Skip to content

Instantly share code, notes, and snippets.

Steve Woodrow woodrow

Block or report user

Report or block woodrow

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@z4yx
z4yx / u2f_fido2_dissector.lua
Last active Dec 14, 2019
Wireshark protocol decoder for FIDO(U2F) and FIDO2(WebAuthn) over USB HID
View u2f_fido2_dissector.lua
cbor = Dissector.get("cbor")
iso7816 = Dissector.get("iso7816")
ctap_proto = Proto("ctaphid","ctap hid")
-- Field Extractor
direction_fe = Field.new("usb.endpoint_address.direction")
udp_srcport_fe = Field.new("udp.srcport")
CTAPHID_COMMAND_CODE = {
[0x03]='CTAPHID_MSG',
[0x10]='CTAPHID_CBOR',
View CryptoGotchas.md

Important organizational announcement Due to feedback from several people who wish to contribute, this project is being moved to it's own repository. The master copy is now at SalusaSecondus/CryptoGotchas. This will let us more easily take PRs/Issues and track contributions.

The version on this Gist will be preserved for a bit to make it easier to discover, but I encourage you to update your links. (A redirect page will remain indefinitely.)


Crypto Gotchas!

Creative Commons License: BY

@0xdabbad00
0xdabbad00 / gist:5d1d5fd619a20ba2ee899c56f8d6787f
Created Mar 26, 2019
WARNING: Only tested in a test account, beware, this could break things.
View gist:5d1d5fd619a20ba2ee899c56f8d6787f
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"apigateway:*",
"autoscaling:*",
"cloudtrail:*",
"cloudwatch:*",
"cloudformation:*",
@GuyBarros
GuyBarros / ptfe.json
Created Mar 15, 2019
Johnny's PTFE Packer script
View ptfe.json
{
"variables": {
"version": "",
"memory" : "8196",
"cpucorecount": "4"
},
"provisioners": [
{
"type": "file",
"source": "bootcamp.rli",
@yossorion
yossorion / what-i-wish-id-known-about-equity-before-joining-a-unicorn.md
Last active Nov 29, 2019
What I Wish I'd Known About Equity Before Joining A Unicorn
View what-i-wish-id-known-about-equity-before-joining-a-unicorn.md

What I Wish I'd Known About Equity Before Joining A Unicorn

Disclaimer: This piece is written anonymously. The names of a few particular companies are mentioned, but as common examples only.

This is a short write-up on things that I wish I'd known and considered before joining a private company (aka startup, aka unicorn in some cases). I'm not trying to make the case that you should never join a private company, but the power imbalance between founder and employee is extreme, and that potential candidates would

@TheDegree0
TheDegree0 / Unportify-v1.4.3.js
Last active Oct 31, 2019
Unportify helps you export your Google Play Music playlists.
View Unportify-v1.4.3.js
/*
Unportify is a script that exports your Google Play music to text.
Copyright (C) 2016 Arnau Villoslada
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
View gist:6d8fc3fd0d67b6470f7d
Blog post: Ryan Huber - Distributed Security Alerting
https://medium.com/several-people-are-coding
Video: Zane Lackey - Building a Modern Security Organization
https://duo.com/blog/duo-tech-talk-building-a-modern-security-engineering-organization
Krebs on Security Blog
https://www.krebsonsecurity.com
Sony Breach
View ocsp-stapling.md

On Twitter the other day, I was lamenting the state of OCSP stapling support on Linux servers, and got asked by several people to write-up what I think the requirements are for OCSP stapling support.

  1. Support for keeping a long-lived (disk) cache of OCSP responses.

    This should be fairly simple. Any restarting of the service shouldn't blow away previous responses that were obtained. This doesn't need to be disk, just stable - and disk is an easy stable storage for most server

View imap-delete.py
#!/usr/bin/env python
import imaplib
import os
import logging
import optparse
# LABEL = 'support'
# QUERY = 'before:2015-06-01 -label:to-delete'
# DEST = 'to-delete'
LABEL = 'to-delete'
View adams-heroku-values.md

Make it real

Ideas are cheap. Make a prototype, sketch a CLI session, draw a wireframe. Discuss around concrete examples, not hand-waving abstractions. Don't say you did something, provide a URL that proves it.

Ship it

Nothing is real until it's being used by a real user. This doesn't mean you make a prototype in the morning and blog about it in the evening. It means you find one person you believe your product will help and try to get them to use it.

Do it with style

You can’t perform that action at this time.