Skip to content

Instantly share code, notes, and snippets.

View udhos's full-sized avatar
👾
Wondering

udhos

👾
Wondering
132 followers · 165 following
  • São Paulo, Brazil
View GitHub Profile
@MicahParks
MicahParks / vault_login.go
Created June 9, 2021 23:21
Golang Vault login authentication using AWS
package vault
import (
"encoding/base64"
"encoding/json"
"fmt"
"io/ioutil"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts"
@sanketsudake
sanketsudake / kind-kubernetes-metrics-server.md
Last active June 19, 2025 05:56
Running metric-server on Kind Kubernetes

I have created a local Kubernetes cluster with kind. Following are changes you need to get metric-server running on Kind.

Deploy latest metric-server release.

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.5.0/components.yaml

Within existing arguments to metric-server container, you need to add argument --kubelet-insecure-tls.

@motoyasu-saburi
motoyasu-saburi / lack_escape_content-disposition_filename.md
Last active March 4, 2025 05:49
Land Mine named "Content-Disposition > filename"

TL;DR

  • I found 1 browser, 1 language, and 15 vulnerabilities in { Web Framework, HTTP Client library, Email library / Web Service, etc }
  • All the vulnerabilities I found were found from a single perspective (I investigated maybe 50-80 products).
  • The RFC description of the problem (rather confusingly) describes the requirements for this problem, while the WHATWG > HTML Spec is well documented.
  • The problem is clearly targeted at the Content-Disposition fields filename and filename*.
  • This problem affects HTTP Request/Response/Email in different ways.
    • HTTP Request : request tampering (especially with file contents, tainting of other fields, etc.)
    • HTTP Response : Reflect File Download vulnerability
  • Email : Attachment tampering (e.g., extension and filename tampering and potential file content tampering)
@zachmu
zachmu / range_iters.go
Created July 12, 2024 19:21
package main
import (
"fmt"
"io"
"iter"
"math/big"
"math/rand"
)