A list of rewritable RFID blanks that are compatible with Flipper Zero.
X indicates a particular protocol is writable.
? indicates it is unknown if a particular protocol is writable.
| Brand | Type | Chip | EM4100 | H10301 | Indala26 | IoProxXSF | AWID | FDX-A | FDX-B | HIDProx | HIDExt | Pyramid | Viking | Jablotron | Paradox | PAC/Stanley | Keri | Gallagher |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ETEKJOY | Fob | EM4305 | X | X | X | X | X | X |
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
*update: TBC, but this new might affect how easy it is to use this technique past August 2024: Authy is shutting down its desktop app | The 2FA app Authy will only be available on Android and iOS starting in August
This gist, based in part on a gist by Brian Hartvigsen, allows you to export from Authy your TOTP tokens you have stored there.
Those can be "standard" 6-digits / 30 secs tokens, or Authy's own version, the 7-digits / 10 secs tokens.
The CA/Browser Forum has voted to mandate that CAs must start checking CAA records to control certificate issuance (to verify what CAs are allowed to issue certificates for a domain) by September 8th, 2017.
https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum
Full language of the ballot is here.
Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.
The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from
| <?php | |
| /** | |
| * I was having trouble with socket connections timing out reliably. Sometimes, | |
| * my timeout would be reached. Other times, the connect would fail after three | |
| * to six seconds. I finally figured out it had to do with trying to connect to | |
| * a routable, non-localhost address. It seems the socket_connect call would | |
| * not fail immediately for those connections. This function is what I finally | |
| * ended up with that reliably connects to a working server, fails quickly for | |
| * a server that has an address/port that is not reachable and will reach the |
| ###* | |
| * Encryption: | |
| * | |
| * cipher: AES-128-CBC | |
| * key: 16 bytes | |
| * IV: 16 bytes, random, non-reused, prepended to cipher text | |
| * padding: PKCS#7 | |
| ### | |
| crypto = require 'crypto' |
| #!/usr/bin/env python2 | |
| """ | |
| Author: takeshix <takeshix@adversec.com> | |
| PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org). | |
| Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP. | |
| """ | |
| import sys,struct,socket | |
| from argparse import ArgumentParser |