Skip to content

Instantly share code, notes, and snippets.

View syncom's full-sized avatar

Ning Shang syncom

View GitHub Profile
@syncom
syncom / join_gpx_files_for_strava.md
Last active November 21, 2017 17:57
How to combine GPX files into one (for Strava)

How to combine GPX files into one (for Strava)

I use strava.com (https://strava.com) for my activity tracking. From time to time, I need to combine multiple activities into one for a better data management. Here is how I do it.

  1. First, in the page of the individual activity, download the data in GPX format by choosing the "Export GPX" menu. (GPX, or GPS exchange format, is an XML file format for storing coordinate data.) Order the downloaded activity data in time sequence. Suppose we now have three files, "1.gpx", "2.gpx", and "3.gpx" to join, where "1.gpx" is the earlist activity, and "3.gpx" is the latest activity.

  2. Open "*.gpx" with a text editor. Look for the XML tag ''. This is the parent of all the '' GPS coordinate samples (points). We need to extract all '' from all the GPX files to combine, and put them, in order, under the '' section. Do this by appending all the '' entries from "2.gpx" and "3.gpx" to that of "

@syncom
syncom / fuji-docucentre-iv_c226-password-bruteforcing
Last active April 20, 2018 18:31
HOWTO: brute force Fuji DocuCentre-IV C2260 Scan folder's password
This instruction describes how to brute force the "Scan" folder's password on a Fuji DocuCentre-IV C2260 Version
1.8 printer/xerox copier.
The DocuCentre-IV C2260 runs a web server at port 80. Because the HTTP interface is not secured, one could also
mount a man-in-the-middle (MITM) attack. However, doing a MITM attack is not what we are discussing here. The
web application at port 80 has an interface (in UI, under the Scan>Folder menu) to which mutiple users deliver
their scanned documents. These folders are password protected. It turns out getting access to such a folder can
be done through a simple HTTP POST command. And this command is not throttled upon access failure. Therefore, it
allows us to automate the authentication process and thus brute force the password.
@syncom
syncom / bash-cpu-hogger.md
Last active December 22, 2017 07:43
A CPU hogger in bash

The following bash script hogs CPU resources (and thus drains laptop battery quickly):

#!/bin/bash
# CPU hogger, using 8 threads
hog='dd if=/dev/urandom | bzip2 -9 >> /dev/null'
cmd=$(echo -n ${hog}; printf " | ${hog}%.0s" {1..7};  echo -n '& read; killall dd')
eval ${cmd}

Explaination:

@syncom
syncom / pis-rt-memo.md
Last active May 9, 2018 17:21
Memo: PIS-RT, Rainbow Table Search Processing in Storage

PIS-RT: Processing In Storage - Rainbow Tables

The idea described in this tech memo is to accelerate rainbow table searches inside the SSD SoC.

A "rainbow table" is a data structure containing precomputed "chains" for reversing cryptographic hash functions, usually for cracking password hashes. A good yet simple instruction of the rainbow table by Kestas can be found at http://kestas.kuliukas.com/RainbowTables/.

RainbowCrack (http://project-rainbowcrack.com/) is a project that generates rainbow tables (for various hash algorithms) and creates tools for cracking hashes using rainbow tables. As can be seen

@syncom
syncom / build-seal-with-clang-sa.md
Last active April 21, 2018 19:42
Build SEAL library using Clang with Static Analyzer on Ubuntu Linux

This short memo gives instructions on how to build the Microsoft Research's Simple Encrypted Arithmetic Library (SEAL) using LLVM/Clang, and also with the Clang Static Analyzer for software quality/security assurance.

The SEAL Library

The SEAL Library can be downloaded at its website http://sealcrypto.org (it redirects to a Microsoft page). The version of SEAL we use for this demonstration is SEAL_v2.3.0-4_Linux.tar.gz (available at https://www.microsoft.com/en-us/download/details.aspx?id=56202).

@syncom
syncom / 20190519.how_to_create_qemu_arm_guest_on_x86_host.md
Last active May 29, 2019 15:46
How to Create QEMU ARM Guest on x86_64 Linux Host

How to Create QEMU ARM Guest on x86_64 Linux Host

This document describes how I created a QEMU ARM (A32) guest on an x86_64 host (Ubuntu on Dell XPS developer edition). The process relies heavily on the arm_now tool. The commands are as follows.

Install dependencies on host Ubuntu machine

mkdir arm-qemu
@syncom
syncom / gtm-risk-documentation.md
Last active July 10, 2019 23:56
The GTM method for risk documentation

The Goal-Threat-Mitigation (GTM) Method for Documenting Security Risks

The Goal-Threat-Mitigation (GTM) method is a framework for documenting security risk analysis (SRA). It is meant to be simple, scientific, and yet scalable with respect to the size of the scenario to analyze. The artifact of GTM is a document/write-up that consists of the following sections.

  1. System overview (or scenario description)

This is where we define the problem space, describe the use case

@syncom
syncom / 20190804.build-ipsec-tools-with-asan.md
Last active August 5, 2019 21:07
How to build Android ipsec-tools (racoon) on Ubuntu 18.04 with ASan
@syncom
syncom / lss-na-2019.libseccomp-tutorial-note.md
Last active January 11, 2022 01:24
Linux Security Summit North America 2019 note: libseccomp tutorial

The why and how of libseccomp

This is my Linux Security Summit North America (LSS-NA) 2019 note taken in Day 1 tutorial session "The Why and How of libseccomp" by Tom Hromatka, Oracle & Paul Moore, Cisco.

  • Why libseccomp
    • Focus on containing bugs and limiting the risks - what mitigation is for
  • system hardening, access controls, and syscall filtering (libseccomp)
@syncom
syncom / lss-na-2019.lsm-tutorial-note.md
Created August 21, 2019 22:43
LSS-NA 2019 Note: Tutorial - How to Write a Linux Security Module

LSS-NA 2019 Day 3 Tutorial: How to Write a Linux Security Module

This is the note I have taken during the tutorial session "How to Write a Linux Security Module" by Casey Schaufler, at the Linux Security Summit North America 2019.

  • Why do you want to write a Linux security module?
  • When is Linux security module the right choice?
  • Add access control restrictions