Things.
This commit is contained in:
parent
a86a3b2a43
commit
b6d74f42cd
|
@ -0,0 +1,173 @@
|
|||
---
|
||||
Title: Reversing coffee machine key
|
||||
Date: 2021-05-07 12:12:55
|
||||
---
|
||||
|
||||
|
||||
At $DAYJOB, a long time ago, we had big a coffee machine allowing us
|
||||
to store money in NFC keys. NFC keys were Mifare 1K ones, so they had
|
||||
a security hole (Search mfoc), so I tried reverse engineering them,
|
||||
you know, free coffee…
|
||||
|
||||
Before starting you can [download key
|
||||
dumps](https://mdk.fr/x/keys.tar.bz2) to follow along with me.
|
||||
|
||||
I will not paste all dumps in this page, (1k dumps are big in hexadecimal on a
|
||||
blog post) but I dumped a few keys with a few different values, and
|
||||
I'll post the diffs between dumps.
|
||||
|
||||
I got two keys, and two dumps per key. First key from 9.2€ to
|
||||
8.35€. Second key from 0€ to 0.10€
|
||||
|
||||
Diff of the first key (Between a dump of 9.2€ and a dump of 8.35€):
|
||||
|
||||
```diff
|
||||
< 2 060 b491 7e19 0000 0000 0000 0000 1801 003f 100 R:AB W:-B I:-- DTR:-- r/w block
|
||||
---
|
||||
> 2 060 82bb 261a 0000 0000 0000 0000 1c01 0020 100 R:AB W:-B I:-- DTR:-- r/w block
|
||||
26,27c26,27
|
||||
< 0 080 9803 0000 67fc ffff 9803 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
|
||||
< 1 090 c503 0000 3afc ffff c503 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
|
||||
---
|
||||
> 0 080 4303 0000 bcfc ffff 4303 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
|
||||
> 1 090 7003 0000 8ffc ffff 7003 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
|
||||
```
|
||||
|
||||
Diff of the second key (Between a dump of 0€ and a dump of 0.10€):
|
||||
|
||||
```diff
|
||||
< 2 060 daa0 9019 0000 0000 0000 0000 2200 0098 100 R:AB W:-B I:-- DTR:-- r/w block
|
||||
---
|
||||
> 2 060 2eaf 261a 0000 0000 0000 0000 2300 00d2 100 R:AB W:-B I:-- DTR:-- r/w block
|
||||
26,27c26,27
|
||||
< 0 080 0000 0000 ffff ffff 0000 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
|
||||
< 1 090 2d00 0000 d2ff ffff 2d00 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
|
||||
---
|
||||
> 0 080 0a00 0000 f5ff ffff 0a00 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
|
||||
> 1 090 0000 0000 ffff ffff 0000 0000 09f6 09f6 110 R:AB W:-B I:-B DTR:AB r/w block
|
||||
```
|
||||
|
||||
To start let's focus on the two-lines diff, at adresses `0x080` and `0x090`.
|
||||
|
||||
When I reverse engineer I like to loop between "presentation" (put an
|
||||
effort to make the data readable) and "understanding" (get an
|
||||
information from the data), so my first step, is to render this in a
|
||||
clean way. I had an intuition for a one's complement (as I spotted
|
||||
`ffff` / `0000`, what an intuition...), so I wanted to see binary
|
||||
data. I also dropped columns of data that were identical between two
|
||||
dumps:
|
||||
|
||||
```text
|
||||
9.2 : 9803 0000 67fc c503 0000 3afc | 10011000.00000011 ... 01100111.11111100 11000101.00000011 ... 00111010.11111100
|
||||
8.3 : 4303 0000 bcfc 7003 0000 8ffc | 01000011.00000011 ... 10111100.11111100 01110000.00000011 ... 10001111.11111100
|
||||
0.1 : 0a00 0000 f5ff 0000 0000 ffff | 00001010.00000000 ... 11110101.11111111 00000000.00000000 ... 11111111.11111111
|
||||
0.0 : 0000 0000 ffff 2d00 0000 d2ff | 00000000.00000000 ... 11111111.11111111 00101101.00000000 ... 11010010.11111111
|
||||
```
|
||||
|
||||
So, my first intuition was true: the data is stored twice, the 2nd one
|
||||
is the one's complement of the first. So half of the data is useless
|
||||
for me, I can drop it from my representation.
|
||||
|
||||
Follow a simplified presentation witout duplicate (complemented) data:
|
||||
|
||||
```text
|
||||
9.2 : 9803 c503 10011000.00000011 11000101.00000011 0398 -> 920 | 03c5 -> 965
|
||||
8.3 : 4303 7003 01000011.00000011 01110000.00000011 0343 -> 835 | 0370 -> 880
|
||||
0.1 : 0a00 0000 00001010.00000000 00000000.00000000 000A -> 10 | 0000 -> 0
|
||||
0.0 : 0000 2d00 00000000.00000000 00101101.00000000 0000 -> 0 | 002d -> 45
|
||||
```
|
||||
|
||||
At this point I see `0a00` on the `0.10€` key, as `0a(16)` is
|
||||
`10(10)`, `0a00` is `10` in big endian... money may be stored here…
|
||||
in big endian in 1/100 of euros. Let's test with `9803(16be)`, gives
|
||||
`920(10)` that give `9.20€`, yes!! Free coffee not far away!
