Skip to content

Instantly share code, notes, and snippets.

View manicminer's full-sized avatar
☁️

Tom Bamford manicminer

☁️
View GitHub Profile
@manicminer
manicminer / bootable-win-on-mac.md
Created April 30, 2024 13:33 — forked from acarril/bootable-win-on-mac.md
Create a bootable Windows USB using macOS

For some reason, it is surprisingly hard to create a bootable Windows USB using macOS. These are my steps for doing so, which have worked for me in macOS Monterey (12.6.1) for Windows 10 and 11. After following these steps, you should have a bootable Windows USB drive.

1. Download a Windows disc image (i.e. ISO file)

You can download Windows 10 or Windows 11 directly from Microsoft.

2. Identify your USB drive

After plugging the drive to your machine, identify the name of the USB device using diskutil list, which should return an output like the one below. In my case, the correct disk name is disk2.

@manicminer
manicminer / transcode-video.sh
Created September 8, 2023 23:51 — forked from lisamelton/transcode-video.sh
Transcode video file (works best with Blu-ray or DVD rip) into MP4 (or optionally Matroska) format, with configuration and at bitrate similar to popular online downloads.
#!/bin/bash
#
# transcode-video.sh
#
# Copyright (c) 2013-2015 Don Melton
#
about() {
cat <<EOF
$program 5.13 of April 8, 2015
@manicminer
manicminer / firefox_disable_hsts.md
Created January 22, 2021 17:05 — forked from gingray/firefox_disable_hsts.md
firefox disable hsts
According to several forums, you can disable HSTS by introducing a new configuration variable. First, go to the Firefox configuration page (about:config), right-click, choose "New Integer", then provide the name "test.currentTimeOffsetSeconds" (no quotes) with a value of 11491200. This should bypass HSTS, although you may also need to clear the Cache and Active Logins in the Clear Recent History dialog (Ctrl-Shift-Del).

This apparently works because of a function called GetPreloadListEntry that checks to see if the current time is less than the next list expiration time; since the time is effectively calculated to be later than the expiration time, no check is performed. This effectively disables HSTS checks.
@manicminer
manicminer / proxy.md
Created January 8, 2021 22:01 — forked from jakedahn/proxy.md
complete ways to set http/socks/ssh proxy environment variables

set http or socks proxy environment variables

# set http proxy
export http_proxy=http://PROXYHOST:PROXYPORT

# set http proxy with user and password
export http_proxy=http://USERNAME:PASSWORD@PROXYHOST:PROXYPORT

# set http proxy with user and password (with special characters)
@manicminer
manicminer / hacker_howto.md
Created August 4, 2019 06:51 — forked from dalenunns/hacker_howto.md
A list of resources on how to be a hacker/pentester/security person - from #infosec on zatech.slack.com

Howto be a Hacker/Pentester/Security person - List of resources

I've just stolen HypnZA list of suggested links and added a few others by various people. (Please feel free to send me other links/info you think might be useful to add.)

HypnZA's commonly shared list (in the correct order):

  1. https://www.hacksplaining.com
  2. https://pentesterlab.com/exercises/web_for_pentester and https://pentesterlab.com/exercises/web_for_pentester_II
  3. Watch Ippsec's HackTheBox videos from oldest to newest, but attempt the box in the video before watching the video (requires a paid hackthebox account to access the machines in the videos)
BLURGHETY BLURRRRRRRM
@manicminer
manicminer / README.md
Last active January 25, 2024 12:27
Ansible invocation with assumed IAM role

Ansible invocation with assumed IAM role

How it works

  • boto3 initializes a session using the specified profile, for which it assumes a role as configured in your ~/.aws/config
  • Python script with above session initialization prints out shell-compatible environment variables of the temporary credentials
  • Wrapper script sets these a la eval
  • By the time Ansible runs, the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SECURITY_TOKEN (for boto2) / AWS_SESSION_TOKEN (for boto3) are all set, and are consumed by boto2 in the inventory script and other boto2-based modules

Notes

commit e244234a7f5cadaf885712b52f1e6eaf1231f734
Merge: 90011cd c0ceebe
Author: Tom Bamford <[email protected]>
Date: Wed Dec 7 11:53:37 2016 +0000
Merged in tom-nfs-fix (pull request #8)
NFS module fix
commit c0ceebee14b2bc8bdbdb81ab03efa07a25086c2a
commit e244234a7f5cadaf885712b52f1e6eaf1231f734
Merge: 90011cd c0ceebe
Author: Tom Bamford <[email protected]>
Date: Wed Dec 7 11:53:37 2016 +0000
Merged in tom-nfs-fix (pull request #8)
NFS module fix
commit c0ceebee14b2bc8bdbdb81ab03efa07a25086c2a
@manicminer
manicminer / info.md
Last active November 1, 2018 22:44
RDS Production termination protection

RDS Production Termination Protection

Create a policy like this, substituting your AWS account number, then attach it to all groups and roles. It will prevent deletion of RDS instances containing the string "prod" in their name.

Note: This is intended to prevent accidental deletion, and is easily sidestepped.