0xdade

WARN Act

Worker Adjustment and Retraining Notification Act of 1988 requires that advance notice be given for closings and layoffs. This notice is given to various states, who then publish that information.

State	Link	Notes
Alabama	https://www.madeinalabama.com/warn-list/
Alaska	https://jobs.alaska.gov/RR/WARN_notices.htm
Arizona	https://www.azjobconnection.gov/search/warn_lookups/new
Arkansas

0xdade

import argparse
import os
import sys

from pypdf import PdfReader, PdfWriter # pip install pypdf

def main():
    parser = argparse.ArgumentParser(
        description='Simplify PDF by reading each page and writing out to a new file. Does not preserve metadata, permissions, bookmarks, etc.',
    )

0xdade

# First approach, just make a function manually for every tag
# Then feed them all back to the same core html_element function for rendering
import inspect
import sys

def html_element(*args, **kwargs):
    tag = inspect.stack()[1][3]
    attrs = [f"{kwarg}=\"{kwargs.get(kwarg)}\"" for kwarg in kwargs]
    children = "\n".join([f"{child}" for child in args])
    return f'<{tag}{" " if attrs else ""}{" ".join(attrs)}>{children}</{tag}>'

0xdade

User Experience:
    Workflow:
        (Optional) Click pre-authenticated upload url, if provided
        (Optional) Sign in, if required
        Drag and drop a file
        interface shows the file name (and maybe some additional metadata, not sure if we get any metadata at this point though)
        Set of checkboxes for the following (if they are not enforced to a specific value by the server operator):
            Save Encryption Key
            Burn After Reading
            Expiration Duration 

0xdade

name: Automatically limit
on: 
  schedule:
    - cron: "0 0 * * *"
jobs:
  limiter:
    runs-on: ubuntu-latest
    steps:
    - name: Remove existing limit
      run: |

0xdade

# A quick nginx config that does some shameless transparent proxying. 
# The sub_filter module is available on my ubuntu install out of the box, but may not always be available
# This demonstration of sub_filter is also extremely minimal. All requests that begin with `/` will load relatively anyways, this attempts to replace any fully qualified requests

server {
    listen 80;
    listen [::]:80;
    server_name exploit.party;
    return 301 https://$server_name$request_uri;
}

0xdade

Distributing the denial of secrets

Twitter made ddosecrets.com a forbidden place. I don't like being forbidden from going places or sharing links to said places.

It's dangerous to go alone, take these:

• Apache
• Nginx
• iptables

0xdade

# Built by Sephiroth on 2020-06-24 03:05:40.431464 (UTC)
# (aws) syncToken: 1592887752
# (aws) createDate: 2020-06-23-04-49-12
# (azure) changeNumber: 95
# (azure) cloud: Public
# (gcp) _cloud-netblocks count: 8
# (oci) last_updated_timestamp: 2020-06-19T14:53:54.841671
# (asn) ASN Data collected from api.hackertarget.com

0xdade

# Built by Sephiroth on 2020-06-24 03:05:20.327355 (UTC)
# (aws) syncToken: 1592887752
# (aws) createDate: 2020-06-23-04-49-12
# (azure) changeNumber: 95
# (azure) cloud: Public
# (gcp) _cloud-netblocks count: 8
# (oci) last_updated_timestamp: 2020-06-19T14:53:54.841671
# (asn) ASN Data collected from api.hackertarget.com

geo $block_ip {

0xdade

# Built by Sephiroth on 2020-06-24 03:04:16.607901 (UTC)
# (aws) syncToken: 1592887752
# (aws) createDate: 2020-06-23-04-49-12
# (azure) changeNumber: 95
# (azure) cloud: Public
# (gcp) _cloud-netblocks count: 8
# (oci) last_updated_timestamp: 2020-06-19T14:53:54.841671
# (asn) ASN Data collected from api.hackertarget.com

*filter