|
||||
|
||||
This is the big part of the dump, the remaining part (top one) seems
|
||||
to store metadata but is not reversed yet.
|
||||
|
||||
Follow two tables, for the two keys, showing old_value -> new_value,
|
||||
with, for each value, its binay representation and its base 10
|
||||
representation as if value is stored in big endian.
|
||||
|
||||
In the following table, 16be mean "From base 16 big endian to
|
||||
decimal", 16le for little endian.
|
||||
|
||||
```text
|
||||
9.2 -> 8.35
|
||||
Value: As binary 16be 16le Value: As binary 16be 16le
|
||||
DAA0 : 11011010.10100000 41178 55968 -> 2EAF : 00101110.10101111 44846 11951 date ?
|
||||
9019 : 10010000.00011001 6544 36889 -> 261A : 00100110.00011010 6694 9754
|
||||
2200 : 00100010.00000000 34 8704 -> 2300 : 00100011.00000000 35 8960 count ?
|
||||
0098 : 00000000.10011000 38912 152 -> 00D2 : 00000000.11010010 53760 210
|
||||
```
|
||||
|
||||
```text
|
||||
0.0 -> 0.1
|
||||
Value: As binary 16be 16le Value: As binary 16be 16le
|
||||
B491 : 10110100.10010001 37300 46225 -> 82BB : 10000010.10111011 48002 d33467 date ?
|
||||
7E19 : 01111110.00011001 6526 32281 -> 261A : 00100110.00011010 6694 9754
|
||||
1801 : 00011000.00000001 280 6145 -> 1C01 : 00011100.00000001 284 7169 count ?
|
||||
003F : 00000000.00111111 16128 63 -> 0020 : 00000000.00100000 8192 32
|
||||
```
|
||||
|
||||
Non reversed data:
|
||||
|
||||
```text
|
||||
mandark@blanc$ grep 00000060 *.dmp.hex | column -t
|
||||
step1-0.dmp.hex:00000060 da a0 90 19 00 00 00 00 00 00 00 00 22 00 00 98 |............"...|
|
||||
step2-0.1.dmp.hex:00000060 2e af 26 1a 00 00 00 00 00 00 00 00 23 00 00 d2 |..&.........#...|
|
||||
step3-0.2.dmp.hex:00000060 53 1a 51 1a 00 00 00 00 00 00 00 00 24 00 00 98 |S.Q.........$...|
|
||||
```
|
||||
|
||||
```text
|
||||
mandark@blanc$ grep 00000060 *.dmp.hex | column -t
|
||||
step1-9.2.dmp.hex:00000060 b4 91 7e 19 00 00 00 00 00 00 00 00 18 01 00 3f |..~............?|
|
||||
step2-8.35.dmp.hex:00000060 82 bb 26 1a 00 00 00 00 00 00 00 00 1c 01 00 20 |..&............ |
|
||||
step3-3.9.dmp.hex:00000060 c7 9a 59 1a 00 00 00 00 00 00 00 00 2a 01 00 91 |..Y.........*...|
|
||||
```
|
||||
|
||||
Clearly `0022 0023 0024`, and `0118 011C 012A` are juste counters. I only
|
||||
add 10 cents on the key1 between each dumps, but I drink some coffee
|
||||
between each dumps on key2, so it's normal values. I now know I drank
|
||||
18 coffees between first and last dump!
|
||||
|
||||
```text
|
||||
-----------------------------------------------------------------------------------
|
||||
|money | counter | Last byte ? | First long, kind of timestamp |
|
||||
|---------------------------------------------------------------------------------|
|
||||
|euro | hex dec | hex dec bin | hex little endian dec |
|
||||
|---------------------------------------------------------------------------------|
|
||||
|0 | 22 00 34 | 98 152 10011000 | da a0 90 19 19 90 a0 da 428908762 |
|
||||
|0.1 | 23 00 35 | D2 210 11010010 | 2e af 26 1a 1a 26 af 2e 438742830 |
|
||||
|0.2 | 24 00 36 | 98 152 10011000 | 53 1a 51 1a 1a 51 1a 53 441522771 |
|
||||
|---------------------------------------------------------------------------------|
|
||||
|9.2 | 18 01 280 | 3F 63 00111111 | b4 91 7e 19 19 7e 91 b4 427725236 |
|
||||
|8.35 | 1C 01 284 | 20 32 00100000 | 82 bb 26 1a 1a 26 bb 82 438745986 |
|
||||
|3.9 | 2A 01 298 | 91 145 10010001 | c7 9a 59 1a 1a 59 9a c7 442079943 |
|
||||
-----------------------------------------------------------------------------------
|
||||
```
|
||||
|
||||
First long seems to be a kind of timestamp, but it's not a unix
|
||||
timestamp. It seems to count seconds, but I don't know the start
|
||||
point. Start point may be random ^-^
|
||||
|
||||
|
||||
About last byte, I tried some crc's (namely crc-8, crc-8-darc,
|
||||
crc-8-i-code, crc-8-itu, crc-8-maxim, crc-8-rohc, crc-8-wcdma, crc-16,
|
||||
crc-16-buypass, crc-16-dds-110, crc-16-dect, crc-16-dnp,
|
||||
crc-16-en-13757, crc-16-genibus, crc-16-maxim, crc-16-mcrf4xx,
|
||||
crc-16-riello, crc-16-t10-dif, crc-16-teledisk, crc-16-usb, x-25,
|
||||
xmodem, modbus, kermit, crc-ccitt-false, crc-aug-ccitt, crc-24,
|
||||
crc-24-flexray-a, crc-24-flexray-b, crc-32, crc-32-bzip2, crc-32c,
|
||||
crc-32d, crc-32-mpeg, posix, crc-32q, jamcrc, xfer, crc-64, crc-64-we,
|
||||
crc-64-jones)
|
||||
|
||||
I tried with last byte set to any possible value and I '% 255'ed
|
||||
results, also tried without last byte, so I got a lot of false
|
||||
positive matches, for example, for step1-0.dmp.hex:00000060, I have 39
|
||||
possibilities yielding to 98, but I found NO possibility working with
|
||||
the same params for two different dumps.
