I hereby claim:
- I am averagesecurityguy on github.
- I am averagesecguy (https://keybase.io/averagesecguy) on keybase.
- I have a public key whose fingerprint is 3E38 1E10 7EDD AC35 BF4B 3315 F400 108B 9908 A2CF
To claim this, I am signing this object:
Stephen Haywood averagesecurityguy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| V = [0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e, | |
| 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, | |
| 0x48, 0x53, 0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36, 0x39, | |
| 0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76, 0x39, 0x38, 0x37, 0x33, | |
| 0x32, 0x35, 0x34, 0x6b, 0x3b, 0x66, 0x67, 0x38, 0x37] | |
| if len(sys.argv) != 2: | |
| print("Usage: type7.py hash") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %PDF-1.0 | |
| 1 0 obj | |
| << | |
| /Type /Catalog | |
| /Pages 2 0 R | |
| /Names 6 0 R | |
| >> | |
| endobj |
averagesecurityguy
/ pdf_flatedecode.py
Last active
October 2, 2024 19:10
Decompress FlateDecode Objects in PDF
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # This script is designed to do one thing and one thing only. It will find each | |
| # of the FlateDecode streams in a PDF document using a regular expression, | |
| # unzip them, and print out the unzipped data. You can do the same in any | |
| # programming language you choose. | |
| # | |
| # This is NOT a generic PDF decoder, if you need a generic PDF decoder, please | |
| # take a look at pdf-parser by Didier Stevens, which is included in Kali linux. | |
| # https://tools.kali.org/forensics/pdf-parser. | |
| # |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Infosec Predictions for 2017: | |
| 1. We will continue to fail to do the basics. | |
| 2. We will continue to worry about 0-days. | |
| 3. We will continue to make dumb privacy/security tradeoffs for convenience. | |
| 4. We will continue to gripe about ignorant end users and managers. | |
| 5. We will continue to fight amongst ourselves. | |
| 6. We will continue to eat our young. | |
| 7. Attackers will continue to get better at automation. | |
| 8. Defenders will likely not get better at automation. |
averagesecurityguy
/ keybase.md
Created
June 6, 2016 20:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ./resolver.py names.txt | |
| $ cat lookup_results.csv | |
| www.live.com,207.46.11.252|65.55.129.171 | |
| www.asgconsulting.com,185.53.179.7 | |
| www.google.com,74.205.129.15|74.205.129.38|74.205.129.29|74.205.129.44|74.205.129.27|74.205.129.42|74.205.129.23|74.205.129.49|74.205.129.59|74.205.129.57|74.205.129.53|74.205.129.34|74.205.129.45|74.205.129.30|74.205.129.19|2607:f8b0:4002:c06::6a | |
| www.outlook.com,132.245.75.194|132.245.78.146|132.245.9.226|132.245.3.210|132.245.23.146|132.245.29.242|132.245.71.18|132.245.60.2|132.245.44.226|40.96.8.2|2a01:111:f400:50aa::2|2a01:111:f400:5374::2|2a01:111:f400:516d::2|2a01:111:f400:52ef::2|2a01:111:f400:2ea1::2|2a01:111:f400:53eb::2|2a01:111:f400:f20d::2|2a01:111:f400:2a::2|2a01:111:f400:16::2|2a01:111:f400:4000::2 | |
| www.yahoo.com,98.139.180.149|98.139.183.24|2001:4998:58:c02::a9 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The cache system in FF 46.0.1 appears to ignore meta tags with cache directives. Copy the meta.html and meta.php files below to a directory and start up a web server in that directory using php -S 127.0.0.1:8000. Then visit http://127.0.0.1:8000/meta.html and http://127.0.0.1:8000/meta.php. After visiting both pages open about:cache and look at the list of cached documents. You will see that meta.html is cached while meta.php is not. |
averagesecurityguy
/ NASM Question
Last active
April 29, 2016 15:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Below is a small assembly program that is supposed to create a file with the filename | |
| myfile.txt, which is stored in the file_name "variable." The problem is the program | |
| actually creates a file called "myfile.txtWelcome to Tutorials PointWritten to file\n". | |
| Any ideas why the filename is getting mangled. According to the create call, I need to | |
| provide the pointer to the name and the file mode. What I don't understand is why the | |
| pointer to the filename is picking up the other strings. | |
| ; Taken from http://www.tutorialspoint.com/assembly_programming/assembly_file_management.htm | |
| section .data | |
| file_name db 'myfile.txt' |
averagesecurityguy
/ Penetration Testing as a Service
Last active
April 13, 2016 20:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Please feel free to offer critiques but first understand that the purpose of this service would be to help a company improve security by removing the low hanging fruit and convincing them of the necessity of more thorough penetration testing and possibly red teaming. | |
| 1. Network scanning of up to X external IP addresses to identify live hosts and common services. | |
| 2. Automated vulnerability scans of all live hosts and common services to identify vulnerabilities that could lead to the exploitation of the operating system or service including but not limited to: | |
| a. Nessus scans | |
| b. Metasploit Auxiliary scans | |
| c. Burp Suite Professional scans | |
| d. Scans with Custom tools | |
| e. Brute-force password attacks on common services | |
| 3. Attempted exploitation of promising vulnerabilities as deemed appropriate by ASG Consulting. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| encrypt.py is the Python module that does the encryption and decryption using PySodium. You will need to install libsodium and PySodium before you can use this module. | |
| encrypt_file.py - This script uses the encrypt.py module to encrypt a configuration file and store a password hash in a password file. It will print out the salt value needed for the open_file.py script. | |
| open_file.py - This script uses the encrypt.py module to decrypt a configuration file if the password given matches. | |
| On first use do the following: | |
| 1. Run encrypt_file.py with the password you want to use. | |
| 2. Copy the salt value given to the open_file.py script. | |
| 3. Delete the plaintext configuration file. |