If you have ruby installed (how to install ruby):
sudo gem install gistIf you're using Bundler:
LeeBrotherston
/ starship.toml
Created
August 10, 2023 19:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| format = """ | |
| $hostname\ | |
| $username\ | |
| $directory\ | |
| [ ](fg:#769ff0 bg:#394260)\ | |
| ($git_branch$git_status$git_state)\ | |
| [ ](fg:#394260 bg:#888888)\ | |
| $docker_context\ | |
| $golang\ | |
| $custom\ |
LeeBrotherston
/ gist:412b5cd46d29934cd0f265b2292bf447
Created
July 5, 2023 18:30
Make rebase merge fun more palettable for golang 🤣
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat go.mod | grep -Fv '>>>>>>>' | grep -Fv '=======' | grep -Fv '<<<<<<<' > go.mod.tmp && mv go.mod.tmp go.mod && go mod tidy |
LeeBrotherston
/ gist:2c793b8e013d7b6322492982b46b4516
Created
February 25, 2021 18:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| make clean | |
| ./Configure no-ssl2 no-ssl3 no-tls1 no-tls1_1 no-zlib no-comp no-dtls no-dtls1 no-dtlsi1_2 no-psk no-srp no-srtp no-capieng no-cms no-asm no-weak-ssl-ciphers no-dso no-gost no-hw-padlock no-rfc3779 no-ts no-aria no-bf no-blake2 no-camellia no-cast no-cmac no-des no-dsa enable-ec_nistp_64_gcc_128 no-idea no-md4 no-mdc2 no-ocb no-rc2 no-rc4 no-rmd16@ no-scrypt no-seed no-siphash no-sm2 no-sm3 no-sm4 no-whirlpool -02 -fno-strict-aliasing |
LeeBrotherston
/ All the fun links from Lee's IoT talk
Last active
October 6, 2019 16:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - OWASP IoT Top 10 | |
| https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project | |
| - Parker Thompson, Mudge, and Tim Carstens - Ground Truth: 18 vendors, 6000 firmware images, 2.7 million binaries, and a flaw in the Linux/MIPS stack | |
| https://archive.org/download/ShmooCon_2019/ShmooCon2019-Ground%20Truth.mp4 | |
LeeBrotherston
/ version-control-your-bash-rc-file-with-gist.md
Created
February 26, 2018 20:57
— forked from Ashwinning/version-control-your-bash-rc-file-with-gist.md
Version control your `.bashrc` file (or any other file) with Github Gist #gistblog #ubuntu #bash
LeeBrotherston
/ local.rules
Created
June 7, 2017 23:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert ip any any -> any any (msg:"Exercise 1 - OpenSSH"; content:"OpenSSH"; sid:1000001; rev:1;) | |
| alert ip any any -> any any (msg:"Exercise 2 - OpenSSH not HTTP"; content:"OpenSSH"; depth: 15 ; sid:1000002; rev:1;) | |
| alert ip any any -> any any (msg:"Exercise 2 alt - OpenSSH not HTTP"; pcre:"/^SSH\-.*OpenSSH/"; sid:1000003; rev:1;) | |
| alert ip any any -> any any (msg:"Exercise 3 - OpenSSH not HTTP - Server only"; flow:from_server; pcre:"/^SSH\-.*OpenSSH/"; sid:1000003; rev:1;) | |
| alert tcp any any -> any any ( msg:"Tor uplink (tested: 0.2.6.10)"; content: "|16 03 01|"; offset: 0; depth: 3; rawbytes; content: "|01|"; distance: 1; rawbytes; content: "|03 03|"; distance: 3; rawbytes; byte_jump: 1,43,align; content: "|00 30|"; distance: 0; rawbytes; content: "|C0 2B C0 2F C0 0A C0 09 C0 13 C0 14 C0 12 C0 07 C0 11 00 33 00 32 00 45 00 39 00 38 00 88 00 16 00 2F 00 41 00 35 00 84 00 0A 00 05 00 04 00 FF|"; distance: 0; rawbytes; content: "|01 00|"; distance: 0; rawbytes; content: "|00 00|"; rawbytes; distance: 2; |
LeeBrotherston
/ gist:5cca4b372277d7c6a049b26f87544351
Created
July 12, 2016 13:14
PokemonGo TLS Handshake
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Having analysed a sample PCAP of Pokemon Go traffic with FingerPrinTLS, you can see that it does not have a unique TLS fingerprint for detection. However.... | |