|
||||
|
||||
We may try to compute more value in CRC's, for example whole block, I
|
||||
just tried to CRC a single line (16 bytes), but I stopped my research
|
||||
here and get back to work.
|
|
@ -0,0 +1,294 @@
|
|||
Title: Bookmarks
|
||||
Date: 2021-05-05 15:21:00
|
||||
|
||||
|
||||
# HTTP
|
||||
|
||||
- 📊 [Proxy networks and data collection tools](https://brightdata.com/)
|
||||
- 📑 [Cours HTTP au CNAM de Stephane Bortzmeyer](https://www.bortzmeyer.org/cours-http-cnam.html)
|
||||
- 📑 [RFC 7231: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content](https://tools.ietf.org/html/rfc7231)
|
||||
|
||||
|
||||
## Microservice
|
||||
|
||||
- 📑 [Twelve Patterns for Hypermedia Microservices](https://www.infoq.com/presentations/12-patterns-api-microservices/)
|
||||
- 📑 [Microservices in a Post-Kubernetes Era](https://www.infoq.com/articles/microservices-post-kubernetes)
|
||||
- 📑 [How to choose a database for your microservices](https://www.infoworld.com/article/3236291/database/how-to-choose-a-database-for-your-microservices.amp.html)
|
||||
|
||||
|
||||
## APIs
|
||||
|
||||
- 📊 [Public APIs: A Collection of Public and Free APIs for Development](https://public-apis.xyz/)
|
||||
- 📚 [Mike Amoundsen blog](http://amundsen.com/blog/)
|
||||
- 🔧 [Agnostic Github client API — An EDSL for connecting to REST servers](https://github.com/mozilla/agithub)
|
||||
- 📑 [APIs You Won't Hate — A community that cares about API design and development](https://apisyouwonthate.com/)
|
||||
- 📑 [A Web API ecosystem through feature-based reuse](https://ruben.verborgh.org/articles/web-api-ecosystem/)
|
||||
- 📑 [The Structure of Information Networks — Computer Science 685 — Cornell University — Fall 2007](https://www.cs.cornell.edu/courses/cs685/2007fa/)
|
||||
- 📑 [Mechanisms for obtaining information about the meaning of a given URI](https://www.w3.org/2001/tag/group/track/issues/57)
|
||||
- 📑 [Python API Checklist](http://python.apichecklist.com/)
|
||||
- 📑 [Open Data Protocol (OData)](https://fr.wikipedia.org/wiki/Open_Data_Protocol)
|
||||
- 📑 [API Evangelist is about making sense of the world of application programming interfaces](https://apievangelist.com/)
|
||||
|
||||
|
||||
### REST
|
||||
|
||||
- 📚 [Roy T. Fielding's blog](https://roy.gbiv.com/untangled/)
|
||||
- 📑 [It is okay to use POST — Roy T. Fielding](https://roy.gbiv.com/untangled/2009/it-is-okay-to-use-post)
|
||||
- 📑 [Misunderstanding REST](https://hanselminutes.com/236/misunderstanding-rest-with-mike-amundsen)
|
||||
- 📑 [Using Web Sequence Diagrams with your APIs](http://amundsen.com/talks/2018-09-restfest/index.html)
|
||||
- 📑 [Twelve Patterns for Evolvable APIs Revisited](http://amundsen.com/talks/2017-12-yow/index.html)
|
||||
- 📑 [Some thoughts on resources, information resources and representations](https://www.w3.org/2001/tag/2008/02/RepresentationResources.html)
|
||||
- 📑 [REST without the hypertext constraint is like pipe-and-filter without the pipes](http://roy.gbiv.com/untangled/2008/on-software-architecture#more-10)
|
||||
- 📑 [resources are just consistent mappings from an identifier to some set of views on server-side state.](http://roy.gbiv.com/untangled/2008/paper-tigers-and-hidden-dragons)
|
||||
- 📑 [A REST API must not define fixed resource names or hierarchies](http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven)
|
||||
- 📑 [principled design of the modern web architecture — Roy T. Fielding](http://dl.acm.org/citation.cfm?doid=3106237.3121282)
|
||||
|
||||
|
||||
### GraphQL
|
||||
|
||||
- 🔧 [GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration)](https://github.com/graphql/graphql-playground)
|
||||
- 🔧 [django-restql: Turn your API made with Django REST Framework(DRF) into a GraphQL like API.](https://github.com/yezyilomo/django-restql)
|
||||
- 🔧 [GraphQL Doctor: Prevent Breaking Changes in a GraphQL API with GitHub Checks](https://github.com/cap-collectif/graphql-doctor)
|
||||
- 📑 [GitHub GraphQL API](https://docs.github.com/en/graphql)
|
||||
