Skip to content

Instantly share code, notes, and snippets.

View coverband's full-sized avatar

coverband coverband

17 followers · 3 following
View GitHub Profile
@coverband
coverband / nginx.conf
Created February 15, 2023 01:29 — forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance)
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@charlesroper
charlesroper / How to setup a practically free CDN using Backblaze B2 and Cloudflare.md
Last active March 25, 2025 20:09
How to setup a practically free CDN

How to setup a practically free CDN using Backblaze B2 and Cloudflare

⚠️ Note 2023-01-21
Some things have changed since I originally wrote this in 2016. I have updated a few minor details, and the advice is still broadly the same, but there are some new Cloudflare features you can (and should) take advantage of. In particular, pay attention to Trevor Stevens' comment here from 22 January 2022, and Matt Stenson's useful caching advice. In addition, Backblaze, with whom Cloudflare are a Bandwidth Alliance partner, have published their own guide detailing how to use Cloudflare's Web Workers to cache content from B2 private buckets. That is worth reading,

@samsch
samsch / stop-using-jwts.md
Last active March 27, 2025 21:17
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions
@enricofoltran
enricofoltran / main.go
Last active January 22, 2025 07:38
A simple golang web server with basic logging, tracing, health check, graceful shutdown and zero dependencies
package main
import (
"context"
"flag"
"fmt"
"log"
"net/http"
"os"
"os/signal"
@Tiberriver256
Tiberriver256 / PowerShellNTFSStaticFileServer.ps1
Last active July 29, 2024 12:16
This script starts a small web server listening on localhost:8080 that will impersonate the authenticated user and serve static content. This means if they do not have NTFS permissions to the file they will get an access denied or a 404 file not found if they do not have NTFS access to list contents of the directory.
function Get-DirectoryContent {
<#
.SYNOPSIS
Function to get directory content
.EXAMPLE
Get-DirectoryContent -Path "C:\" -HeaderName "poshserver.net" -RequestURL "http://poshserver.net" -SubfolderName "/"
@porjo
porjo / dump_route53_records.md
Last active February 12, 2025 02:08
Export route53 records to CSV

Retrieve hosted zones with aws route53 list-hosted-zones then enter the zone Id below:

aws route53 list-resource-record-sets --hosted-zone-id "/hostedzone/xxxxxxxxxxx" | \
   jq -r '.ResourceRecordSets[] | [.Name, .Type, (.ResourceRecords[]? | .Value), .AliasTarget.DNSName?]  | @tsv'
@ciaranmahoney
ciaranmahoney / Google Sheets MX Lookup
Last active October 22, 2024 23:22
Google Apps Script to Run MX Lookups on domains from Google Sheets
function MXLookup(domain) {
try {
var url = "https://dns.google.com/resolve?name=%FQDN%&type=MX".replace("%FQDN%",domain);
//var url = "https://dns.google.com/resolve?name=e-mercy.com&type=MX"; // USED FOR TESTING ONLY
Utilities.sleep(100);
var result = UrlFetchApp.fetch(url,{muteHttpExceptions:true});
var rc = result.getResponseCode();
@nathan-osman
nathan-osman / win32.go
Last active March 27, 2025 21:00
Simple Windows GUI application written in Go
package main
import (
"log"
"syscall"
"unsafe"
)
var (
kernel32 = syscall.NewLazyDLL("kernel32.dll")
@alirobe
alirobe / reclaimWindows10.ps1
Last active March 29, 2025 01:01
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
###
###
### UPDATE: For Win 11, I recommend using this tool in place of this script:
### https://christitus.com/windows-tool/
### https://github.com/ChrisTitusTech/winutil
### https://www.youtube.com/watch?v=6UQZ5oQg8XA
### iwr -useb https://christitus.com/win | iex
###
### OR take a look at
### https://github.com/HotCakeX/Harden-Windows-Security
@plugnburn
plugnburn / README.md
Last active January 31, 2023 15:02
DaBi - live two-way DOM-to-data binding in 25 lines of JS

DaBi: data binding library that keeps it simple

DaBi (short for Data Binding) is a dead simple yet complete and self-contained DOM-to-JS and JS-to-DOM data binding library in just 25 lines of pure ES5 and 454 bytes when minified.

How to obtain

Download it right here or include it into your HTML: