p3t3r67x0/openssl_commands.md
Some list of openssl commands for check and verify your keys

openssl

Install

Install the OpenSSL on Debian based systems

sudo apt-get install openssl
@nganhkhoa
nganhkhoa / gitflow-breakdown.md
Created July 9, 2018 13:48 — forked from JamesMGreene/gitflow-breakdown.md
A comparison of using `git flow` commands versus raw `git` commands.

Initialize

gitflow git
git flow init git init
  git commit --allow-empty -m "Initial commit"
  git checkout -b develop master

Connect to the remote repository

@nganhkhoa
nganhkhoa / GitHub-Forking.md
Created November 19, 2017 04:22 — forked from Chaser324/GitHub-Forking.md
GitHub Standard Fork & Pull Request Workflow

Whether you're trying to give back to the open source community or collaborating on your own projects, knowing how to properly fork and generate pull requests is essential. Unfortunately, it's quite easy to make mistakes or not know what you should do when you're initially learning the process. I know that I certainly had considerable initial trouble with it, and I found a lot of the information on GitHub and around the internet to be rather piecemeal and incomplete - part of the process described here, another there, common hangups in a different place, and so on.

In an attempt to coallate this information for myself and others, this short tutorial is what I've found to be fairly standard procedure for creating a fork, doing your work, issuing a pull request, and merging that pull request back into the original project.

Creating a Fork

Just head over to the GitHub page and click the "Fork" button. It's just that simple. Once you've done that, you can use your favorite git client to clone your repo or j