| The TLS Fingerprints do show us which libraries are probably used by the application | |
| { "timestamp": "2016-07-12 07:15:31", "event": "fingerprint_match", "ip_version": "ipv4", "ipv4_src": "10.8.0.1", "ipv4_dst": "54.183.13.245", "src_port": 45578, "dst_port": 443, "tls_version": "TLSv1.2", "fingerprint_desc": "Android Webkit Thing", "server_name": "stats.unity3d.com" } | |
| { "timestamp": "2016-07-12 07:15:45", "event": "fingerprint_match", "ip_version": "ipv4", "ipv4_src": "10.8.0.1", "ipv4_dst": "54.241.32.26", "src_port": 32962, "dst_port": 443, "tls_version": "TLSv1.2", "fingerprint_desc": "Android Webkit Thing", "server_name": "appload.ingest.crittercism.com" } | |
| { "timestamp": "2016-07-12 07:15:46", "event": "fingerprint_match", "ip_version": "ipv4", "ipv4_src": "10.8.0.1", "ipv4_dst": "54.241.32.16", "src_port": 47967, "dst_port": 443, "tls_version": " |
LeeBrotherston
/ gist:1a0ae1aedd968af1fce3
Created
March 13, 2016 17:48
Importing a new signature to FingerPrinTLS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1 - Capture the traffic with fingerprintls *or* read a pcap containing the traffic, | |
| assuming current version from git use '-j' to specify a location to save fingerprints | |
| and '-l' for log location: | |
| sudo ./fingerprintls -i en1 -j unknown_fingerprints.json -l log.json | |
| or | |
| sudo ./fingerprintls -p previous_capture.pcap -j unknown_fingerprints.json -l log.json | |
LeeBrotherston
/ gist:92cc2637f33468485b8f
Created
February 21, 2016 05:38
Detect TLS Client Hello in many things using a BPF
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Match TLS Client Hello packets with a BPF: | |
| IPv4 + TCP: (tcp[tcp[12]/16*4]=22 and (tcp[tcp[12]/16*4+5]=1) and (tcp[tcp[12]/16*4+9]=3) and (tcp[tcp[12]/16*4+1]=3)) | |
| IPv6 + TCP: (ip6[(ip6[52]/16*4)+40]=22 and (ip6[(ip6[52]/16*4+5)+40]=1) and (ip6[(ip6[52]/16*4+9)+40]=3) and (ip6[(ip6[52]/16*4+1)+40]=3)) | |
| Teredo | |
| (IPv6 + TCP over IPv4 + UDP): ((udp[14] = 6 and udp[16] = 32 and udp[17] = 1) and ((udp[(udp[60]/16*4)+48]=22) and (udp[(udp[60]/16*4)+53]=1) and (udp[(udp[60]/16*4)+57]=3) and (udp[(udp[60]/16*4)+49]=3))) | |
| 6in4 (IPv6 + TCP over IPv4): (proto 41 and ip[26] = 6 and ip[(ip[72]/16*4)+60]=22 and (ip[(ip[72]/16*4+5)+60]=1) and (ip[(ip[72]/16*4+9)+60]=3) and (ip[(ip[72]/16*4+1)+60]=3) | |
| Complete: (tcp[tcp[12]/16*4]=22 and (tcp[tcp[12]/16*4+5]=1) and (tcp[tcp[12]/16*4+9]=3) and (tcp[tcp[12]/16*4+1]=3)) or (ip6[(ip6[52]/16*4)+40]=22 and (ip6[(ip6[52]/16*4+5)+40]=1) and (ip6[(ip6[52]/16*4+9)+40]=3) and (ip6[(ip6[52]/16*4+1)+40]=3)) or ((udp[14] = 6 and |
LeeBrotherston
/ gist:f5ab566d77e114f85692
Created
September 18, 2015 20:48
Stealthier Attacks and Smarter Defending With TLS Fingerprinting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ever been busted because you attempted to man in the middle software (which does TLS properly) and it | |
| alerted someone to your bad certificate? No more! Want to detect certain types of connections leaving | |
| your network, but can’t keep the IP blacklist up to date? This could be the answer. | |
| This talk includes an introduction to both TLS and man in the middle attacks, a walkthrough on what | |
| TLS fingerprints contain, how to create your own fingerprints, how we use the fingerprints in several | |
| scenarios, and a discussion of implications and pitfalls. | |
| TLS provides transport security to all manner of connections from legitimate financial transactions to | |
| private conversations and malware calling home. The inability to analyse encrypted traffic protects its |
NewerOlder