Skip to content

Instantly share code, notes, and snippets.

View viyatb's full-sized avatar

Viyat viyatb

83 followers · 6 following
View GitHub Profile
@viyatb
viyatb / interview.txt
Created August 25, 2020 20:58
default-src 'none'; report-uri https://report-uri.robinhood.com/_csp?type=webapp&version=2020.35.13; block-all-mixed-content; upgrade-insecure-requests; base-uri 'self'; script-src 'self' 'nonce-WbxnLSJ/WKd7K5X7AJEO2eslbvuHxV+A' cdn.robinhood.com www.google-analytics.com platform.twitter.com ethn.io www.gstatic.com www.google.com cdn.checkout.com/js/framesv2.min.js cdn.plaid.com; style-src 'self' 'unsafe-inline' cdn.robinhood.com; font-src 'self' fonts.gstatic.com cdn.robinhood.com; media-src 'self' cdn.rob…inhood-prism-storage.s3.amazonaws.com stats.g.doubleclick.net www.google-analytics.com www.google.com/ads/ga-audiences/ syndication.twitter.com assets.pd.gpsrv.com robinhood-newsfeed-images.s3.amazonaws.com newsfeed-images.robinhood.com maps.googleapis.com; connect-src robinhood.com 'self' *.robinhood.com www.google-analytics.com stats.g.doubleclick.net ssl.google-analytics.com www.google.com ethn.io sentry.io secure-agserv.pd.gpsrv.com api.userleap.com https://js.checkout.com/framesv2/log api.checkout.com
@viyatb
viyatb / storage.py
Created July 27, 2018 22:12 — forked from samwillis/storage.py
Django Subresource Integrity
import base64
import hashlib
import json
import os
import posixpath
import re
from collections import OrderedDict
from urllib.parse import unquote, urldefrag, urlsplit, urlunsplit
from django.conf import settings
@viyatb
viyatb / bucket-disclose.sh
Created July 7, 2018 15:45 — forked from fransr/bucket-disclose.sh
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
#!/bin/bash
# Written by Frans Rosén (twitter.com/fransrosen)
_debug="$2" #turn on debug
_timeout="20"
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
_aws_key="AKIA..."
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"
@viyatb
viyatb / cloud_metadata.txt
Created April 25, 2018 05:32 — forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@viyatb
viyatb / chrome.md
Created February 13, 2018 01:52 — forked from 0xjjpa/chrome.md
Understanding Google Chrome Extensions

Introduction

Developing Chrome Extensions is REALLY fun if you are a Front End engineer. If you, however, struggle with visualizing the architecture of an application, then developing a Chrome Extension is going to bite your butt multiple times due the amount of excessive components the extension works with. Here are some pointers in how to start, what problems I encounter and how to avoid them.

Note: I'm not covering chrome package apps, which although similar, work in a different way. I also won't cover the page options api neither the new brand event pages. What I explain covers most basic chrome applications and should be enough to get you started.

Table of Contents

  1. Understand the Chrome Architecture
  2. Understand the Tabs-Extension Relationship
@viyatb
viyatb / owtf.sql
Created November 28, 2017 19:48
owtf
SELECT COUNT(DISTINCT v.id) FROM vulns v JOIN command_register_vuln crv ON crv.vuln_id = v.id JOIN command_register cr ON crv.command_register_id = cr.id JOIN plugin_outputs po ON cr.plugin_output_id = po.id WHERE po.target_id=1;
@viyatb
viyatb / building-john-the-ripper-osx.md
Created November 24, 2017 04:08 — forked from reggi/building-john-the-ripper-osx.md
Building John The Ripper on OSX.
@viyatb
viyatb / pypi-release-checklist.md
Created October 27, 2017 04:00 — forked from audreyfeldroy/pypi-release-checklist.md
My PyPI Release Checklist
  • Update HISTORY.rst
  • Commit the changes:
git add HISTORY.rst
git commit -m "Changelog for upcoming release 0.1.1."
  • Update version number (can also be minor or major)
bumpversion patch
@viyatb
viyatb / checklist.md
Created September 21, 2017 16:25
mozilla_firefox_security_checklist

Risk Management

  • The service must have performed a Rapid Risk Assessment and have a Risk Record bug
  • Public staging and production endpoints must be added to the security baseline

Infrastructure

  • Access and application logs must be archived for a minimum of 90 days
  • Use Modern or Intermediate TLS
@viyatb
viyatb / Makefile
Created September 21, 2017 03:17 — forked from strazzere/Makefile
Decryption for most Kony
all:
gcc decrypt.c -I/usr/local/opt/boringssl/include -L/usr/local/opt/boringssl/lib -lcrypto -o kony_decrypt