- 🔧 [Graphene: GraphQL in Python Made Easy](https://graphene-python.org/)
|
||||
- 📑 [Representing State in REST and GraphQL](https://philsturgeon.uk/api/2017/06/19/representing-state-in-rest-and-graphql/)
|
||||
|
||||
|
||||
|
||||
# Traduction
|
||||
|
||||
- 📑 [Entretiens autour de la traduction collaborative](https://bzg.fr/entretiens-autour-de-la-traduction-collaborative.html/)
|
||||
- 📑 [Orthotypographie, de Jean-Pierre Lacroux (Lexique des règles typographiques françaises)](http://www.orthotypographie.fr/volume-I/academie-accentuation.html)
|
||||
- 📑 [L'association Traduc.org](https://traduc.org)
|
||||
- 📑 [Recommandations pour la traduction de documents techniques Red Hat de en_US -> fr_FR](https://fedoraproject.org/w/uploads/c/c1/Guide_stylistique_de_traduction_EN-FR_24NOV14.pdf)
|
||||
- 📘 [Petites leçons de typographie — Jacques André](http://jacques-andre.fr/faqtypo/lessons.pdf)
|
||||
- 🔧 [Deepl](https://www.deepl.com)
|
||||
- 🔧 [Gramalecte](https://fr.m.wikipedia.org/wiki/Grammalecte)
|
||||
|
||||
|
||||
# Cybersecurity
|
||||
|
||||
- 🔧 [Temporary email address redirection](jetable.org)
|
||||
- 🔧 [fsociety — A Modular Penetration Testing Framework](https://github.com/fsociety-team/fsociety)
|
||||
- 📚 [hackingthe.cloud — Knowledge about cloud, enumeration, exploitation, avoid detection, AWS, azure, GCP...](https://hackingthe.cloud/aws/)
|
||||
|
||||
|
||||
## Cryptography
|
||||
|
||||
- 🔧 [Detect and decode encoded strings, recursively.](https://github.com/UltimateHackers/Decodify)
|
||||
- 🔧 [Quipqiup: A fast and automated cryptogram solver](https://quipqiup.com/)
|
||||
- 🔧 [lantern — Cryptanalysis library for breaking classical ciphers](https://github.com/CameronLonsdale/lantern)
|
||||
- 🔧 [hashID — Hash Identifier](http://psypanda.github.io/hashID/)
|
||||
- 🔧 [Ciphey — Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes](https://github.com/Ciphey/Ciphey)
|
||||
|
||||
|
||||
## Writeups
|
||||
|
||||
- 📚 [CTF solutions from p4 team](https://github.com/p4-team/ctf)
|
||||
- 📚 [TeamRocketIST CTF Team](https://teamrocketist.github.io/)
|
||||
- 📚 [sigterm.ch](https://sigterm.ch/2018/01/01/hackvent-2017-write-up/)
|
||||
|
||||
|
||||
## Podcasts
|
||||
|
||||
- [Hacking Humans](https://thecyberwire.com/podcasts/hacking-humans)
|
||||
- [Tiger Team 24K Heist](https://www.youtube.com/watch?v=pJIlcd6-E70)
|
||||
- [Darknet Diaries](https://darknetdiaries.com/)
|
||||
- [Malicious Life](https://malicious.life/)
|
||||
- [NoLimitSecu](https://www.nolimitsecu.fr/)
|
||||
|
||||
|
||||
## OSINT
|
||||
|
||||
- 🧰 [OSINT4ALL](https://start.me/p/L1rEYQ/osint4all)
|
||||
- 🔧 [FinalRecon — An automatic web reconnaissance tool written in Python](https://github.com/thewhiteh4t/FinalRecon/)
|
||||
- 📊 [shodan](www.shodan.io), [censys](censys.io), [netcraft](sitereport.netcraft.com)
|
||||
|
||||
|
||||
### Certificate transparency search engines
|
||||
|
||||
- [crt.sh](https://crt.sh/)
|
||||
- [censys.io](https://censys.io/)
|
||||
- [Facebook CT](https://developers.facebook.com/tools/ct/)
|
||||
- [Google CT](https://google.com/transparencyreport/https/ct/)
|
||||
|
||||
Or from command line with a postgresql client:
|
||||
|
||||
psql -h crt.sh -p 5432 -U guest certwatch
|
||||
|
||||
|
||||
## SDR
|
||||
|
||||
- 🔧 [Spectrum analyzer for multiple SDR platforms, capable de balayer et d'aggréger des fréquence](https://github.com/xmikos/qspectrumanalyzer/)
|
||||
|
||||
|
||||
## Pentesting
|
||||
|
||||
- [Exploit DB](https://www.exploit-db.com/search/)
|
||||
- [CVE Details](https://cvedetails.com)
|
||||
- [OpenCVE](https://www.opencve.io/)
|
||||
- 🧰 [Pentesting tools](https://prune2000.github.io/tools/pentest/)
|
||||
- 🧰 [Citadel — Collection of pentesting scripts](https://github.com/wintrmvte/Citadel)
|
||||
- 📑 [Web Application Penetration Testing Notes](https://techvomit.net/web-application-penetration-testing-notes/)
|
||||
- [PentesterLab exercises](https://www.pentesterlab.com/)
|
||||
- 🔧 [nmap NSE script based on Vulners.com API](https://github.com/vulnersCom/nmap-vulners)
