Leaderboard

Can-bus is a really simple communication protocol originally made for cars, but these days they are used for anything, even in subsea christmas trees. For starting with CAN the wiki page is surprisingly good and is a nice starting point along with this url:https://opensource.lely.com/canopen/docs/cmd-tutorial/ Anyways, so I will share two simple codebases, be warned! The code is shitty and both together was coded in less than a week which is why its a uncommented mess (literally made with a knife on my throat as a project saving kung-fu in an EU project). The code is without any lisence, but sadly I cannot show you the actual usage of the code as its properitary but its farily simple so I will just inline it here: canbus_communicator = new CanThread("vcan0"); paxterGen3Tpdo = new PaxterGen3Tpdo(); canbus_communicator->addNode((CanMethodResolver *) paxterGen3Tpdo); canbus_communicator->start(); The C version is very hacky, the first constraint was to write the software in C which is nice as I like C, but I havent programmed in it in a couple of years but it uses the deadly sin of "OOP function pointers", which can be hacky when distributing multiple signals in parallel. So we start with defining a simple canbus reader (implementation in the .c file): enum { INVALID_LENGTH_ARGUMENT = -1 }; struct canbus_reader { int canbus_socket; char *ifname; int(*read_frame)(struct canbus_reader *, int *, char [8], unsigned *); int(*write_frame)(struct canbus_reader, int, const char *, unsigned); }; typedef struct canbus_reader canbus_reader_t; canbus_reader_t *canbus_reader_create(char *ifname, bool block); void canbus_reader_destroy(canbus_reader_t *reader); So far, pretty clean, the pointers here are just for doing reading and writing contained within the namespace. To ease the parallelization processes we thus wrap this into a canbus thread with the following api: struct canbus_thread; typedef struct canbus_thread canbus_thread_t; typedef int (*frame_handler_func)(int, char*, unsigned); enum { MAXIMUM_AMOUNTS_OF_METHODS_PER_THREAD = 1 << 4 }; //__BEGIN_API /** * Creates a handle for a canbus thread * * @param ifname The network interface name to listen to, preferably a can interface * @return A new canbus thread wrapper */ canbus_thread_t *canbus_thread_create(char *ifname); /** * * The canbus thread can handle a frame in multiple ways depending on how the different listeners requires the data * @param canbus_reader The reader itself * @param func_pointer A function pointer which parses the processed can data on the format (id, data, len) * @return 0 if successful else -1 */ int add_method_to_canbus_thread_handler(canbus_thread_t *canbus_reader, frame_handler_func func); int start_thread(canbus_thread_t *thread); // THIS SHOULD PROBABLY BE REFACTORED TO THREAD STRUCT FOR OOPness :D, note: this is retarded void canbus_thread_destroy(canbus_thread_t *canbusThread); //__END_API_ Still seems... kinda clean, but also shit. Whatever, it was hastely pulled together. So we inspect this retarded programmers C file to see the struct, because surely, they know how to program C in an embedded environment...right? The thread wrapper has the following struct: struct canbus_thread { canbus_reader_t *reader; bool isRunning; pthread_t _thread; int num_methods; frame_handler_func frame_handler_functions[MAXIMUM_AMOUNTS_OF_METHODS_PER_THREAD]; }; WTF, no one would be stupid enough to have an array of function handles in order to reduce the code to work like in a modern OOP env in C? Well, sorry to say that I am that retard. So doing simple things such as creating a running a thread turns into this abomination: void *run_can_thread(void *arg) { int id; unsigned len; char data[8]; canbus_thread_t *canbus_thread = (canbus_thread_t *) arg; DLOG(INFO, "[%s] Thread func start \n", (canbus_thread->reader->ifname)); while (canbus_thread->isRunning) { if (canbus_thread->reader->read_frame(canbus_thread->reader, &id, data, &len) > 0) { for (int i = 0; i < MAXIMUM_AMOUNTS_OF_METHODS_PER_THREAD; i++) { if ((*canbus_thread->frame_handler_functions[i]) != NULL) { fprintf(stdout, "I am thread %s calling the func now!\n", canbus_thread->reader->ifname); (*canbus_thread->frame_handler_functions[i])(id, data, len); } } } } DLOG(INFO, "[%s] Thread func stop \n", (canbus_thread->reader->ifname)); return NULL; } With the implementation of sensors as you see in the C repository we got the message that we could use C++. This wa actually one of my first time using C++, but given it was an embedded env it was basically just really nice C. Which means we solve the above things with simple classes like: class CanMethodResolver { public: virtual int handle_frame(int id, char *data, unsigned len) = 0; }; Which allows you to define in interface with an external component (like NodeJ1939 in a car) as following: NodeJ1939::NodeJ1939() { msgCount1 = 0; msgCount2 = 0; msg3State = false; } int NodeJ1939::handle_frame(int id, char *data, unsigned len) { if ((id & CAN_EFF_MASK) == ID.MESSAGE1) { return appendMessage1(data, len); } else if ((id & CAN_EFF_MASK) == ID.MESSAGE2) { return appendMessage2(data, len); } else if ((id & CAN_EFF_MASK) == ID.MESSAGE3) { if (!msg3State) { msg3State = true; return appendMessage30(data, len); } else { msg3State = false; return appendMessage31(data, len); } } return 0; } int NodeJ1939::appendMessage1(char *data, unsigned len) { maxVolt = ((float) ((data[0] << 8) | data[1])) / 10; maxCurr = ((float) ((data[2] << 8) | data[3])) / 10; charging = !data[4]; msgCount1++; return 0; } int NodeJ1939::appendMessage2(char *data, unsigned len) { volt = ((float) ((data[0] << 8) | data[1])) / 10; curr = ((float) ((data[2] << 8) | data[3])) / 10; hwFail = (data[4] & 0x1); tempFail = (data[4] & 0x2); voltFail = (data[4] & 0x4); comFail = (data[4] & 0x10); msgCount2++; return 0; } int NodeJ1939::appendMessage30(char *data, unsigned len) { nomAhr = ((float) ((data[0] << 8) | data[1])) / 10; storedAhr = ((float) ((data[2] << 8) | data[3])) / 10; actualCurr = ((float) (((data[4] & 0x7f) << 8) | data[5])) / 10; actualPackVolt = ((float) ((data[6] << 8) | data[7])) / 10; soc = 100 * (storedAhr) / (nomAhr); return 0; } int NodeJ1939::appendMessage31(char *data, unsigned len) { maxCellVolt = ((float) ((data[0] << 8) | data[1])) / 1000; minCellVolt = ((float) ((data[2] << 8) | data[3])) / 1000; maxCellTemp = ((float) (((data[4] << 8) | data[5]) - 200)) / 10; minCellTemp = ((float) (((data[4] << 8) | data[5]) - 200)) / 10; return 0; } int NodeJ1939::appendMessage1X(char *data, unsigned len) { return 0; } By simple inheritence. class NodeJ1939 : CanMethodResolver { public: NodeJ1939(); int handle_frame(int id, char * data, unsigned len); struct ID{ static const int MESSAGE1 = 0x1806E5F4; static const int MESSAGE2 = 0x18FF50E5; static const int MESSAGE3 = 0x18075000; static const int MESSAGE1X = 0x1806E6F4; } ID; .................omitted. I will upload both the C and C++ repositories once I find a decent way of sharing with the members of HAXME without exposing it completlly

