Skip to content

Instantly share code, notes, and snippets.

Scott Behrens sbehrens

Block or report user

Report or block sbehrens

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile

Keybase proof

I hereby claim:

  • I am sbehrens on github.
  • I am arbit ( on keybase.
  • I have a public key whose fingerprint is 3BCB 4364 EF4A 3F6A C890 A755 18B8 EFD6 D8EE 14EA

To claim this, I am signing this object:

View nginx.conf
server {
listen 443 ssl;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
sbehrens / Apache.conf
Created Feb 27, 2015
View Apache.conf
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /path/to/signed_certificate
SSLCertificateChainFile /path/to/intermediate_certificate
SSLCertificateKeyFile /path/to/private/key
SSLCACertificateFile /path/to/all_ca_certs
# modern configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
sbehrens /
Created Sep 6, 2014
Playing around with money problem
import itertools
from sys import exit
any_digits = [1.67, 1.98, 1.98, 4.41, 4.41, 4.41, 4.41, 4.41, 5.44, 36, 36, 36, 36, 36, 36, 36, 36, 100, 100]
for L in range(0, len(any_digits)+1):
for subset in itertools.combinations(any_digits, L):
print '%.2f' % sum(subset)
if '%.2f' % sum(subset) == 241.40:
print 'found it!'
View url-to-image.js
// PhantomJS script
// Takes screeshot of a given page. This correctly handles pages which
// dynamically load content making AJAX requests.
// Instead of waiting fixed amount of time before rendering, we give a short
// time for the page to make additional requests.
var _ = require('./lodash.js');
# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions.
# Michael Davis (
# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (
# The author disclaims copyright to this source code.
import select
sbehrens /
Last active Dec 10, 2015
Break stream cipher
import array
import base64
import copy
# Found X0R cipher on an app assessment? Got the ciphertext and know the plaintext? Use this to get the key.
cipher_text = array.array('B', base64.b64decode("Some Blob of base64 encoded ciphertext remove decoder if not base64"))
plain_text = array.array('B', "some known plaintext value")
View gist:3427871
def decode_string(x, f):
colon = x.index(':', f)
n = int(x[f:colon])
except (OverflowError, ValueError):
n = long(x[f:colon])
if x[f] == '0' and colon != f+1:
raise ValueError
colon += 1
View gist:3191851
_clkmode = xtal1 + pll16x
_xinfreq = 5_000_000
long foodude
long datatown
byte hello
sbehrens /
Created Jun 20, 2012 — forked from mastahyeti/
Nice DNS Spoofer
# File:
# Name: Interactive CLI DNS Spoofer
# by: @mastahyeti
# based off of
from __future__ import print_function
from gevent.event import Event
from gevent.pool import Pool
from gevent import socket
You can’t perform that action at this time.