Skip to content

Instantly share code, notes, and snippets.

View nu11secur1ty's full-sized avatar
:octocat:
root@kali:~# 🐫Perl

nu11secur1ty nu11secur1ty

:octocat:
root@kali:~# 🐫Perl
View GitHub Profile
@nu11secur1ty
nu11secur1ty / HTTPS and HTTP spoof by ettercap.MD
Last active October 18, 2023 08:39
HTTPS and HTTP spoof by ettercap

Why some (major) HTTPS websites cannot easily intercepted

This Wiki page is intended to answer a question, that is raised with increasing frequency.

The issue

Ettercap has three possiblities to try to sneak into HTTPS secured websites

  1. HTTPS interception (should dedicate a Wiki page for that as well)
  2. HTTPS stripping (sslstrip plugin)
  3. DNS spoofing and redirection to an own webserver

The problem is, that with some (and especially the famous ones) none of those techniques work except if one condition can be satisfied:

@nu11secur1ty
nu11secur1ty / Hackers and Crackers.MD
Last active July 25, 2019 18:24
Hackers and Crackers

Hackers-and-Crackers

Професионалистите, свързани с информационната сигурност се разделят на ХАКЕРИ (hackers) и КРАКЕРИ (crackers). И едните и другите се занимават с решаването на една и съща задача - търсене на уязвимостта в информационната система, разликата е в гледната им точка към проблема.


Хакер

@nu11secur1ty
nu11secur1ty / git_cheat-sheet.md
Created April 21, 2019 12:03 — forked from davfre/git_cheat-sheet.md
git commandline cheat-sheet
@nu11secur1ty
nu11secur1ty / install_python3.6_opensuse42.3.sh
Created June 12, 2018 10:57 — forked from amoilanen/install_python3.6_opensuse42.3.sh
Installing Python 3.6 on OpenSUSE Leap 42.3
# !/bin/bash
# Step 1. Install pyenv
git clone https://github.com/pyenv/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo -e 'if command -v pyenv 1>/dev/null 2>&1; then\n eval "$(pyenv init -)"\nfi' >> ~/.bashrc
# Step 2. Install missing headers for all the Python modules to be built
@nu11secur1ty
nu11secur1ty / cspheader.php
Created January 9, 2018 09:12 — forked from phpdave/cspheader.php
CSP Header for PHP or Apache or .htaccess - Content Security Protocol
<?
//CSP only works in modern browsers Chrome 25+, Firefox 23+, Safari 7+
$headerCSP = "Content-Security-Policy:".
"connect-src 'self' ;". // XMLHttpRequest (AJAX request), WebSocket or EventSource.
"default-src 'self';". // Default policy for loading html elements
"frame-ancestors 'self' ;". //allow parent framing - this one blocks click jacking and ui redress
"frame-src 'none';". // vaid sources for frames
"media-src 'self' *.example.com;". // vaid sources for media (audio and video html tags src)
"object-src 'none'; ". // valid object embed and applet tags src
"report-uri https://example.com/violationReportForCSP.php;". //A URL that will get raw json data in post that lets you know what was violated and blocked
@nu11secur1ty
nu11secur1ty / xss_clean.php
Created January 7, 2018 11:32 — forked from mbijon/xss_clean.php
XSS filtering in PHP (cleans various UTF encodings & nested exploits)
<?php
/*
* XSS filter, recursively handles HTML tags & UTF encoding
* Optionally handles base64 encoding
*
* ***DEPRECATION RECOMMENDED*** Not updated or maintained since 2011
* A MAINTAINED & BETTER ALTERNATIVE => kses
* https://github.com/RichardVasquez/kses/
*
* This was built from numerous sources
@nu11secur1ty
nu11secur1ty / AGO_PullHostedFeatures.py
Created November 26, 2017 18:41 — forked from oevans/AGO_PullHostedFeatures.py
Python script to pull hosted features with attachments into a local file geodatabase. See ReadMe below.
import os, urllib, urllib2, datetime, arcpy, json
## ============================================================================== ##
## function to update a field - basically converts longs to dates for date fields ##
## since json has dates as a long (milliseconds since unix epoch) and geodb wants ##
## a proper date, not a long.
## ============================================================================== ##
def updateValue(row,field_to_update,value):
outputfield=next((f for f in fields if f.name ==field_to_update),None) #find the output field
@nu11secur1ty
nu11secur1ty / get_oauth2_token.py
Created November 26, 2017 17:45 — forked from burnash/get_oauth2_token.py
Simple command line script to fetch a Google API's access token.
'''
This script will attempt to open your webbrowser,
perform OAuth 2 authentication and print your access token.
It depends on two libraries: oauth2client and gflags.
To install dependencies from PyPI:
$ pip install python-gflags oauth2client

Ядра

В компютърния свят, ядрото е фундаментална част от операционната система. То е част от софтуера, отговорен за предоставянето на сигурен достъп на програмите до хардуера на машината. Тъй като има много програми и достъпът до хардуера е ограничен, ядрото е също отговорно за решаването кога и колко дълго една програма ще бъде допусната да използва част от хардуера. Осигуряването на директен достъп до хардуера може също така да бъде много сложно, затова ядрата обикновено имплементират серия от хардуерни абстракции. Тези абстракции са начин, чрез който се скрива сложността, и се доставя ясен и непроменлив интерфейс към подлежащия хардуер, което улеснява живота на програмистта. Има четири вида ядра:

Монолитните ядра осигуряват богата и мощна абстракция от хардуера
Микро ядрата осигуряват малка серия от прости хардуерни абстракции и използват програми наречени драйвери, за да се сдобият с повече функционалност

Хибридните ядра са почти като микро ядрата, с изключение на това, че имат повече код в

1. What Is Kernel?

A kernel is a central component of an operating system. It acts as an interface between the user applications and the hardware. The sole aim of the kernel is to manage the communication between the software (user level applications) and the hardware (CPU, disk memory etc). The main tasks of the kernel are :

Process management
Device management
Memory management
Interrupt handling

I/O communication