Skip to content

Instantly share code, notes, and snippets.

View ABB00717's full-sized avatar

abb00717 ABB00717

11 followers · 58 following
View GitHub Profile
@thesamesam
thesamesam / xz-backdoor.md
Last active May 13, 2026 23:14
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@win3zz
win3zz / GitHub-Leaked-API-Keys-and-Secrets.md
Last active May 25, 2026 06:49

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@thanoskoutr
thanoskoutr / squashfs-install.md
Last active March 31, 2026 04:43
Fix sasquatch installation for binwalk

Fix sasquatch installation for binwalk

For anynone that is running the latest version of binwalk (Binwalk v2.3.3) and when trying to extract squshfs filesystems, gets the following error:

WARNING: Extractor.execute failed to run external extractor 'sasquatch -p 1 -le -d 'squashfs-root' '%e'': [Errno 2] No such file or directory: 'sasquatch', 'sasquatch -p 1 -le -d 'squashfs-root' '%e'' might not be installed correctly

it might have to do that the sasquatch project is missing or not working correctly.

Install sasquatch

@luk6xff
luk6xff / ARMonQEMUforDebianUbuntu.md
Last active March 5, 2026 18:40 — forked from bruce30262/ARMDebianUbuntu.md
Emulating ARM with QEMU on Debian/Ubuntu

You might want to read this to get an introduction to armel vs armhf.

If the below is too much, you can try Ubuntu-ARMv7-Qemu but note it contains non-free blobs.

Running ARM programs under linux (without starting QEMU VM!)

First, cross-compile user programs with GCC-ARM toolchain. Then install qemu-arm-static so that you can run ARM executables directly on linux

If there's no qemu-arm-static in the package list, install qemu-user-static instead

@shicky
shicky / ld_preload_hook.c
Last active November 5, 2025 12:38
LD_PRELOAD linux function hook example
# helloworld.c
# gcc helloworld.c -o helloworld
#include <stdio.h>
#include <unistd.h>
int main() {
puts("Hello world!\n");
return 0;
}