pensierinmusica

## Place this file in "/etc/sysctl.d/network-tuning.conf" and
## run "sysctl -p" to have the kernel pick the new settings up

# Avoid a smurf attack
net.ipv4.icmp_echo_ignore_broadcasts = 1
 
# Turn on protection for bad icmp error messages
net.ipv4.icmp_ignore_bogus_error_responses = 1
 
# Turn on syncookies for SYN flood attack protection

denji

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

7kfpun

http://stackoverflow.com/questions/3372962/can-i-remove-the-x-requested-with-header-from-ajax-requests

jQuery.ajax({

    url: yourAjaxUrl,

    // 'xhr' option overrides jQuery's default
    // factory for the XMLHttpRequest object.
    // Use either in global settings or individual call as shown here.
    xhr: function() {

LiveOverflow

import requests
import string
import random
import urllib
import time
import base64
from decimal import Decimal

# Blind GQL injection and optimised binary search - A7 ~ Gee cue elle (misc) Google CTF 2017 
# https://www.youtube.com/watch?v=za_9hrq-ZuA

karanlyons

import z3


def sym_xoroshiro128plus(solver, sym_s0, sym_s1, mask, result):
	s0 = sym_s0
	s1 = sym_s1
	sym_r = (sym_s0 + sym_s1)
	
	condition = z3.Bool('c0x%0.16x' % result)
	solver.add(z3.Implies(condition, (sym_r & mask) == result & mask))

maxious

Might also be the dv163 P1: http://help.dvr163.com/index.php/P1

Based on Ankya AK3918 HD IP Camera SoC http://caxapa.ru/thumbs/914089/ak3818ds.pdf http://caxapa.ru/thumbs/914089/ak3818ds.pdf

Firmware => Telnet/FTP

Check/download latest firmware (site blocked for malware in Chrome/Firefox) http://42.96.185.60:8088/XVR/common/checkCommonUpdate.php?DevModel=IPCAM&SWVersion=1.4.47.0&DeviceSN=F2731110583936&ODMNum=391802&FirmwareMagic=SlVBTiBJUENBTSBGSVJNV0FSRSBERVNJR05FRCBCWSBMQVc=&Release=1&app_version=2.3.13 Response:

ulidtko

#!/usr/bin/env python3
import os, sys
import argparse
import struct
from functools import reduce

"""
QNAP QTS firmware encryptor/decryptor.

Based on https://pastebin.com/KHbX85nG

d3vilbug

#!/usr/bin/env python3

from __future__ import print_function
import frida
import sys
import json
import time

def on_message(message, payload):
	if(message['type'] == 'send'):

akabe1

/*  Android ssl certificate pinning bypass script for various methods
	by Maurizio Siddu
	
	Run with:
	frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause]
*/

setTimeout(function() {
	Java.perform(function() {
		console.log('');

SwitHak

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

• Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
• The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
• The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

• NSA description:
• NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.