Do you have that .cap file you got by deauthing your asshole neighbor that you just cannot seem to crack even when using GPU accelerated cracking? Yea, me neither, I totally would NEVER do that, because it's illegal. That said, instead of trying to crack that WPA/WPA2 (or greater) (if your having this issue with WEP, then you have more problems that I cannot help you with) why not just bypass it? This tool is pretty dated but it's still badass. There are other great tools that have evolved since it's inception like Reaver, and other tools that hack the WPS pin, instead of attacking the actual password, but I like this one the best. Kevin Mitnick, said that the weakest link in security is almost always the human factor, and for any of you who have actually been on a hack, or pentesting op, that's pretty fucking true. This goal can be accomplished with no overhead (like if using a Wifi Pineapple, from Hak5 [which btw is completely worth the money!]). Check out this page. Here is a snippet from said page: About Wifiphisher is a rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. Using Wifiphisher, penetration testers can easily achieve a man-in-the-middle position against wireless clients by performing targeted Wi-Fi association attacks. Wifiphisher can be further used to mount victim-customized web phishing attacks against the connected clients in order to capture credentials (e.g. from third party login pages or WPA/WPA2 Pre-Shared Keys) or infect the victim stations with malwares. Wifiphisher is... ...powerful. Wifiphisher can run for hours inside a Raspberry Pi device executing all modern Wi-Fi association techniques (including "Evil Twin", "KARMA" and "Known Beacons"). ...flexible. Supports dozens of arguments and comes with a set of community-driven phishing templates for different deployment scenarios. ...modular. Users can write simple or complicated modules in Python to expand the functionality of the tool or create custom phishing scenarios in order to conduct specific target-oriented attacks. ...easy to use. Advanced users can utilize the rich set of features that Wifiphisher offers but beginners may start out as simply as "./bin/wifiphisher". The interactive Textual User Interface guides the tester through the build process of the attack. ...the result of an extensive research. Attacks like "Known Beacons" and "Lure10" as well as state-of-the-art phishing techniques, were disclosed by our developers, and Wifiphisher was the first tool to incorporate them. ...supported by an awesome community of developers and users. ...free. Wifiphisher is available for free download, and also comes with full source code that you may study, change, or distribute under the terms of the GPLv3 license. [Click and drag to move]

