Skip to content

Instantly share code, notes, and snippets.

View spaze's full-sized avatar
🔒
https://localhost/?bbq="omg">'wtf'

Michal Špaček spaze

🔒
https://localhost/?bbq="omg">'wtf'
View GitHub Profile
@takeshixx
takeshixx / hb-test.py
Last active September 8, 2025 01:16
OpenSSL heartbeat PoC with STARTTLS support.
#!/usr/bin/env python2
"""
Author: takeshix <[email protected]>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford ([email protected]).
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""
import sys,struct,socket
from argparse import ArgumentParser
@zakjan
zakjan / cryptoHelpers.coffee
Last active June 26, 2021 08:29
Encryption in NodeJS
###*
* Encryption:
*
* cipher: AES-128-CBC
* key: 16 bytes
* IV: 16 bytes, random, non-reused, prepended to cipher text
* padding: PKCS#7
###
crypto = require 'crypto'
@brianlmoon
brianlmoon / socket_connect_timeout.php
Last active February 20, 2025 07:13
Using socket_connect with a reliable timeout in PHP
<?php
/**
* I was having trouble with socket connections timing out reliably. Sometimes,
* my timeout would be reached. Other times, the connect would fail after three
* to six seconds. I finally figured out it had to do with trying to connect to
* a routable, non-localhost address. It seems the socket_connect call would
* not fail immediately for those connections. This function is what I finally
* ended up with that reliably connects to a working server, fails quickly for
* a server that has an address/port that is not reachable and will reach the
@atoponce
atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active October 12, 2025 19:54 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

@roycewilliams
roycewilliams / CAA-adoption-notes.md
Last active March 23, 2024 12:56
CAA-adoption-notes.md
@gboudreau
gboudreau / AuthyToOtherAuthenticator.md
Last active October 21, 2025 15:00 — forked from Ingramz/AuthyToOtherAuthenticator.md
Export TOTP tokens from Authy

Exporting your 2FA tokens from Authy to transfer them into another 2FA application

IMPORTANT - Update regarding deprecation of Authy desktop apps

Past August 2024, Authy stopped supported the desktop version of their apps:
See Authy is shutting down its desktop app | The 2FA app Authy will only be available on Android and iOS starting in August for details.

And indeed, after a while, Authy changed something in their backend which now prevents the old desktop app from logging in. If you are already logged in, then you are in luck, and you can follow the instructions below to export your tokens.

If you are not logged in anymore, but can find a backup of the necessary files, then restore those files, and re-install Authy 2.2.3 following the instructions below, and it should work as expected.

@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active September 16, 2025 17:32
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@rscs
rscs / FlipperZero-RFID-blanks.md
Last active July 11, 2025 19:15
Rewritable RFID blanks for Flipper Zero

A list of rewritable RFID blanks that are compatible with Flipper Zero.

X indicates a particular protocol is writable.

? indicates it is unknown if a particular protocol is writable.

Brand Type Chip EM4100 H10301 Indala26 IoProxXSF AWID FDX-A FDX-B HIDProx HIDExt Pyramid Viking Jablotron Paradox PAC/Stanley Keri Gallagher
ETEKJOY Fob EM4305 X X X X X X
@Chick3nman
Chick3nman / RTX_4090_v6.2.6.Benchmark
Created October 14, 2022 00:07
Hashcat v6.2.6 benchmark on the Nvidia RTX 4090
NVIDIA Driver Version: 522.25 CUDA Version: 11.8
Credit: blazer
For benchmarking the card and allowing me to release the benchmarks here
The hashcat installation used includes a change to the tuning ALIAS.hctune file to include the RTX 4090 as "ALIAS_nv_sm50_or_higher".
The "Kernel exec timeout" warning is cosmetic and does not affect the speed of any of the benchmarked modes.
Benchmark was run at stock clocks on an Asus Strix 4090.