This document has moved; its new address is: https://github.com/Yubico/webauthn-recovery-extension
Ackermann Yuriy yackermann
🎯
watahani
/ verifySafetyNetAttestation.js
Last active
December 4, 2020 09:18
verify SafetyNet Attestation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const base64url = require("base64url") | |
| const cbor = require('cbor') | |
| const crypto = require('crypto') | |
| const jsrsasign = require('jsrsasign') | |
| //sample attestation ;) | |
| const attestationResponse = { | |
| "attestationObject": "o2NmbXRxYW5kcm9pZC1zYWZldHluZXRnYXR0U3RtdKJjdmVyaDE0MzY2MDE5aHJlc3BvbnNlWRS9ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbmcxWXlJNld5Sk5TVWxHYTJwRFEwSkljV2RCZDBsQ1FXZEpVVkpZY205T01GcFBaRkpyUWtGQlFVRkJRVkIxYm5wQlRrSm5hM0ZvYTJsSE9YY3dRa0ZSYzBaQlJFSkRUVkZ6ZDBOUldVUldVVkZIUlhkS1ZsVjZSV1ZOUW5kSFFURlZSVU5vVFZaU01qbDJXako0YkVsR1VubGtXRTR3U1VaT2JHTnVXbkJaTWxaNlRWSk5kMFZSV1VSV1VWRkVSWGR3U0ZaR1RXZFJNRVZuVFZVNGVFMUNORmhFVkVVMFRWUkJlRTFFUVROTlZHc3dUbFp2V0VSVVJUVk5WRUYzVDFSQk0wMVVhekJPVm05M1lrUkZURTFCYTBkQk1WVkZRbWhOUTFaV1RYaEZla0ZTUW1kT1ZrSkJaMVJEYTA1b1lrZHNiV0l6U25WaFYwVjRSbXBCVlVKblRsWkNRV05VUkZVeGRtUlhOVEJaVjJ4MVNVWmFjRnBZWTNoRmVrRlNRbWRPVmtKQmIxUkRhMlIyWWpKa2MxcFRRazFVUlUxNFIzcEJXa0puVGxaQ1FVMVVSVzFHTUdSSFZucGtRelZvWW0xU2VXSXliR3RNYlU1MllsUkRRMEZUU1hkRVVWbEtTMjlhU1doMlkwNUJVVVZDUWxGQlJHZG5SVkJCUkVORFFWRnZRMmRuUlVKQl |
rain-1
/ Wannacrypt0r-FACTSHEET.md
Last active
March 30, 2025 17:12
— forked from Epivalent/Wannacrypt0r-FACTSHEET.md
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comis up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
umidjons
/ aes-256-cbc-nodejs-crypto.md
Last active
March 13, 2022 07:12
AES-256-CBC example in Node.js using crypto module
'use strict';
const crypto = require('crypto');
// get password's md5 hash
let password = 'test';
let password_hash = crypto.createHash('md5').update(password, 'utf-8').digest('hex').toUpperCase();
console.log('key=', password_hash); // 098F6BCD4621D373CADE4E832627B4F6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; | |
| // Use a lookup table to find the index. | |
| var lookup = new Uint8Array(256); | |
| for (var i = 0; i < chars.length; i++) { | |
| lookup[chars.charCodeAt(i)] = i; | |
| } | |
| // stolen from: | |
| // https://github.com/niklasvh/base64-arraybuffer/blob/master/lib/base64-arraybuffer.js |
Not all random values are created equal - for security-related code, you need a specific kind of random value.
A summary of this article, if you don't want to read the entire thing:
- Don't use
Math.random(). There are extremely few cases whereMath.random()is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case. - Don't use
crypto.getRandomBytesdirectly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable. - If you want to generate random tokens or API keys: Use
uuid, specifically theuuid.v4()method. Avoidnode-uuid- it's not the same package, and doesn't produce reliably secure random values. - If you want to generate random numbers in a range: Use
random-number-csprng.
You should seriously consider reading the entire article, though - it's
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //: # Swift 3: Using URLComponents | |
| import Foundation | |
| //: ### Compose the componens | |
| var url = URLComponents() | |
| url.scheme = "http" | |
| url.host = "google.com" | |
| //: ### Pass the query string parameters | |
| url.queryItems = [ | |
| URLQueryItem(name: "test", value: "data"), |
secvalve
/ baxel.sh
Created
May 25, 2016 00:34
A bash script that uses CURL to get a file in parts, ala axel. Usage: baxel numparts url eg ./baxel 3 http://www.google.com/robots.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #$1 numparts, #$2 url | |
| #Get length | |
| TL=$(curl -sI $2 | grep Content-Length | awk '{printf "%d", $2}') | |
| echo "$s is $TL Bytes Long” | |
| #GetChunks | |
| for i in `seq 0 $(( $1 - 1 ))`; | |
| do |
application2000
/ how-to-install-latest-gcc-on-ubuntu-lts.txt
Last active
January 13, 2025 03:52
How to install latest gcc on Ubuntu LTS (12.04, 14.04, 16.04)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| These commands are based on a askubuntu answer http://askubuntu.com/a/581497 | |
| To install gcc-6 (gcc-6.1.1), I had to do more stuff as shown below. | |
| USE THOSE COMMANDS AT YOUR OWN RISK. I SHALL NOT BE RESPONSIBLE FOR ANYTHING. | |
| ABSOLUTELY NO WARRANTY. | |
| If you are still reading let's carry on with the code. | |
| sudo apt-get update && \ | |
| sudo apt-get install build-essential software-properties-common -y && \ | |
| sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y && \ |
skratchdot
/ arrayBufferToString.js
Created
March 3, 2016 04:43
Array Buffer -> String and String -> ArrayBuffer conversions in javascript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // source: http://stackoverflow.com/a/11058858 | |
| function ab2str(buf) { | |
| return String.fromCharCode.apply(null, new Uint16Array(buf)); | |
| } |
NewerOlder