@AK-33 Sick build! I love how you totally have a case, but do not have a case. That design is awesome. Do you ever feel like it doesn't have enough protection? @cwade12c LOVE THE RGB... I am an RGB g00n myself (see down in the build). Not going to lie, I am super duper jelly of your 4 monitors, I currently only have one and need to at least get 2, you have 4. Love it. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- THIS IS MY FIRST TRUE BUILD -- THAT I DID ENTIRELY BY MYSELF I use this as my daily driver, for gaming and making YouTube videos. It's not super specked out in terms of CPU or GPU or anything like that, but to me, it's a very respectable unit that I've been dreaming of since I was a little kid. If you click on the video creator, you might find dozens of videos on the channel ;) In case you're interested in all the parts and how much they cost, the rig can be seen below: or you could find it yourself on PC parts picker: https://pcpartpicker.com/list/NBbVj2 You'll find that on PC part picker, it says there is some problems with the build. I'm not using an older version of the BIOS, I'm even using one better than 2203 "One SATA port is disabled" -- Ok, I got 5 others bro Yes, I actually had to carve out some of my fans and water cooler in order to get everything to fit.. so this was a valid error I guess XD I also have some more stuff in my "build" that PC parts picker doesn't have... more of the "cool streaming stuff" --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Thanks for taking a p33k at my build PL0X.

Awesome rig, @AK-33! The water cooling looks SICK! What are the specs? I love your family of laptops, @WarFox. Which laptop from the family is your favorite, and why? Also, good looks on the Run BSD stickers - I will consider requesting some if I run BSD in the future. Here's a 30 second video of my setup. The tower is not at all impressive, so I didn't show it off. I didn't do any fancy chassis or lights on my rig this round. Specs: Operating System Windows 10 Pro 64-bit (Dual Boot) Debian 64-bit (Dual Boot) CPU Intel Core i9 @ 3.60GHz Kaby Lake 14nm Technology RAM 32.0GB Motherboard Dell Inc. 0H0P0M (U3E1) Graphics LG ULTRAWIDE (2560x1080@60Hz) LG ULTRAWIDE (2560x1080@60Hz) HP VH240a (1080x1920@60Hz) HP VH240a (1080x1920@60Hz) Intel UHD Graphics 630 (Dell) 4095MB NVIDIA GeForce GTX 1070 (Dell) Storage 476GB KXG60ZNV512G NVMe TOSHIBA 512GB (SSD) 931GB Seagate ST1000DM010-2EP102 (SATA ) 931GB Western Digital WD My Passport 0820 USB Device (USB (SATA) ) 5589GB Western Digital WD My Book 25EE USB Device (USB (SATA) ) 930GB Western Digital WD My Book 1110 USB Device (USB (SATA) ) 4657GB Western Digital WD Game Drive USB Device (USB (SATA) (SSD))

