Graham Sutherland gsuberland

## infosec-keywords-reference.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                gsuberland
                / infosec-keywords-reference.md
            
            
              Last active
              November 11, 2025 04:22
            
              
                Infosec keyword reference
              
          
    Infosec keywords

This is just a big ol' list of keywords to search and learn about. No particular order. Search each of these and learn a bit about it, and try out all of the techniques you can manage.
Remember to focus on understanding the actual technology you're targeting. Security is fundamentally about learning what the computer actually does, so you can identify cases where the intent doesn't match the practical behaviour. Spend the time to understand the behaviours that you're exploiting, rather than just memorising the tricks - my old boss always used to say "we can teach computer people security, we can't teach security people computers", and it's very true.

Reflected and stored XSS
HttpOnly / Secure cookie flags
HTTP security headers
Content Security Policy


## BalloonHash.cs
/*

An implementation of Balloon Hashing in C#

This hasn't been thoroughly tested and it SHOULD NOT BE USED FOR PRODUCTION.

Balloon hashing is a fairly easy way to turn any cryptographic hash function
primitive into a memory-hard and parallelisable password storage funciton or
key derivation function (KDF).

## find_skewed_cues.py
from pyrekordbox import Rekordbox6Database
from pyrekordbox.db6 import tables
import sqlalchemy
from uuid import uuid4
import datetime

db = Rekordbox6Database(key='this is not actually the key you will need this from somewhere else *ahem*')

query = db.query(tables.DjmdContent)
results = query.all()

## mastodon_reinstate_title_text.user.js
// ==UserScript==
// @name         Mastodon 4.4 - Reinstate title text!
// @namespace    http://tampermonkey.net/
// @version      2025-11-19b
// @description  Restores alt text in the title attribute of images and videos, allowing the alt text to be viewed in a tooltip while hovering with the mouse. See https://github.com/mastodon/mastodon/issues/33799
// @author       Graham Sutherland
// @match        https://chaos.social/*
// @grant        none
// ==/UserScript==

## mastodon_feed_link_reorder.user.js
// ==UserScript==
// @name         Mastodon feed link reordering
// @namespace    http://tampermonkey.net/
// @version      0.1
// @description  Puts the Notifications link immediately after Home, moving Trending and Live Feeds down. Designed for Mastodon v4.4 and later.
// @author       Graham Sutherland
// @match        https://chaos.social/*
// @icon         https://mastodon.social/favicon.ico
// @grant        none
// ==/UserScript==

## HarmonyStubGenerator.cs
public class Target
{
	private void Test1()
	{

	}

	private string Test2()
	{
		return "";

## mastodon_local_link.user.js
// ==UserScript==
// @name         Mastodon Local Post Link
// @namespace    http://tampermonkey.net/
// @version      0.6
// @description  This script identifies links to posts on other Mastodon instances and adds an additional link to open it on the local instance.
// @author       Graham Sutherland
// @match        https://chaos.social/*
// @icon         https://chaos.social/favicon.ico
// @grant        none
// ==/UserScript==

## ClusterFunctionsByFID.java
// Clusters functions by their function ID and applies tags to functions in clusters with a size larger than 1.
//@category FunctionID
//@author Graham Sutherland

import java.io.IOException;
import java.util.*;

import ghidra.app.script.GhidraScript;
import ghidra.feature.fid.hash.FidHashQuad;
import ghidra.feature.fid.plugin.HashLookupListMode;

## forced_alignment_srt.cs
/*
works in LinqPad 5 (.NET Framework)
requires System.Speech.dll to be loaded
*/

string script = @"
This is a test of automatic forced alignment transcription.
When I read these words, the program will automatically follow along and output SRT subtitle entries.
The code also handles situations where two lines in the script are the same.
For example, I can repeat the first line of this script:

## mastodon_unlist_replies.user.js
// ==UserScript==
// @name         Mastodon Unlisted Replies
// @namespace    http://tampermonkey.net/
// @version      0.1
// @description  Sets the privacy of replies to unlisted by default on Mastodon.
// @author       Graham Sutherland (@gsuberland@chaos.social)
// @match        https://chaos.social/* https://mastodon.social/*
// @icon         https://www.google.com/s2/favicons?sz=64&domain=chaos.social
// @grant        none
// @run-at       document-idle
	/*

	An implementation of Balloon Hashing in C#

	This hasn't been thoroughly tested and it SHOULD NOT BE USED FOR PRODUCTION.

	Balloon hashing is a fairly easy way to turn any cryptographic hash function
	primitive into a memory-hard and parallelisable password storage funciton or
	key derivation function (KDF).
	from pyrekordbox import Rekordbox6Database
	from pyrekordbox.db6 import tables
	import sqlalchemy
	from uuid import uuid4
	import datetime

	db = Rekordbox6Database(key='this is not actually the key you will need this from somewhere else ahem')

	query = db.query(tables.DjmdContent)
	results = query.all()
	// ==UserScript==
	// @name Mastodon 4.4 - Reinstate title text!
	// @namespace http://tampermonkey.net/
	// @version 2025-11-19b
	// @description Restores alt text in the title attribute of images and videos, allowing the alt text to be viewed in a tooltip while hovering with the mouse. See https://github.com/mastodon/mastodon/issues/33799
	// @author Graham Sutherland
	// @match https://chaos.social/*
	// @grant none
	// ==/UserScript==
	// ==UserScript==
	// @name Mastodon feed link reordering
	// @namespace http://tampermonkey.net/
	// @version 0.1
	// @description Puts the Notifications link immediately after Home, moving Trending and Live Feeds down. Designed for Mastodon v4.4 and later.
	// @author Graham Sutherland
	// @match https://chaos.social/*
	// @icon https://mastodon.social/favicon.ico
	// @grant none
	// ==/UserScript==
	public class Target
	{
	private void Test1()
	{

	}

	private string Test2()
	{
	return "";
	// ==UserScript==
	// @name Mastodon Local Post Link
	// @namespace http://tampermonkey.net/
	// @version 0.6
	// @description This script identifies links to posts on other Mastodon instances and adds an additional link to open it on the local instance.
	// @author Graham Sutherland
	// @match https://chaos.social/*
	// @icon https://chaos.social/favicon.ico
	// @grant none
	// ==/UserScript==
	// Clusters functions by their function ID and applies tags to functions in clusters with a size larger than 1.
	//@category FunctionID
	//@author Graham Sutherland

	import java.io.IOException;
	import java.util.*;

	import ghidra.app.script.GhidraScript;
	import ghidra.feature.fid.hash.FidHashQuad;
	import ghidra.feature.fid.plugin.HashLookupListMode;
	/*
	works in LinqPad 5 (.NET Framework)
	requires System.Speech.dll to be loaded
	*/

	string script = @"
	This is a test of automatic forced alignment transcription.
	When I read these words, the program will automatically follow along and output SRT subtitle entries.
	The code also handles situations where two lines in the script are the same.
	For example, I can repeat the first line of this script:
	// ==UserScript==
	// @name Mastodon Unlisted Replies
	// @namespace http://tampermonkey.net/
	// @version 0.1
	// @description Sets the privacy of replies to unlisted by default on Mastodon.
	// @author Graham Sutherland (@gsuberland@chaos.social)
	// @match https://chaos.social/* https://mastodon.social/*
	// @icon https://www.google.com/s2/favicons?sz=64&domain=chaos.social
	// @grant none
	// @run-at document-idle