Malaya Zemlya malaya-zemlya
malaya-zemlya
/ cert2csr.py
Created
November 15, 2024 18:17
Convert a certificate in Google CA Service into CSR
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| from pathlib import Path | |
| from typing import Union | |
| import crcmod | |
| import hashlib | |
| import asn1crypto.pem | |
| import asn1crypto.x509 | |
| import asn1crypto.csr | |
| import asn1crypto.keys |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| POC of a redirect leak via CSP reports | |
| as described in https://obmiblog.blogspot.com/2019/12/gcp-5k-file-uploading-csrf.html | |
| Usage: navigate to http://localhost:8080/?http://url.to.check/ | |
| Works on Chrome v77 and Safari v13.0.5 | |
| On Firefox does the right thing and returns the original frame URL | |
| """ | |
| import json |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # WeBadge for DefCon#27 | |
| # From your friends in We Work InfoSec | |
| # Makes buddies with up to 4 Shitty Add-Ons | |
| import board | |
| import time | |
| import busio | |
| from digitalio import DigitalInOut, Direction, Pull | |
| from analogio import AnalogIn | |
| from pulseio import PWMOut |
malaya-zemlya
/ test_vault_server.py
Created
August 4, 2019 15:04
Demo of using Vault server harness
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import unittest | |
| from test.vault_server import VaultServer | |
| class TestVault(unittest.TestCase): | |
| def setUp(self) -> None: | |
| # establish connection to Vault | |
| pass | |
| def tearDown(self) -> None: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import logging | |
| import subprocess | |
| import sys | |
| import time | |
| log = logging.getLogger(__name__) | |
| class VaultServer(object): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| file=/tmp/test.txt | |
| rm -f "$file" | |
| touch "$file" # make sure file exists | |
| chown -h $(id -u):$(id -g) "$file" # make us the owner of the file | |
| chmod -h 600 "$file" # make sure it's not world-accessible | |
| # now that the attacker cannot swap the file from underneath us, | |
| # check that it's not a symlink | |
| if [[ -L "$file" ]]; then | |
| >&2 echo "File is a symlink" # |
malaya-zemlya
/ index.html
Last active
August 4, 2019 12:14
Takes a picture of a person that messed with your browser
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!doctype html> | |
| <html> | |
| <head> | |
| <style> | |
| body, iframe { | |
| margin: 0; | |
| padding: 0; | |
| border: 0; | |
| height: 100%; | |
| overflow: hidden; |
malaya-zemlya
/ rubber-ducky-full-screen
Last active
May 3, 2019 19:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DEFAULT_DELAY 300 | |
| REM Allow time for device to be recognized and cancel whatever was going on | |
| DELAY 500 | |
| ESC | |
| REM open spotlight | |
| GUI SPACE | |
| STRING terminal | |
| ENTER | |
| REM Allow time for terminal to open | |
| DELAY 200 |
malaya-zemlya
/ rubber-ducky-rickroll
Created
May 3, 2019 19:07
RubberDucky script for those who don't lock their Macs (RickRoll version)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DEFAULTDELAY 300 | |
| REM Allow time for device to be recognized | |
| DELAY 500 | |
| REM break out of whatever | |
| ESC | |
| DELAY 500 | |
| REM open spotlight | |
| GUI SPACE | |
| STRING terminal | |
| ENTER |
malaya-zemlya
/ gist:dd26d9e6337ba8da454b
Created
May 19, 2015 22:00
Injecting custom stylesheet into a Firefox main chrome page.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Since injecting stylesheets via chrome.manisfest doesn't work | |
| // properly in Add-On SDK, here's a hack | |
| // that allows adding custom stylesheets to the browser. | |
| const isBrowser = require("sdk/window/utils").isBrowser; | |
| const WindowTracker = require("sdk/deprecated/window-utils").WindowTracker; | |
| /** location of the stylesheet to inject */ | |
| const STYLESHEET_URL = "chrome://your_extension/content/stylesheet.css"; |