My supervisor for my thesis told me about this site last year and it's one of the most valuable resources available that I know of. https://arxiv.org/ is a pre-print site where scientists upload their papers before they have been peer reviewed and published and it currently has over 1.9 million papers. This means that the papers on arXiv are often the same papers being published in reputable journals but they are not behind a paywall. These are pre-prints and have not been peer reviewed yet, but you can still read through them and analyze their methodology for yourself. I used a few papers from arXiv for my thesis on quantum resistant encryption algorithms.

Intro In the previous post, we looked at the scope of the series and the tools that will be required. In this post, we are going to be covering the most important piece of authoring Blu-rays: specifications. You can mux any video and audio input into a container file, burn any video and audio streams to a disc, encode any source to an output of your choosing and call it "HD" or Blu-ray compliant. That does not make it so. There are specifications that must be followed in order for your content to be deemed Blu-ray compliant. Compliance is important because if the media you author is Blu-ray compliant, you can be sure that it will work on any Blu-ray player. Specifications In order for your media to be considered Blu-ray compliant, the following rules must be followed. We are only going to concern ourselves with the Blu-ray spec at this time, which will exclude Ultra HD Blu-ray and Blu-ray 3D. Video Codecs: MPEG2 - Main Profile at High Level (MP@HL) or Main Profile at Main Level (MP@ML) h264 (AVC) - High Profile at 4.1/4.0 Level (HP@4.1/4.0) or Main Profile at 4.1/4.0/.3.2/3.1/3.0 Level (MP@4.1/4.0/3.2/3.1/3.0) h265 - High Profile at 4.1/4.0 Level (HP@4.1/4.0) or Main Profile at 4.1/4.0/.3.2/3.1/3.0 Level (MP@4.1/4.0/3.2/3.1/3.0) VC1 - Advanced Profile at Level-3 (AP@L3) or Advanced Profile at Level-2 (AP@L2) Video Frame Size: 1920×1080 29.97 frames interlaced / 59.94 fields (16:9) 1920×1080 25 frames interlaced / 50 fields (16:9) 1920×1080 24 frames progressive (16:9) 1920×1080 23.976 frames progressive (16:9) 1440×1080 29.976 frames interlaced / 59.94 fields (16:9) 1440×1080 25 frames interlaced / 50 fields (16:9) 1440×1080 24 frames progressive (16:9) 1440×1080 23.976 frames progressive (16:9) 1280×720 59.94 frames progressive (16:9) 1280×720 50 frames progressive (16:9) 1280×720 24 frames progressive (16:9) 1280×720 23.976 frames progressive (16:9) 720×480 29.97 frames interlaced / 59.94 fields (4:3/16:9) 720×576 25 frames interlaced / 50 fields (4:3/16:9) Audio Codecs: Dolby Digital (up to 5.1 channels with a maximum bitrate of 640 Kbit/s) Dolby Digital Plus (up to 7.1 channels with a maximum bitrate of 4.736 Mbit/s) Dolby Lossless (up to 9 channels with a maximum bitrate of 18.64 Mbit/s) DTS (up to 5.1 channels with a maximum bitrate of 1.5244 Mbit/s) DTS HD (up to 9 channels with a maximum bitrate of 24.5 Mbit/s) Linear PCM (up to 9 channels with a maximum bitrate of 27.648 Mbit/s) Subtitles Image bitmap subtitles (.SUP) Text subtitles (.SRT) Maximum Video Bitrate 40 Mbit/s Maximum Total Bitrate 48 Mbit/s Maximum Data Transfer Rate 54 Mbit/s I highly recommend reviewing the following resources to learn more about Blu-ray specifications and structure: http://www.hughsnews.ca/faqs/authoritative-blu-ray-disc-bd-faq/4-physical-logical-and-application-specifications https://www.videohelp.com/hd https://forum.doom9.org/showthread.php?t=154533 VideoHelp and doom9 will be your best friends. Use those resources. Background I can just toss the Blu-ray specs out there, but understanding is also important. We can blindly click on things, blindly pass arguments...or, make informed actions. Let's talk a little bit about H.264 