|
||||
- 🔧 [sqlmap](https://pypi.python.org/pypi/sqlmap)
|
||||
- 🔧 [nosqlmap](https://github.com/codingo/nosqlmap)
|
||||
- 📑 [nmap modules](https://twitter.com/bonsaiviking/status/950772687655309313?s=09)
|
||||
- 📑 [OWASP Testing Guide](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20testing%20guide%20v2.pdf)
|
||||
- [Vulners — Vulnerability Assessment Platform](https://vulners.com/landing)
|
||||
- [Awesome-Hacking — A collection of awesome lists for hackers, pentesters & security researchers](https://github.com/misterch0c/Awesome-Hacking)
|
||||
- 🎮 [root-me.org](https://www.root-me.org)
|
||||
- 🎮 [ringzer0team challenges](https://ringzer0team.com/challenges)
|
||||
- 🎮 [pentesterlab](https://pentesterlab.com/exercises)
|
||||
- 🎮 [zenk-security](https://www.zenk-security.com/)
|
||||
- 🎮 [France Cybersecurity Challenge](https://www.france-cybersecurity-challenge.fr/challenges)
|
||||
|
||||
|
||||
## Misc
|
||||
|
||||
- 🔧 [PDF Tools](https://blog.didierstevens.com/programs/pdf-tools/)
|
||||
- 📘 [Security books](https://opsecx.com/index.php/security-books/)
|
||||
- 📚 [Linux Security Tools](https://linuxsecurity.expert/tools/)
|
||||
- 📚 [Reddit hacking Wiki (podcasts, osint, scanning, cracking, sqli, awesome, red team, phishing)](https://old.reddit.com/r/hacking/wiki/index)
|
||||
- 📚 [PortSwigger blog](https://portswigger.net/research)
|
||||
- 📑 [Hacking Tools Cheat Sheet](https://i.redd.it/fviaw8s43q851.jpg)
|
||||
- 🔧 [ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.](https://github.com/michelin/ChopChop)
|
||||
- 📑 [The history of Lets'Encrypt](https://blog.acolyer.org/2020/02/12/lets-encrypt-an-automated-certificate-authority-to-encrypt-the-entire-web/)
|
||||
- 📼 [Root KSK ceremony](https://www.youtube.com/watch?v=erfsFJsapAs)
|
||||
- 📚 [Network Cheat Sheets (BGP, EIGRP, IPsec, ...)](https://packetlife.net/library/cheat-sheets/)
|
||||
- 📑 [nmap cheat sheet](https://docs.google.com/document/d/1ekOUND30jr4RmD-QzL5XQUPPoZkbQwJgvuZ7BwlicIE/mobilebasic)
|
||||
- 📑 [BeEF - The Browser Exploitation Framework Project](https://beefproject.com/)
|
||||
- 📚 [Password lists](https://github.com/lavalamp-/password-lists.git)
|
||||
- 📑 [List of the most common french passwords](https://github.com/tarraschk/richelieu)
|
||||
- 📚 [SecLists — List of usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.](https://github.com/danielmiessler/SecLists.git)
|
||||
- 📼 [MOOC de l'ANSSI](https://secnumacademie.gouv.fr/)
|
||||
- 📘 [This page lists books that I have found to be highly relevant and useful for learning topics within computer security, digital forensics, incident response, malware analysis, and reverse engineering](http://dfir.org/?q=node/8)
|
||||
- 📑 [Five Minute Guide to Software Security](https://oneupsecurity.com/research/five-minute-guide-to-software-security)
|
||||
- 🔧 [Search numbers in a database of 290,695,246 primes and 2,050,312,768 known compisite numbers with known factors](http://factordb.com/)
|
||||
- 📚 [Collection of articles](http://rafale.org/)
|
||||
- 📚 [Collection of links](http://www.wawaseb.com/lutile/wsl212.php)
|
||||
- 🎮 [learn about common mistakes and gotchas when using Amazon Web Services](http://flaws.cloud/)
|
||||
- [Yes We Hack — bug bounty](https://www.yeswehack.com)
|
||||
- 🎮 [IRC Puzzles](https://blog.ircpuzzles.org/)
|
||||
- 📑 [Référentiel général de sécurité](https://www.ssi.gouv.fr/entreprise/reglementation/confiance-numerique/le-referentiel-general-de-securite-rgs/)
|
||||
- 📑 [Livre Blanc sur la Défense et la Sécurité Nationale](http://www.defense.gouv.fr/content/download/206186/2286591/Livre-blanc-sur-la-Defense-et-la-Securite-nationale%202013.pdf)
|
||||
- 📑 [haveibeenpwned.com pwned our helpdesk!](https://fyr.io/2020/05/30/haveibeenpwned-com-pwned-our-helpdesk-glpi-9-4-5-sql-injection/)
|
||||
- 🔧 [JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript.](http://www.jsfuck.com/)
|
||||
- 🔧 [Inject javascript into a PDF file](https://github.com/cornerpirate/JS2PDFInjector)
|
||||
