nil0x42's tips & tricks
- Scrape twitter account of all github followers of target user on GitHub
- Scrape twitter account of all stargazers of target project on GitHub
QingpingMeng
/ EncryptSmallData.md
Last active
May 15, 2024 20:38
Encrypt data using JavaScript in browser with RSA public key generated in C# without library
This is an example to demo how you generate the RSA key pair from server side(.NetCore 3.1) and pass the public key to the client(Browser) for encrypting the data that <= 245 bytes.
RSA-2048 can only support to encrypt up to 245 bytes data.
using var rsaProvider = new RSACng();
// spki is used for browser side encryption
var spki = Convert.ToBase64String(rsaProvider.ExportSubjectPublicKeyInfo());
var encodedPrivateKey = Convert.ToBase64String(rsaProvider.ExportPkcs8PrivateKey());
ustayready
/ google_lure.py
Last active
September 23, 2024 20:18
Generate phishing lures that exploit open-redirects from www.google.com using Google Docs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from __future__ import print_function | |
| import pickle | |
| import os.path | |
| from googleapiclient.discovery import build | |
| from google_auth_oauthlib.flow import InstalledAppFlow | |
| from google.auth.transport.requests import Request | |
| from apiclient import errors | |
| import re | |
| from bs4 import BeautifulSoup as Soup |
- 1976-1977 - Diffie-Hellman - the patent was filled more than a year after the idea was circulated/published, thus was invalid. The invalid patent expired in 1997.
- 1991 - Schnorr signatures - Schnorr is obviously the best signature scheme we have, yet the NIST went ahead and standardized the sub-primitives DSA and ECDSA to circumvent Schnorr's patents (Schnorr was not happy 1, 2). In 2008 the patents expired and EdDSA and other schnorr-based signatures started flourishing again.
- 1996 - NTRU - The algorithm was placed in the public domain in 2017.
A note on patents. One reason that NTRU is not more widely deployed is that there have been patents restricting its usage fo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This bug was also called moonshine in the beginning | |
| Basically the following bug is present in all bootroms I have looked at: | |
| 1. When usb is started to get an image over dfu, dfu registers an interface to handle all the commands and allocates a buffer for input and output | |
| 2. if you send data to dfu the setup packet is handled by the main code which then calls out to the interface code | |
| 3. the interface code verifies that wLength is shorter than the input output buffer length and if that's the case it updates a pointer passed as an argument with a pointer to the input output buffer | |
| 4. it then returns wLength which is the length it wants to recieve into the buffer | |
| 5. the usb main code then updates a global var with the length and gets ready to recieve the data packages | |
| 6. if a data package is recieved it gets written to the input output buffer via the pointer which was passed as an argument and another global variable is used to keep track of how many bytes were recieved already | |
| 7. if all the data was recieved th |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Sample configuration file for the Samba suite for Debian GNU/Linux. | |
| # | |
| # | |
| # This is the main Samba configuration file. You should read the | |
| # smb.conf(5) manual page in order to understand the options listed | |
| # here. Samba has a huge number of configurable options most of which | |
| # are not shown in this example | |
| # | |
| # Some options that are often worth tuning have been included as |
nstarke
/ 01-reversing-cisco-ios-raw-binary-firmware-images-with-ghidra.md
Last active
April 7, 2025 08:32
Reversing Cisco IOS Raw Binary Firmware Images with Ghidra
This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.
I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.
While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.
heywoodlh
/ maderas.txt
Created
June 19, 2019 15:47
Clone of the arsenal, armory & library by Maderas (@hackermaderas) -- https://pastebin.com/v8Mr2k95
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The arsenal, armory & library by Maderas (@hackermaderas, #CyberpunkisNow) 6/8/2019 | |
| Original / 1st version here: https://pastebin.com/rMw4WbhX | |
| ___________________________________________________________________________________ | |
| # Basic knowledge requirements for Red Teaming, PenTesting, Hacking & Cybersecurity | |
| # These are the basic competencies expected (and tested for during the in-person technical interview) by one of the largest, most visible InfoSec companies # on Earth. | |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| WARNING: | |
| the newest version of this rule is now hosted here: | |
| https://github.com/Neo23x0/god-mode-rules/blob/master/godmode.yar | |
| */ | |
| /* | |
| _____ __ __ ___ __ |