AVC. You can think of H.264 as a family of profiles. Each profile has different rules relating to the encoding techniques and algorithms used to compress files. The Baseline profile is the primary profile used for mobile applications, video conferencing, and low powered devices. It benefits from achieving great compression ratios and other techniques like chrominance sampling and entropy coding techniques. The Main profile is the primary profile used for standard definition television broadcasts. It benefits from all of the Baseline profile enhancements, in addition to improved frame prediction algorithms. The High profile is the primary profile used for disc storage and high definition television broadcasts. It benefits from achieving the best compression ratios and using transformation techniques to reduce network bandwidth requirements by up to 50%. Profiles are proportional to the level of complexity required to encode/decode. Thus, higher complexity profiles require more CPU power. Levels are another type of configuration to set constraints on the encoder/decoder. The levels are a reflection of history, with H.264 evolving and growing as a standard. While profiles define rules for encoding techniques, levels place maximums on: Maximum decoding speed (Macroblocks/s) Maximum frame size (Macroblocks) Maximum video bitrate (Kbit/s) There are currently 20 levels, with the lowest level being Level 1 and the highest being Level 6.2. Level 1 defines constraints of: Maximum decoding speed of 1,485 Macroblocks/s Maximum frame size of 99 Macroblocks Maximum video bitrate of 64 Kbit/s Level 6.2 defines constraints of: Maximum decoding speed of 16,711,680 Macroblocks/s Maximum frame size of 139,264 Macroblocks Maximum video bitrate of 800,000 Kbit/s Thus, you arrive at resolutions ranging from 128x96 (Level 1) through 8,192x4,320 (Level 6.2). Now, when we look back at the Blu-ray specifications, you can use your knowledge of H.264 profiles and levels to choose appropriate encoding techniques and constraints that fall within the spec. Viewing Media Specifications with MediaInfo As you might imagine, it is important to always know the specifications of your audio and video. Therefore, having some sort of tool that can quickly show you this information in a presentable manner is an essential tool. There are quite a few tools for this, but one of the most popular ones that I like is MediaInfo. It is free open-source software that is simple to use. Download and install MediaInfo. Set your View. By default it is Basic. I really like Tree. Open a video or set of videos under File, and that's it! As we can see in this example, the media file I selected uses AVC and was encoded using x264. Things like the frame rate (23.976 Frames/s constant), Bitrate (2,741 Kb/s), resolution (720P), and encoding settings are quickly available. Here are the encoding settings that were used for this file: cabac=1 / ref=16 / deblock=1:0:0 / analyse=0x3:0x133 / me=umh / subme=10 / psy=1 / psy_rd=1.00:0.00 / mixed_ref=1 / me_range=32 / chroma_me=1 / trellis=2 / 8x8dct=1 / cqm=0 / deadzone=21,11 / fast_pskip=0 / chroma_qp_offset=-2 / threads=8 / lookahead_threads=2 / sliced_threads=0 / nr=0 / decimate=0 / interlaced=0 / bluray_compat=0 / constrained_intra=0 / bframes=16 / b_pyramid=2 / b_adapt=2 / b_bias=0 / direct=3 / weightb=1 / open_gop=0 / weightp=2 / keyint=288 / keyint_min=23 / scenecut=40 / intra_refresh=0 / rc_lookahead=60 / rc=crf / mbtree=1 / crf=14.0 / qcomp=0.60 / qpmin=0 / qpmax=81 / qpstep=4 / ip_ratio=1.40 / aq=3:1.00 In the next tutorial, we will look at ripping from physical media, battling DRM, and destroying senseless region locks.

Okay, people ... show 'em if you got 'em! Meet the love of my life: Her name is Scimitar. Shoutout to the good people at Overkill Computers for building her for me!