- 📑 [ANSSI](https://www.ssi.gouv.fr/)
|
||||
- 📑 [Zero trust security model](https://en.wikipedia.org/wiki/Zero_Trust_Networks)
|
||||
- 📑 [Auditing Algorithms](https://auditingalgorithms.science/)
|
||||
|
||||
|
||||
# Misc
|
||||
|
||||
- 📑 [Degoogling my phone](https://piware.de/post/2018-05-01-android-degoogle/)
|
||||
- 🔧 [diagram flowchart slides tree graphviz neato dot](https://mermaidjs.github.io/)
|
||||
- 📑 [Carte du Métro Parisien](http://carto.metro.free.fr/cartes/metro-paris/)
|
||||
- 📑 [GDPR](https://techblog.bozho.net/gdpr-practical-guide-developers/)
|
||||
- 📼 [PyData 2015](http://2015.pydata.fr/slides-videos.html)
|
||||
- 📼 [PyData Paris 2016](https://www.youtube.com/playlist?list=PLzjFI0G5nSsorlRk51ARRRCY5K2HiATuS)
|
||||
- 📑 [Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks](https://www.sec.cs.tu-bs.de/pubs/2017-asiaccs.pdf)
|
||||
- 📑 [The Web began dying in 2014, here's how](https://staltz.com/the-web-began-dying-in-2014-heres-how.html)
|
||||
- 📑 [pi-top — Raspberry Pi made simple, robust and modular](https://pi-top.com/)
|
||||
|
||||
|
||||
# Math
|
||||
|
||||
- 📘 [No Bullshit Linear Algebra](https://minireference.com/blog/no-bullshit-linear-algebra-v2-release)
|
||||
- 📑 [Coffin problems](https://galileofeynman.blogspot.com/2012/11/the-jewish-coffin-problems-of-moscow.html?m=1)
|
||||
|
||||
# Unix
|
||||
|
||||
- 📑 [30 interesting commands for the Linux shell](https://www.lopezferrando.com/30-interesting-shell-commands/)
|
||||
- 📑 [Things Every Hacker Once Knew](http://www.catb.org/esr/faqs/things-every-hacker-once-knew/)
|
||||
- 📑 [Linux Perf writer blog](http://www.brendangregg.com/perf.html)
|
||||
|
||||
|
||||
# Programming
|
||||
|
||||
- 📘 [What are reddit's favorite books to learn about programming?](https://redditfavorites.com/books/programming/)
|
||||
- 🔧 [Find interesting unanswered question on stackoverflow](https://data.stackexchange.com/stackoverflow/query/4038/find-interesting-unanswered-questions)
|
||||
- 🔧 [AdminLTE — Bootstrap admin dashboard template](https://adminlte.io/) used by PiHole and [hermes](https://github.com/Ousret/hermes)
|
||||
- 📑 [Floating point arithmetic rounding errors in various languages](https://0.30000000000000004.com/)
|
||||
- 📚 [A gallery of Voilà dashboards [jupyter][binder]](https://voila-gallery.org)
|
||||
- 📑 [Learning git: Locations, Remotes, and GitHub](https://www.willingconsulting.com/post/2019-07-01-locations-and-git/)
|
||||
- 📚 [Learn X in Y minutes](https://learnxinyminutes.com/)
|
||||
- 📼 [Video Lectures — MIT](https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-001-structure-and-interpretation-of-computer-programs-spring-2005/video-lectures/)
|
||||
- 📚 [600 free courses](https://qz.com/1120344/200-universities-just-launched-600-free-online-courses-heres-the-full-list/)
|
||||
|
||||
|
||||
## Make
|
||||
|
||||
- 📑 [Your Makefiles are wrong](https://tech.davis-hansson.com/p/make/)
|
||||
|
||||
|
||||
## Python
|
||||
|
||||
- 🔧 [Unit testing Jupyter Notebooks](https://github.com/nteract/testbook)
|
||||
- 📑 [Why do numbering should start at 0](https://www.cs.utexas.edu/~EWD/transcriptions/EWD08xx/EWD831.html )
|
||||
- 📑 [Instructor notes for COMP 3321](https://nsa.sfo2.digitaloceanspaces.com/comp3321.pdf)
|
||||
- 🔧 [Scalene — Python profiling: memory and CPU](https://github.com/emeryberger/scalene)
|
||||
- 🔧 [Sampling profiler for Python programs](https://github.com/benfred/py-spy)
|
||||
- 📑 [WTF Python](https://github.com/satwikkansal/wtfpython)
|
||||
- 📚 [All Algorithms implemented in Python](https://github.com/TheAlgorithms/Python)
|
||||
- 📑 [Your Guide to the CPython Source Code](https://realpython.com/cpython-source-code-guide/)
|
||||
- 📑 [Scipy Workshop](https://github.com/Andrewnetwork/WorkshopScipy)
|
||||
- 📚 [comp.lang.python](https://groups.google.com/forum/#!forum/comp.lang.python)
|
||||
- 🔧 [FastAPI framework, high performance, easy to learn, fast to code, ready for production](https://github.com/tiangolo/fastapi)
|
||||
