Skip to content

Instantly share code, notes, and snippets.

View dfwarden's full-sized avatar

David Warden dfwarden

11 followers · 17 following
View GitHub Profile
@carolynvs
carolynvs / .gitconfig
Last active October 19, 2022 14:44
git wip - Show what branches you have been working on lately
[alias]
wip = for-each-ref --sort='authordate:iso8601' --format=' %(color:green)%(authordate:relative)%09%(color:white)%(refname:short)' refs/heads
@lizthegrey
lizthegrey / attributes.rb
Last active August 25, 2024 11:16
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@dylanmckay
dylanmckay / facebook-contact-info-summary.rb
Last active March 12, 2024 22:46
A Ruby script for collecting phone record statistics from a Facebook user data dump
#! /usr/bin/env ruby
# NOTE: Requires Ruby 2.1 or greater.
# This script can be used to parse and dump the information from
# the 'html/contact_info.htm' file in a Facebook user data ZIP download.
#
# It prints all cell phone call + SMS message + MMS records, plus a summary of each.
#
# It also dumps all of the records into CSV files inside a 'CSV' folder, that is created
@dumbledore
dumbledore / mount-bitlocker
Created February 20, 2018 21:05
Mount/umount wrapper for dislocker on MacOS
#!/bin/bash
BITLOCKER_PARTITION="${1}"
BITLOCKER_PASSWORD="${2}"
function usage() {
echo "$(basename ${0}) <partition> <password>"
echo "Unlocks and mounts a bitlocker partition as read-only"
}
if [ -z "${BITLOCKER_PARTITION}" ]
@SciresM
SciresM / public_keys.md
Last active July 31, 2024 01:33

Nintendo Switch RSA-PKCS#1 Public Key Recovery

This is a short writeup of a fun (but ultimately pretty useless) attack I implemented on the Nintendo Switch a few months ago resulting in the recovery of some otherwise unobtainable RSA public keys. Since public keys aren't private keys, this is pretty useless, apart from letting us validate some signatures on PC. Even so, the attack is a pretty cool one, so I thought I'd write it up.

Every Switch gamecart has a unique certificate (called its "CERT"), storing an RSA signature followed by some kind of unknown but unique encrypted data. I was trying to reverse how these certificates work, and the obvious first step was to try to see how they were validated. However, when I tried looking through the FileSystem (FS) module, which should be responsible for validating these certificates, I found no references to the format at all. The "CERT" magic number was nowhere to be seen, and I couldn't find an RSA modulus that validated the signatures I had. This was in

@jessfraz
jessfraz / boxstarter.ps1
Last active July 7, 2024 22:46
Boxstarter Commands for a new Windows box.
# Description: Boxstarter Script
# Author: Jess Frazelle <jess@linux.com>
# Last Updated: 2017-09-11
#
# Install boxstarter:
# . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
#
# You might need to set: Set-ExecutionPolicy RemoteSigned
#
# Run this boxstarter by calling the following from an **elevated** command-prompt:
@gboudreau
gboudreau / AuthyToOtherAuthenticator.md
Last active September 22, 2024 17:19 — forked from Ingramz/AuthyToOtherAuthenticator.md
Export TOTP tokens from Authy

Exporting your 2FA tokens from Authy to transfer them into another 2FA application

IMPORTANT - Update regarding deprecation of Authy desktop apps

Past August 2024, Authy stopped supported the desktop version of their apps:
See Authy is shutting down its desktop app | The 2FA app Authy will only be available on Android and iOS starting in August for details.

And indeed, after a while, Authy changed something in their backend which now prevents the old desktop app from logging in. If you are already logged in, then you are in luck, and you can follow the instructions below to export to tokens.

If you are not logged in anymore, but can find a backup of the necessary files, then restore those files, and re-install Authy 2.2.3 following the instructions below, and it should work as expected.

@pmoranga
pmoranga / puppet-firewall-docker.pp
Created February 8, 2016 23:55
Make puppetlabs-firewall works with docker smoothly
class my_fw::pre {
# Disable due to selective purges of firewallchain
# resources { "firewall":
# purge => true
# }
# Avoid removing Docker rules:
firewallchain { 'FORWARD:filter:IPv4':
purge => true,
@jewelia
jewelia / gist:0b8f26e91f2818bef460
Last active August 29, 2015 14:15
3 Great Engineering Management Talks from 2014

General key themes:

  • Hiring is really hard. You’re not just hiring a “Rails Engineer” or a “Python Programmer” you’re hiring someone who can help you change the world. Tell them why! Talk about the hard problems you’re solving. 2/3 of these talks give ideas and insight into hiring from sourcing to actual interview processes.

  • Rewriting systems is hard. People think they are going to replace their broken down horse and buggie with a bullet train and this often ends up in disaster. Successful rewrites require an incremental approach that takes months/years and often runs way over schedule. 2/3 of these talks go over how to handle rewrites not only from a high level technical perspective but a cultural/management perspective as well.

Two Developers, Many Lines of Code, and A Campaign that Made History

Harper Reed (CTO of Obama for America, now CEO of Modest) and Dylan Richard (Director of Eng of Obama for America, now CTO of Modest)

@isaacs
isaacs / Makefile
Last active September 17, 2024 08:25
# Hello, and welcome to makefile basics.
#
# You will learn why `make` is so great, and why, despite its "weird" syntax,
# it is actually a highly expressive, efficient, and powerful way to build
# programs.
#
# Once you're done here, go to
# http://www.gnu.org/software/make/manual/make.html
# to learn SOOOO much more.