Skip to content

Instantly share code, notes, and snippets.

View supersat's full-sized avatar

Karl Koscher supersat

110 followers · 67 following
View GitHub Profile
@nstarke
nstarke / wemo-soap.md
Created September 12, 2016 04:05
SOAP Calls for UPnP Services on WeMo Devices

SOAP Calls for UPnP Services in WeMo Devices

Note: this write up doesn't contain any vulnerabilties or exploits!

I was recently taking a look at a few WeMo embedded devices. WeMo Devices are IoT contraptions like light switches, space heaters, and coffee machines that are network enabled. I examined the "Holmes Smart Heater". Both had port 41953 open, which is a common port for UPnP services. I decided to dig a little deeper and figure out a way to interact with the SOAP services which UPnP relies on in order to hunt for bugs. My goal was to retrieve sensitive information, such as the WiFi password, from the device.

Using Miranda's MSEARCH (which comes preinstalled on Kali Linux), I was able to discover the setup.xml file for the service I was examining. This file will always be XML, but the actual file name can change. Another way to discover this initial entry point is to examine the network traffic with WireShark. The MSEARCH HTTP requests are easy

@jvns
jvns / interview-questions.md
Last active September 8, 2025 06:02
A list of questions you could ask while interviewing

A lot of these are outright stolen from Edward O'Campo-Gooding's list of questions. I really like his list.

I'm having some trouble paring this down to a manageable list of questions -- I realistically want to know all of these things before starting to work at a company, but it's a lot to ask all at once. My current game plan is to pick 6 before an interview and ask those.

I'd love comments and suggestions about any of these.

I've found questions like "do you have smart people? Can I learn a lot at your company?" to be basically totally useless -- everybody will say "yeah, definitely!" and it's hard to learn anything from them. So I'm trying to make all of these questions pretty concrete -- if a team doesn't have an issue tracker, they don't have an issue tracker.

I'm also mostly not asking about principles, but the way things are -- not "do you think code review is important?", but "Does all code get reviewed?".

@sebpiq
sebpiq / gist:4128537
Last active April 22, 2024 15:20
Python implementation of the Goertzel algorithm for calculating DFT terms
# Copyright © 2020 Sébastien Piquemal [email protected]
# This work is free. You can redistribute it and/or modify it under the
# terms of the Do What The Fuck You Want To Public License, Version 2,
# as published by Sam Hocevar. See the license text below for more details.
#
# --------------------------------------------------------------------
#
# DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
# Version 2, December 2004
#