ɘɿuɔɐɿɈ tracure1337

Extend Gitlab Access Tokens

Gitlab enforced token expiry limits to 365 days last year, and the time is now upon us.

They don't have an opt-out for this, and haven't provided a way to easily extend tokens in the web interface. They have also gated their credential management interface behind their Ultimate license.

This quickly thrown together script will allow you to add an extra year to all tokens that expire in the next 30 days. It will not reactivate tokens that have already expired.

Requires the python-gitlab module. Edit your self-hosted Gitlab instance details into the script and run it. It will dump out CSVs of all expiring tokens, and then dump out a list of commands you can paste into a gitlab-rails console session to extend the expiry date by another year. If you need them to be active for longer, change 1.year.from_now to the value of your choice, e.g. `10.years.fro

Reverse Engineering on macOS

Some notes, tools, and techniques for reverse engineering macOS binaries.

Deobfuscating / Unminifying Obfuscated Web App / JavaScript Code

Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code.

Detecting RMM

ℹ️ This was duplicated to this blog for readability and reference

The most difficult challenge with RMM detection is contextual awareness around usage to determine if it is valid or malicious.

	{
	"description": "Bypass WAFs with 8KB Padding.",
	"edition": 2,
	"graph": {
	"edges": [
	{
	"source": {
	"exec_alias": "exec",
	"node_id": 2
	},

	// 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks.
	// You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/)
	(() => {
	const SHOW_SIDES = false; // color sides of DOM nodes?
	const COLOR_SURFACE = true; // color tops of DOM nodes?
	const COLOR_RANDOM = false; // randomise color?
	const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com)
	const MAX_ROTATION = 180; // set to 360 to rotate all the way round
	const THICKNESS = 20; // thickness of layers
	const DISTANCE = 10000; // ¯\\_(ツ)_/¯

	Latency Comparison Numbers (~2012)
	----------------------------------
	L1 cache reference 0.5 ns
	Branch mispredict 5 ns
	L2 cache reference 7 ns 14x L1 cache
	Mutex lock/unlock 25 ns
	Main memory reference 100 ns 20x L2 cache, 200x L1 cache
	Compress 1K bytes with Zippy 3,000 ns 3 us
	Send 1K bytes over 1 Gbps network 10,000 ns 10 us
	Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD

	package main

	// ▄─▄ ▄ ▄ ▄ ──▄ ▄─▄ ▄─▄
	// ▓─ ▓ ▓ ▓ ▓ ▓ ▀─▄ ▀─▄
	// ▀ ▀─▀─▀ ──▀ ▀─▀ ▀─▀
	// f w d --> 5 5
	//
	// simple rfc1928 proxy server
	//
	//

	/**
	* RuntimeGlobalsChecker
	*
	* You can use this utility to quickly check what variables have been added (or
	* leaked) to the global window object at runtime (by JavaScript code).
	* By running this code, the globals checker itself is attached as a singleton
	* to the window object as "__runtimeGlobalsChecker__".
	* You can check the runtime globals programmatically at any time by invoking
	* "window.__runtimeGlobalsChecker__.getRuntimeGlobals()".
	*