Skip to content

Instantly share code, notes, and snippets.

💭
:cheeeeeese:

Royce Williams roycewilliams

💭
:cheeeeeese:
Block or report user

Report or block roycewilliams

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View clientside-software-update-verification-failures.md

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.

Out of scope:

  • Transport downgrade attacks - that force a connection from being e
@roycewilliams
roycewilliams / extension-IDs-from-Somé-INRIA-paper.txt
Last active Jan 23, 2019
Extensions using exploitable APIs mentioned in the 2019 INRIA paper by Somé
View extension-IDs-from-Somé-INRIA-paper.txt
# References:
#
# Cimpanu article: https://www.zdnet.com/article/websites-can-steal-browser-data-via-extensions-apis/
# Testing tool: https://www-sop.inria.fr/members/Doliere.Some/empoweb/extsanalyzer/
# Paper: https://www-sop.inria.fr/members/Doliere.Some/papers/empoweb.pdf
#
abenhehmjmoifipfpjeaejpbeeihnokp
aclhfmpoahihmhhacaekgcbjaeojnifa
aefmgkhgcmdljpfijlohmbhkhflmbmfi
afddmpnodjaifgjibafjcbfaplnoipei
@roycewilliams
roycewilliams / crude-diceware-acceleration.sh
Last active Jan 15, 2019
Crude example of using rules for the fourth word to accelerate performance of hashcat attack of 4-way Diceware (separated by spaces)
View crude-diceware-acceleration.sh
#!/bin/bash
#-----------------------------------------------------------------------
# Crude example of using rules for the fourth word to accelerate
# performance of hashcat attack on a four-word Diceware passphrase,
# separated by spaces
#-----------------------------------------------------------------------
TEST_PLAIN="vine embalm blood micro"
TEST_MD5=$(echo -n ${TEST_PLAIN} | md5sum | awk '{print $1}')
pp64() { /usr/local/bin/pp64.bin $*; }
View firefox-adult-inadjacency-cracked.txt
# Cracks of Firefox's adult/inadjacency list
# https://gist.github.com/roycewilliams/04ed6eb9509b83ce4d85873861c7f7b4
#
# Hash source is base64-encoded binary MD5:
# https://dxr.mozilla.org/mozilla-central/source/browser/components/newtab/lib/FilterAdult.jsm
#
# Converted with: for item in $(cat hashes-base64.list); do echo $item | base64 -d | xxd -p; done
#
# Cracked by @tychotithonus and associates
# Last few tricky ones cracked by @s3inlc
@roycewilliams
roycewilliams / firefox-adult-inadjacency-analysis.txt
Last active Jan 14, 2019
A comparison of Firefox's adult-site/inadjacency blacklist and its sources
View firefox-adult-inadjacency-analysis.txt
# ----------------------------------------------------------------------------------
# Firefox list (base64-encoded binary MD5):
# https://dxr.mozilla.org/mozilla-central/source/browser/components/newtab/lib/FilterAdult.jsm
# Convert with: for item in $(cat hashes-base64.list); do echo $item | base64 -d | xxd -p; done
#
# Firefox inadjacency commit:
# https://hg.mozilla.org/mozilla-central/log/default/browser/base/content/newtab/newTab.inadjacent.json
#
# Ruttley list (apparent original source for the Firefox list):
# https://github.com/matthewruttley/contentfilter/blob/master/sites.json
View dmarc-parser-csv.py
#!/usr/bin/python
# Via: https://github.com/prbinu/dmarc-report-processor/blob/master/bin/dmarc-parser.py
#
# Copyright (c) 2014, Yahoo! Inc.
# Copyrights licensed under the New BSD License. See the
# accompanying LICENSE.txt file for terms.
#
# Author Binu P. Ramakrishnan
# Created 09/12/2014
#
@roycewilliams
roycewilliams / mta-sts_scans-io_dns-any_2018-08-24.txt
Created Sep 16, 2018
MTA-STS hostnames from the scans.io "DNS ANY" dataset as of 2018-08-24
View mta-sts_scans-io_dns-any_2018-08-24.txt
mta-sts.0xdeadbeef600ddecafbad.de,cname,sb33.not-your-server.de
mta-sts.123apps.net,cname,mta-sts.luteijn.email
mta-sts.79p.de,cname,79p.de
mta-sts.abel-battenberg.de,a,78.46.137.164
mta-sts.abel-fkb.de,a,78.46.137.164
mta-sts.adrien-martin.net,cname,adrien-martin.net
mta-sts.akademeia.moe,cname,mta-sts.luteijn.email
mta-sts.akademiaf2p.pl,cname,ha.hetzner.tensquaregames.com
mta-sts.alainwolf.ch,cname,mta-sts.urown.net
mta-sts.alainwolf.net,cname,mta-sts.urown.net
View insidepro-hashmanager-rules.txt
# Source: http://www.insidepro.team/HM.zip
# Distribution path: ./Help/En/Rules.txt
# Distribution timestamp: 2018-04-27
# Verified: 2018-06-14
#
# comment
: no-op: do nothing to the input password
l convert to lower case (PASSWORD -> password)
u convert to upper case (password -> PASSWORD)
c capitalize (password -> Password)
View ntpmemlog.txt
# grep ntpstats /etc/fstab
tmpfs /var/log/ntpstats tmpfs defaults,noatime,nodiratime,nosuid,mode=0755,size=200m 0 0
# cat /etc/init.d/ntpmemlog
#!/bin/sh
### BEGIN INIT INFO
# Provides: ntpmemlog
# Required-Start: $local_fs $time
# X-Stop-After: $time
# Required-Start: $local_fs $time
View ntp-scratch.txt
● systemd-timesyncd.service - Network Time Synchronization
Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/systemd-timesyncd.service.d
└─disable-with-time-daemon.conf
Active: active (running) since Tue 2018-04-03 07:02:47 UTC; 6s ago
Docs: man:systemd-timesyncd.service(8)
Main PID: 8724 (systemd-timesyn)
Status: "Synchronized to time server 192.111.144.114:123 (0.debian.pool.ntp.org)."
CGroup: /system.slice/systemd-timesyncd.service
└─8724 /lib/systemd/systemd-timesyncd
You can’t perform that action at this time.