Skip to content

Instantly share code, notes, and snippets.

View h3xstream's full-sized avatar

Philippe Arteau h3xstream

514 followers · 42 following
View GitHub Profile
@rmoriz
rmoriz / howto.md
Created June 21, 2012 11:11
Qualys nginx SSL/TLS Admin Ego Enlargement How-To

Qualys nginx SSL/TLS Admin Ego Enlargement How-To

Configure nginx to get 94/98 points:

nginx.conf

http {
  ...
  ssl_session_cache    shared:SSL:10m;
  ssl_session_timeout  10m;
@jedp
jedp / gist:3005816
Created June 27, 2012 18:18
postMessage() security review checklist

Security-Reviewing Uses of postMessage()

The postMessage() API is an HTML5 extension that permits string message-passing between frames that don't share the same origin. It is available in all modern browsers. It is not supported in IE6 and IE7.

postMessage is generally considered very secure as long as the programmer is careful to check the origin and source of an arriving

@joernchen
joernchen / bounty.txt
Created February 22, 2014 16:17
Bounty writeup
GitHub RCE by Environment variable injection Bug Bounty writeup
Disclaimer: I'll keep this really short but I hope you'll get the key points.
GitHub blogged a while ago about some internal tool called gerve:
https://github.com/blog/530-how-we-made-github-fast
Upon git+sshing to github.com gerve basically looks up your permission
on the repo you want to interact with. Then it bounces you further in
another forced SSH session to the back end where the repo actually is.
@yrro
yrro / java-sd_notify.java
Last active August 19, 2024 12:20
The poor Java programmer's alternative to calling sd_notify
/*
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted.
THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE
FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
@coekie
coekie / SerialDOS.java
Created November 9, 2015 17:41
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.HashSet;
import java.util.Set;
// billion-laughs-style DoS for java serialization
public class SerialDOS {
@davidejones
davidejones / Makefile
Created January 19, 2017 16:59
mingw gcc dos compile (thanks to http://nullprogram.com/blog/2014/12/09/)
CFLAGS = -std=gnu99 -Wall -Wextra -Os -nostdlib -m32 -march=i386 \
-Wno-unused-function \
-ffreestanding -fomit-frame-pointer -fwrapv -fno-strict-aliasing \
-fno-leading-underscore \
-Wl,--nmagic,-static,-Tmingw.com.ld
all:
gcc $(CFLAGS) -o hello.o hello.c
objcopy -O binary hello.o hello.com
@laryn
laryn / replace_smartobject_image.js
Last active October 29, 2024 20:36
Photoshop script to replace a smart object within a PSD with selected image(s) and save result as a JPG. (Transformations to the smart object will be applied to new images).
// Replace SmartObject’s Content and Save as JPG
// 2017, use it at your own risk
// Via @Circle B: https://graphicdesign.stackexchange.com/questions/92796/replacing-a-smart-object-in-bulk-with-photoshops-variable-data-or-scripts/93359
// JPG code from here: https://forums.adobe.com/thread/737789
#target photoshop
if (app.documents.length > 0) {
var myDocument = app.activeDocument;
var theName = myDocument.name.match(/(.*)\.[^\.]+$/)[1];
var thePath = myDocument.path;
@sirodoht
sirodoht / migrate-django.md
Last active October 10, 2024 05:54
How to migrate Django from SQLite to PostgreSQL

How to migrate Django from SQLite to PostgreSQL

Dump existing data:

python3 manage.py dumpdata > datadump.json

Change settings.py to Postgres backend.

Make sure you can connect on PostgreSQL. Then: