chtzvt

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

chtzvt

# frozen_string_literal: true

require 'yaml'
require 'strscan'

# Monkey patching of Psych is necessary in this case because by default, its
# tokenizer interprets the YAML keys "on" and "off" as "true" and "false", respectively.

# This means it's impossible to generate and emit a valid Actions workflow with the
# standard library YAML parser, as the "on" key is used to specify a block of events which

chtzvt

# frozen_string_literal: true

require "bundler/inline"

gemfile do
  source "https://rubygems.org"
  gem "curses"
end

class Snake

chtzvt

require "sinatra"
require "openssl"
require "faraday"
require "json"
require "base64"
require "octokit"

set :port, 3000

COPILOT_API_KEYS_URL = "https://api.github.com/meta/public_keys/copilot_api"

chtzvt

GitHubAuditLogPolling_CL
| where action_s =~ "integration_installation.repositories_added" or action_s =~ "integration_installation.create"
| extend appName = tostring(name_s)
| extend organization = tostring(org_s)
| project-reorder TimeGenerated, actor_s, org_s, organization
| extend date_time = unixtime_milliseconds_todatetime(_timestamp_d)
| project TimeGenerated = date_time, AccountCustomEntity = actor_s, organization = org_s, appName , action = action_s

chtzvt

# .pdf to .pdf - 90+% compression ratio (lossy)

find . -type f -iname "*.pdf" -exec gs -sDEVICE=pdfwrite -dPDFSETTINGS=/prepress -dCompatibilityLevel=1.4 -dNOPAUSE -dBATCH -sOutputFile={}.optimized.pdf {} \;

# .ai to .pdf - 90+% compression ratio

find . -type f -iname "*.ai" -exec gs -sDEVICE=pdfwrite -dPDFSETTINGS=/prepress -dCompatibilityLevel=1.4 -dNOPAUSE -dBATCH -sOutputFile={}.optimized.pdf {} \;

chtzvt

require 'octokit'

access_token = ENV["GH_PAT"]
org_name = ENV["GH_ORG"]

begin
  client = Octokit::Client.new(access_token: access_token)
rescue Octokit::Unauthorized
    puts "Invalid access token. Please set the GH_PAT environment variable to a valid GitHub Personal Access Token."
    exit

chtzvt

# Welcome to the Starter Pipeline for GitHub Advanced Security for Azure DevOps (GHAzDo)
#
# This pipeline enables two core features of GHAzDo for your repository: 
#
# - Dependency Scanning, which will examine your application's package manifests
# to find and alert on any vulnerable dependencies you may be using, and
#
# - Code Scanning, which performs static analysis (SAST) of your application's source
# code to identify certain types of security vulnerabilities, along with additional, 
# optional quality checks.

chtzvt

# LVDB - LLOOGG Memory DB
# Copyriht (C) 2009 Salvatore Sanfilippo <antirez@gmail.com>
# All Rights Reserved

# TODO
# - cron with cleanup of timedout clients, automatic dump
# - the dump should use array startsearch to write it line by line
#   and may just use gets to read element by element and load the whole state.
# - 'help','stopserver','saveandstopserver','save','load','reset','keys' commands.
# - ttl with milliseconds resolution 'ttl a 1000'. Check ttl in dump!

chtzvt

GitHub Secret Scanning - PEM Format

Secret format: ((\w|[=/+])+\r?\n)+

Before secret: -----BEGIN ([A-Z]+ )?PRIVATE KEY-----\r?\n

After secret: -----END ([A-Z]+ )?PRIVATE KEY-----