- 🔧 [Nuitka is a Python compiler written in Python](https://nuitka.net/)
|
||||
- 🔧 [Pex — Python EXecutable](https://pex.readthedocs.io/)
|
||||
|
||||
|
||||
### Data Science
|
||||
|
||||
- 📚 [Data Science Cheat Sheets](https://www.datacamp.com/community/data-science-cheatsheets)
|
||||
- 📚 [Top 28 Cheat Sheets for Machine Learning, Data Science, Probability, SQL & Big Data](https://www.analyticsvidhya.com/blog/2017/02/top-28-cheat-sheets-for-machine-learning-data-science-probability-sql-big-data/)
|
||||
- 📚 [Collecting Data Science Cheat Sheets](https://towardsdatascience.com/collecting-data-science-cheat-sheets-d2cdff092855)
|
||||
- 🔧 [A Flexible And Efficient Library For Deep Learning](https://mxnet.apache.org)
|
||||
- 🔧 [Keras: the Python deep learning API](https://keras.io)
|
||||
|
||||
|
||||
## GIT
|
||||
|
||||
- [The history of git](https://www.welcometothejungle.com/en/articles/btc-history-git)
|
||||
- [Git tips and tricks](https://about.gitlab.com/2016/12/08/git-tips-and-tricks/)
|
||||
|
||||
|
||||
## Infra
|
||||
|
||||
- https://root-servers.org/
|
||||
- https://www.ansible.com/ansible-best-practices-2017
|
||||
- https://opensourceinfra.org/
|
||||
- [SDF Public Access UNIX System .. Est. 1987](https://sdf.org)
|
||||
|
||||
|
||||
# Music
|
||||
|
||||
- [Chopin free recordings](https://musopen.org/music/108-nocturnes-op-9/#recordings)
|
||||
|
||||
|
||||
# My Google Dorks
|
||||
|
||||
- "tous les livres" "ajouts récents" "index alphabétique"
|
||||
- "bibliothèque gérée par calibre"
|
||||
|
||||
|
||||
- https://zestedesavoir.com/articles/1079/les-secrets-dun-code-pythonique/
|
||||
- Kubernetes slides https://gitlab.com/PyBootCamp/k8s-101-python-developers
|
||||
- Meta linter : prospector
|
||||
- check-manifest : valide que tous les fichiers définis dans git sont soit explicitement inclus soit explicitement exclus du Manifest.
|
||||
- Linter de paquets Python : pyroma
|
||||
- https://github.com/falconry/falcon Web, Framework
|
||||
- Jupyter dashboard: dash (https://dash.plot.ly/) and voila (pypi.org/p/voila)
|
||||
- https://www.teachingpython.fm/
|
||||
- GEF - GDB Enhanced Features for exploit devs & reversers https://github.com/hugsy/gef/blob/dev/README.md
|
||||
- https://tutorial.octomachinery.dev/en/latest/
|
||||
- https://linuxfr.org/users/omc/journaux/document-de-cours-python-for-science
|
||||
- https://www.roguelynn.com/words/asyncio-we-did-it-wrong/
|
||||
- Django Classy Class Based Views http://ccbv.co.uk/, et pour DRF : http://www.cdrf.co/
|
||||
- https://igordavydenko.com/talks/de-pycon-2018/
|
||||
- watchghost: Projet de Arthur de l'Afpy
|
||||
- testinfra: Pour tester Ansible
|
||||
- [setup.py vs requirements.txt](https://caremad.io/posts/2013/07/setup-vs-requirement/)
|
|
@ -0,0 +1,33 @@
|
|||
Title: GPG
|
||||
Date: 2021-04-27 21:26:00
|
||||
|
||||
# My GPG keys
|
||||
|
||||
## Current key
|
||||
|
||||
My GPG key fingerprint, since 2021-04-22 is `8AFAA8C574C3E9804BB4337546EBCD72F08E6717`:
|
||||
|
||||
- on [keys.openpgp.org](https://keys.openpgp.org/search?q=8AFAA8C574C3E9804BB4337546EBCD72F08E6717)
|
||||
- on [mdk.fr](https://mdk.fr/8AFAA8C574C3E9804BB4337546EBCD72F08E6717.pub)
|
||||
|
||||
It can be imported using:
|
||||
|
||||
gpg --keyserver hkps://keys.openpgp.org --recv-keys 8AFAA8C574C3E9804BB4337546EBCD72F08E6717
|
||||
|
||||
Or with signatures (as keys.openpgp.org don't store them) using:
|
||||
|
||||
curl https://mdk.fr/8AFAA8C574C3E9804BB4337546EBCD72F08E6717.pub | gpg --import -
|
||||
|
||||
|
||||
## Previous key
|
||||
|
||||
My previous, revoked, GPG key was `4FA496041B0B1983E504CE30B4696EEC921B800C`:
|
||||
|
||||
- on [keys.openpgp.org](https://keys.openpgp.org/search?q=4FA496041B0B1983E504CE30B4696EEC921B800C)
|
||||
- on [mdk.fr](https://mdk.fr/4FA496041B0B1983E504CE30B4696EEC921B800C.pub)
|
||||
|
||||
It can be imported using:
|
||||
|
||||
curl https://mdk.fr/4FA496041B0B1983E504CE30B4696EEC921B800C.pub | gpg --import -
|
||||
|
||||
(Just so you can check the revocation message give the new key fingerprint).
