p7cq

SSH Authentication with TPM 2.0 and PKCS#11 on Arch Linux

Hardware: a TPM 2.0 module based on Infineon SLB9665 cryptographic processor available in the system as /dev/tpmrm0.

Installation

Required software:

# pacman -S tpm2-tools tpm2-pkcs11

ixs

#!/usr/bin/env python3
#
# Simple Intel x520 EEPROM patcher
# Modifies the EEPROM to unlock the card for non-intel branded SFP modules.
#
# Copyright 2020,2021,2022 Andreas Thienemann <[email protected]>
#
# Licensed under the GPLv3
#
# Based on research described at https://forums.servethehome.com/index.php?threads/patching-intel-x520-eeprom-to-unlock-all-sfp-transceivers.24634/

justinschuldt

hardware/software

Webcam parts:

• Raspberry Pi Zero W Rev 1.1
• Raspberry Pi Camera v2 (8-megapixel)
• Raspberry Pi High Quality Camera (12.3-megapixel)
• Raspbian Buster Lite 2020-02-13

Webcam works with:

• Windows 10
• Windows 10 "Camera" app

IsaacXen

WWDC                                2006  2007  2008  2009
2010 2011 2012 2013 2014 

9thplayer

Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the > Wireless > Access Control > Add Managed Device screen.

Impact: 
Script can be stored in Database and execute every time when users visits it. If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
Amongst other things, the attacker can:
1) Perform any action within the application that the user can perform. 
2) View any information that the user is able to view. 
3) Modify any information that the user is able to modify. 
4) Initiate interactions with other application users, including malicious attacks, that will appear to originate from  the initial victim user.

softminus

#!/bin/bash

# Copyright (C) 2020 Kia
# Licensed under Zero Clause BSD License


if [[ $# -ne 3 ]]; then
    echo "usage: $0 (BMC I2C BUS NUMBER) (FAN PAGE) (DUTY CYCLE FLOOR)"
    echo ""
    echo "BMC I2C BUS NUMBER can be found as follows"

saelo

|=-----------------------------------------------------------------------=|
|=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=|
|=-----------------------------------------------------------------------=|
|=------------------------------=[ saelo ]=------------------------------=|
|=-----------------------------------------------------------------------=|

The following are some brief notes about the changes that have taken place
since the release of the "Attacking JavaScript Engines" paper [1]. In
general, no big conceptional changes have happened since. Mitigations have
been added to break some of the presented techniques and, as expected, a

snixon

#!/bin/bash -ex

# Build a new Centos8 install on EBS volume in a chroot
# Run from RHEL8 or CentOS8 instance - eg: ami-0c322300a1dd5dc79 in us-east-1 (RHEL 8 official image)
# Script expects a second EBS volume, I add them as /dev/sdf in the console
# When the script completes, turn the second EBS volume into your new AMI through the console.

# Adjust the section below to match the device names you're using. Defaults are for an m5.large

# m5 series requires the updated device names

guss77

#!/bin/bash
# As described in https://bugs.launchpad.net/bugs/1766076
### Installation Instructions:
# 1. Install file into `/usr/local/bin/reset-tb`
#
# 2. Optional: allow password less sudo by creating a file `/etc/sudoers.d/allow-reset-tb` with the following content:
# ----8<-----
# <your username> ALL = NOPASSWD: /usr/local/bin/reset-tb
# ----8<-----
# 

Lekensteyn

#!/usr/bin/env python3
# Extracts a subset of TLS secrets and injects them in an existing capture file.
#
# Author: Peter Wu <[email protected]>

import argparse
import os
import shlex
import subprocess
import sys