Skip to content

Instantly share code, notes, and snippets.

View mikalv's full-sized avatar

Mikal mikalv

260 followers · 1.3k following
View GitHub Profile
@seanw2020
seanw2020 / ssh-ca.md
Last active February 19, 2024 03:15
How to configure and visualize an SSH CA

How to configure an SSH CA, with visuals

ssh certificates

SSH CA

For details, see "Mastering SSH", Second Edition, Chapter 14: Certificate Authorities. Also see 'man ssh-keygen': "ssh-keygen supports signing of keys to produce certificates that may be used for user or host authentication. Certificates consist of a public key, some identity information, zero or more principal (user or host) names and a set of options that are signed by a Certification Authority (CA) key. Clients or servers may then trust only the CA key and verify its signature on a certificate rather than trusting many user/host keys. Note that OpenSSH certificates are a different, and much simpler, format to the X.509 certificates used in ssl(8).

Create two CAs

Choose a computer to act as the CA. We'll call this the CA computer (not CA host, since "host" is overloaded here). In this examp

@manzanit0
manzanit0 / pooled_crawler.ex
Last active July 25, 2022 08:58
Web crawler which uses Floki and HTTPoison – does 5 request at a time
# Dependencies:
# {:httpoison, "~> 1.5"},
# {:floki, "~> 0.21.0"}
# {:benchee, "~> 1.0"} (Only for benchmarking – not in the script)
defmodule CrawlQueue do
use Agent
def start_link(urls) do
@da-n
da-n / gist:f906ca5a7e2a9c5fa7e29883b80a3be9
Created August 24, 2019 21:19
Unlock rootfs via SSH login in initramfs

unlocking rootfs via ssh login in initramfs

You can unlock your rootfs on bootup from remote, using ssh to log in to the booting system while it's running with the initramfs mounted.

Setup

For remote unlocking to work, the following packages have to be installed before building the initramfs: dropbear busybox

The file /etc/initramfs-tools/initramfs.conf holds the configuration options used when building the initramfs. It should contain BUSYBOX=y (this is set as the default when the busybox package is installed) to have busybox installed into the initramfs, and should not contain DROPBEAR=n, which would disable installation of dropbear to initramfs. If set to DROPBEAR=y, dropbear will be installed in any case; if DROPBEAR isn't set at all, then dropbear will only be installed in case of an existing cryptroot setup.

@nstarke
nstarke / 01-reversing-cisco-ios-raw-binary-firmware-images-with-ghidra.md
Last active April 7, 2025 08:32
Reversing Cisco IOS Raw Binary Firmware Images with Ghidra

Reversing Raw Binary Firmware Files in Ghidra

This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.

Prep work in Binwalk

I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.

While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.

@terafin
terafin / UniFi USG DNS Redirect Setup.md
Last active April 13, 2025 17:11
UniFi USG DNS Redirect Setup
  1. Log into unifi controller web UI
  2. Go to Settings
  3. Select Routing & Firewall
  4. Select Firewall
  5. Select Groups
  6. Hit "Create new Group"
  7. Enter all your DNS servers here you want to be allowed on the local LAN (Eg, mine is 10.0.1.1 - gateway, 10.0.1.14 - pi-hole)
  8. Name this "Allowed DNS Servers"
  9. Hit OK
  10. SSH into the Gateway - NOT the CloudKey (username/password is whatever you set up)
@aveao
aveao / bird1-bird-vultr.conf
Last active February 23, 2025 15:54
BIRD 1 and 2 configs for BGP stuffs (HE Tunnelbroker, Vultr etc)
router id [our IPv4];
protocol bgp vultr
{
local as [our ASN];
source address [our IPv4 from vultr];
import all;
export filter {
if net ~ [[the IPv4 block we want to announce]] then accept;
reject;
@rjhansen
rjhansen / keyservers.md
Last active May 18, 2025 22:32
SKS Keyserver Network Under Attack

SKS Keyserver Network Under Attack

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Terminological Note

"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.

Who am I?

@hl
hl / context.ex
Last active August 28, 2021 04:55
defmodule Context do
@moduledoc false
defmacro __using__(opts) do
repo = Keyword.fetch!(opts, :repo)
quote do
import Context, only: [context: 1, context: 2]
Module.put_attribute(__MODULE__, :__repo__, unquote(repo))
@astarasikov
astarasikov / RenameFunctionsFromDebugPrints.java
Last active June 25, 2024 01:40
Ghidra script to rename functions from debug prints
/* ###
* IP: GHIDRA
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
@knightsc
knightsc / hijack.c
Created February 26, 2019 21:20
Example of how to hijack a thread on macOS to run code in a remote process
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <unistd.h>
#include <mach/mach.h>
#include <mach/mach_vm.h>
#include <dlfcn.h>
#include <objc/runtime.h>