|
|
@ -12,8 +12,8 @@ CPython core developer, PSF fellow, independent Python trainer.
|
|||
- Building an online Python exercises platform: [Hackinscience](https://hackinscience.org/).
|
||||
- 99 other projects on [my github](https://github.com/JulienPalard).
|
||||
- [My CV](https://mdk.fr/Julien-Palard.pdf)
|
||||
- [My ssh key](https://mdk.fr/id_rsa.pub) and [my gpg key](https://mdk.fr/gpg.pub)
|
||||
- I'm `mdk` on [freenode](https://webchat.freenode.net)
|
||||
- [My ssh key](https://mdk.fr/id_rsa.pub) and [my gpg key](https://mdk.fr/8AFAA8C574C3E9804BB4337546EBCD72F08E6717.pub)
|
||||
- I'm `mdk` on [freenode](https://webchat.freenode.net) and <a rel="me" href="https://mamot.fr/@mdk">Mastodon</a>.
|
||||
|
||||
> "Walking on water and developing software from a specification are easy if both are frozen." - Edward V. Berard -
|
||||
|
||||
|
|
|
@ -4,6 +4,14 @@ status: hidden
|
|||
|
||||
## Past
|
||||
|
||||
- 2021-01-13:
|
||||
[AFPy](https://discuss.afpy.org/t/calendrier-de-lafpy/64/12):
|
||||
[Conférence Packaging sans setup.py](https://julienpalard.frama.io/atelier-packaging/)
|
||||
|
||||
- 2020-12-09:
|
||||
[AFPy](https://discuss.afpy.org/t/calendrier-de-lafpy/64/12):
|
||||
[Atelier Performances en Python](https://julienpalard.frama.io/atelier-perf/perf.html)
|
||||
|
||||
- 2019-06-13:
|
||||
[Write The Docs Paris](https://www.meetup.com/Write-the-Docs-Paris/): La traduction de la
|
||||
documentation de Python.
|
||||
|
@ -37,4 +45,4 @@ status: hidden
|
|||
- 2016-10-16:
|
||||
[PyCon FR 2016](https://www.pycon.fr/2016/pages/programme.html#Traduction%20de%20la%20doc%20de%20Python%20et%20l'internationalisation):
|
||||
La traduction de la documentation de Python et l'internationalisation.
|
||||
[video](https://www.pycon.fr/2016/videos/traduction-de-la-doc-de-python-et-linternationalisation.html)
|
||||
[video](https://www.pycon.fr/2016/videos/traduction-de-la-doc-de-python-et-linternationalisation.html)
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{% extends "base.html" %}
|
||||
{% block title %}{{ article.title|striptags }}{% endblock %}
|
||||
{% block content %}
|
||||
{% set ads = True %}
|
||||
<section id="content" class="body">
|
||||
<article>
|
||||
<header>
|
||||
|
@ -13,11 +12,6 @@
|
|||
<div class="entry-content">
|
||||
{{ article.content }}
|
||||
</div>
|
||||
<div class="entry-metadata">
|
||||
{% if ads %}
|
||||
<script src="https://sense.framasoft.org/sense3.js" data-sense3="300x250"></script>
|
||||
{% endif %}
|
||||
</div>
|
||||
<footer class="post-info">
|
||||
<abbr class="published" title="{{ article.date.isoformat() }}">
|
||||
Published: {{ article.locale_date }}
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{% extends "base.html" %}
|
||||
{% block content_title %}{% endblock %}
|
||||
{% block content %}
|
||||
{% set ads = False %}
|
||||
{% if articles %}
|
||||
{% for article in articles_page.object_list %}
|
||||
|
||||
|
|
Loading…
Reference in New Issue