- Web Wormhole https://webwormhole.io/ https://github.com/saljam/webwormhole
- Localsend https://web.localsend.org/
- FilePizza https://file.pizza/
ShareDrop sharedrop.io https://github.com/szimek/sharedrop(SOLD, not recommended, use one of the forks)A clone SnapDrop snapdrop.net https://github.com/RobinLinus/snapdrop(SOLD, not recommended, use one of the forks)- A fork PairDrop https://pairdrop.net/ https://github.com/schlagmichdoch/pairdrop
- ToffeeShare https://toffeeshare.com/
- Instant.io https://instant.io/
jedda
/ ACME-MDA-Example.mobileconfig
Last active
June 19, 2025 21:51
An example of an ACME Certificate Profile & payload (com.apple.security.acme) that can be used on iOS (16 and above) and macOS (14 and above) to request an ACME certificate with Managed Device Attestation from Apple.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>Attest</key> | |
| <true/> | |
| <!-- |
SMUsamaShah
/ list_of_p2p_file_sharing.md
Last active
December 6, 2025 20:50
List of P2P file sharing tools
williamcroberts
/ make_activate.py
Last active
August 4, 2025 12:05
Example for Making and Activating a Credential in tpm2-pytss
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ''' | |
| Setup: | |
| With the simulator running, I built an EK: tpm2 createek -c 0x81010005 -G rsa -u ek.ak_pub | |
| Note this is not the exact template as the EK Spec defines: | |
| - https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p4_r3.pdf | |
| The Unique Buffer field is not 256 bytes of 0's it's just 0 len. | |
| I got the pem file by doing a tpm2 print call: |
StevenACoffman
/ fluent-filebeat-comparison.md
Last active
June 25, 2025 12:00
Fluentd Fluent-bit FileBeat memory and cpu resources
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IMPORTANT! | |
| # This gist has been transformed into a github repo | |
| # You can find the most recent version there: | |
| # https://github.com/Neo23x0/auditd | |
| # ___ ___ __ __ | |
| # / | __ ______/ (_) /_____/ / | |
| # / /| |/ / / / __ / / __/ __ / | |
| # / ___ / /_/ / /_/ / / /_/ /_/ / | |
| # /_/ |_\__,_/\__,_/_/\__/\__,_/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| openssl req -new -text -passout pass:abcd -subj /CN=localhost -out server.req -keyout privkey.pem | |
| openssl rsa -in privkey.pem -passin pass:abcd -out server.key | |
| openssl req -x509 -in server.req -text -key server.key -out server.crt | |
| chmod 600 server.key | |
| test $(uname -s) = Linux && chown 70 server.key | |
| docker run -d --name postgres -e POSTGRES_HOST_AUTH_METHOD=trust -v "$(pwd)/server.crt:/var/lib/postgresql/server.crt:ro" -v "$(pwd)/server.key:/var/lib/postgresql/server.key:ro" postgres:12-alpine -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key |
EdOverflow
/ github_bugbountyhunting.md
Last active
October 24, 2025 09:41
My tips for finding security issues in GitHub projects.
GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.
You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.
$ python githubcloner.py --org organization -o /tmp/output
StevenACoffman
/ _MicroService Proxy Gateway Solutions.md
Last active
July 15, 2024 05:12
Microservice Proxy/Gateway Solutions
Kong, Traefik, Caddy, Linkerd, Fabio, Vulcand, and Netflix Zuul seem to be the most common in microservice proxy/gateway solutions. Kubernetes Ingress is often a simple Ngnix, which is difficult to separate the popularity from other things.
This is just a picture of this link from March 2, 2019
Originally, I had included some other solution
rain-1
/ Wannacrypt0r-FACTSHEET.md
Last active
May 14, 2025 19:15
— forked from Epivalent/Wannacrypt0r-FACTSHEET.md
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comis up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
paragonie-scott
/ jose-security.md
Last active
June 12, 2020 11:32
Suggestions for a Secure JOSE Alternative (or Protocol Upgrade)
Neither JOSE users nor JOSE library designers should be required to understand cryptography primitives. At a lower level, this can lead to badly implemented primitives. On a higher level, this can lead to reasoning by lego.
NewerOlder