Just for you guys, I reconfigured my PC to turn on the RGB. Its placed under a desk in the 'office' (at home), next to where my wife now also sits while she finishes her PHD. So the whole thing is pretty much hidden. I use 4 monitors with a KVM so that we can switch between the machines, otherwise we have 2 screens each, when we both are working. Specs: Intel Core i9-10900K ASUS ROG STRIX Z490-F GAMING Nvidia RTX 3090 TUF gaming OC Samsung 970 Evo Plus NVMe PCIe M.2 1TB Kingston SKC2500M81000G 1TB Seagate FireCuda SSHD 2TB (2016) Seagate Barracuda 2TB (2018) Kingston HyperX DDR4 3200 C18 4x16GB

There are some pretty badass resources out there for Shodan. A good place to start to really see some of the crazy shit you can do with it, and as well as to avoid a visit from the Department of Homeland Security, can be located here: This is a badass talk. Dan is a kick-ass Defcon speaker. Also, this quick guide will introduce you to shodan: https://www.hackeracademy.org/hacking-with-shodan-how-to-use-shodan-guide/ Here are some cool pentensting related projects, that use Shodan: https://awesomeopensource.com/projects/shodan

Just wanted to gather the opinions with others and also put out some of my thought. It seems like the big contenders in this field are Rust, Zig and D. I think also Nim is targeting the system space programming of C along with V lang. Of all of the languages, I personally like the syntax of D and the meta programming concepts. Pretty much looks like what C++ should have been. I also like how memory safety in the compiler is not default and instead has to be specified when to use it and when to not. Might help cut down on compile times. A function that does a simple calculation like maybe calculating an interest rate might only be using stack variables and nothing allocated on the heap, so it doesn't really need the memory safety features wasting time on it, but adding a node to a list might. I have dabbled some in Rust. Honestly, I don't like it. The syntax just seems a little overly complicated and I feel like a lot of words in the ecosystem are not in fact new concepts, but instead renaming concepts already present in computer science. One thing I do like about rust, the compiler is verbose which always helps with troubleshooting/debugging. I do also like that is catches when branches of execution are not being handled such as exception handling. Zig has gotten some buzz in the BSD community but I see little else mentioned about it elsewhere. However, it is not at a 1.0 release yet, so that could be a reason why. Overall, I don't think these languages will fully replace C. It is just so easy to port and get stuff bootstrapped. Not to mention the time and resources needed to re-implement something like the Linux kernel in 100% Rust or another language would take forever. I see the C language being timeless and always having a use case. Maybe it will lessen some with the like of Rust, D and Zig starting to come up, but we probably won't have a day in my lifetime where C code isn't at play somewhere.

We covered some of this in my Secure Software Engineering class. Lots of great info and lots of great tools out there. NIST is pretty awesome. SEI is also pretty amazing for looking up things dealing with code. For those unfamiliar, SEI has documentation for each language on common unsecure code snippets, why it is unsecure and better ways to write the code while achieving the same result. SEI for C as an example: https://wiki.sei.cmu.edu/confluence/display/c

HCL AppScan CodeSweep will try to detect vulnerabilities within your code each time you save your code. It comes as a VSCode extension or as a Github Action, so that it will scan code upon a pull request. It supports scanning files of the following types: Android-Java Angular Apex ASP.Net C C# Cobol ColdFusion Golang Groovy Infrastructure as Code Ionic JavaScript JQuery Kotlin MooTools NodeJS Objective-C Perl PHP PL/SQL Python React React Native Ruby Scala Swift T-SQL TypeScript VB.Net VueJS Xamarin VSCode Extension: https://marketplace.visualstudio.com/items?itemName=HCLTechnologies.hclappscancodesweep Github Action: https://github.com/marketplace/actions/hcl-appscan-codesweep

