Skip to content

Instantly share code, notes, and snippets.

View gaahrdner's full-sized avatar
🙊

Philip Gardner gaahrdner

🙊
View GitHub Profile
@thesamesam
thesamesam / xz-backdoor.md
Last active November 17, 2024 13:13
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

@veekaybee
veekaybee / normcore-llm.md
Last active November 15, 2024 12:06
Normcore LLM Reads

Anti-hype LLM reading list

Goals: Add links that are reasonable and good explanations of how stuff works. No hype and no vendor content if possible. Practical first-hand accounts of models in prod eagerly sought.

Foundational Concepts

Screenshot 2023-12-18 at 10 40 27 PM

Pre-Transformer Models

@m-radzikowski
m-radzikowski / script-template.sh
Last active November 15, 2024 11:25
Minimal safe Bash script template - see the article with full description: https://betterdev.blog/minimal-safe-bash-script-template/
#!/usr/bin/env bash
set -Eeuo pipefail
trap cleanup SIGINT SIGTERM ERR EXIT
script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
usage() {
cat <<EOF
Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-f] -p param_value arg1 [arg2...]
@katef
katef / life-utf8.c
Last active September 8, 2024 05:59
XBM to UTF-8 braille image things
/*
* John Conway's Game of Life.
*
* This is written for POSIX, using Curses. Resizing of the terminal is not
* supported.
*
* By convention in this program, x is the horizontal coordinate and y is
* vertical. There correspond to the width and height respectively.
* The current generation number is illustrated when show_generation is set.
*
@Neo23x0
Neo23x0 / Base64_CheatSheet.md
Last active October 15, 2024 21:14
Learning Aid - Top Base64 Encodings Table

Base64 Patterns - Learning Aid

Base64 Code Mnemonic Aid Decoded* Description
JAB 🗣 Jabber $. Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env:
TVq 📺 Television MZ MZ header
SUVY 🚙 SUV IEX PowerShell Invoke Expression
SQBFAF 🐣 Squab favorite I.E. PowerShell Invoke Expression (UTF-16)
SQBuAH 🐣 Squab uahhh I.n. PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz
PAA 💪 "Pah!" &lt;. Often used by Emotet (UTF-16)
@christhomas
christhomas / gist:ea90cc55502a3f804f0b6a8e59d05e60
Created September 17, 2019 07:55
How to use the terraform workspace command to keep multiple state configurations without clashing
#!/usr/bin/env bash
# usage: chris-terraform ... (any terraform command you want)
role=XYZ
credentials=(`aws sts assume-role --role-arn "${role}" --role-session-name terraform --query '[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]' --output text`)
AWS_ACCESS_KEY_ID=${credentials[0]}
AWS_SECRET_ACCESS_KEY=${credentials[1]}
AWS_SESSION_TOKEN=${credentials[2]}
AWS_SECURITY_TOKEN=${credentials[2]}
@sleepyfox
sleepyfox / 2019-07-25-users-hate-change.md
Last active September 13, 2024 08:39
'Users hate change'

'Users hate change'

This week NN Group released a video by Jakob Nielsen in which he attempts to help designers deal with the problem of customers being resistant to their new site/product redesign. The argument goes thusly:

  1. Humans naturally resist change
  2. Your change is for the better
  3. Customers should just get used to it and stop complaining

There's slightly more to it than that, he caveats his argument with requiring you to have of course followed their best practices on product design, and allows for a period of customers being able to elect to continue to use the old site, although he says this is obviously only a temporary solution as you don't want to support both.

@Overbryd
Overbryd / 0-README.md
Last active September 11, 2023 19:14
Cloudflare Fragment Caching

Cloudflare fragment rendering/caching

This worker script will evaluate your origin response, and replace html comments marked as fragment:key with a respective prefetch defined in a X-Fragments response header.

Usage

Your origin must include the X-Fragments header, specifying the a comma separated list of prefetch requests to make for that response.

< HTTP/1.1 200 OK
@moloch--
moloch-- / Makefile
Last active April 26, 2023 00:55
Basic cross-platform reverse shell in Go
EXE = shell
SRC = .
LDFLAGS = -ldflags="-s -w"
windows:
GOOS=windows go build -o $(EXE)_win.exe $(LDFLAGS) $(SRC)
macos:
GOOS=darwin go build -o $(EXE)_macos $(LDFLAGS) $(SRC)
@lorenzhs
lorenzhs / tweetscam.py
Last active September 17, 2018 06:20
Twitter cryptoscam detection proof of concept. https://twitter.com/TinkerSec/status/961233575516389376
#!/usr/bin/env python3
# encoding: utf-8
# author: Lorenz Hübschle-Schneider
# This is really really simple. Twitter, you have no excuse for not doing something like this!
import codecs
import json
import re
from unicodedata import normalize