Introduction Hi all! I wanted to take some time to put together a comprehensive privacy guide with the goal of offering viable solutions to common services and software that are privacy oriented. When determining my recommendations and suggestions, I am mostly utilizing the following criteria: Follows the GNU four freedoms Services not based in mandatory key disclosure jurisdictions Audited or transparent Motivation "That's great Wade, but I don't have anything to hide." This is a fallacy I would like to disrupt. Voluntarily giving information away is perfectly reasonable, so long as one understands the costs/benefits and risks. There are security considerations that many people fail to realize when they suggest that privacy is not important. Humans can be the greatest vulnerability and easiest way to gain unauthorized access to a system; simply knowing information, especially that people voluntarily provide or publicly make available, can be valuable in the information gathering phases of an attack. An attacker can use this information to social engineer you or people related to you, causing potential financial damage to you or those around you. Some in the intelligence community suggest that reducing privacy is a necessary cost for increasing security. I look at this differently. Strong privacy goes hand-in-hand with security. I will attempt to demonstrate this in a related thread, Twenty+ Reasons Why Mass Surveillance is Dangerous. In the meantime, you are welcome to view my original publication on Packet Storm Security titled, Twenty Reasons Why Mass Surveillance is Dangerous. Additional resources I'd like to recommend on why privacy is important, to support my motiviation: The Value of Privacy by Bruce Schneier When Did You First Realize the Importance of Privacy? by EFF The Little Book of Privacy by Mozilla Table of Contents ---- Providers -------- Cloud Hosting -------- DNS ------------ Resolvers ------------ Clients -------- Email ------------ Hosts ------------ Clients -------- Image Hosting -------- News Aggregation -------- Search Engines -------- Social Networks -------- Text Hosting (Pastebin) -------- Video Hosting -------- Web Hosting ---- Software -------- Calendars and Contacts -------- Chat -------- Document and Note Taking -------- Encryption -------- File Sharing -------- Metadata Removal -------- Password Managers -------- Web Browsers ------------ Browser Specific Tweaks ------------ Browser Specific Extensions ---- Operating Systems and Firmware -------- Desktop -------- Mobile -------- Routers I will update this thread and table of contents as the subsidiary topics are created.

A couple weeks ago an organization called intigriti had a hacking challenge where people were to exploit an XSS vulnerability in this page: https://challenge.intigriti.io/ Unfortunately the competition is over and it has been solved in numerous different ways, but they left the page up, so you can still go test your skills! In case they ever take that down you can still access the code for the challenge, as well as multiple solutions and explanations, here: https://blog.intigriti.com/2019/05/06/intigriti-xss-challenge-1/

In my recent class, we did a series of languages from different paradigms to get an understanding of how they are used, pros/cons, etc. Here is some code I wanted to share from a portion of my homework for anyone who hasn't seen LISP. All in all, it is a pretty fun language to tinker with that I may end up doing some more on my on down the road. ; Adds two numbers and returns the sum. (defun add (x y) (+ x y)) ; Returns the minimum number from a list. (defun minimum (L) (apply 'min L)) ; Function that returns the average number of a list of numbers. (defun average (number-list) (let ((total 0)) (dolist (i number-list) (setf total (+ total i))) (/ total (length number-list)))) ; Function that returns how many times an element occures in a list. (defun count-of (x elements) (let ((n 0)) (dolist (i elements) (if (equal i x) (setf n (+ n 1)))) n)) ; Returns the factorial of a number using an interative method. (defun iterative-factorial (num) (let ((factorial 1)) (dotimes (run num factorial) (setf factorial (* factorial (+ run 1)))))) ; Using a recursive method, this function returns the factorial of a number. (defun recursive-factorial (n) (if (<= n 0) 1 (* n (recursive-factorial (- n 1))))) ; This function calculates a number from fibonacci sequences and returns it. (defun fibonacci (num) (if (or (zerop num) (= num 1)) 1 (let ((F1 (fibonacci (- num 1))) (F2 (fibonacci (- num 2)))) (+ F1 F2)))) ; Takes a list and returns all elements that occur on and after a symbol. (defun trim-to (sym elements) (member sym elements)) ; Returns the ackermann of two numbers. (defun ackermann (num1 num2) (cond ((zerop num1) (1+ num2)) ((zerop num2) (ackermann (1- num1) 1)) (t (ackermann (1- num1) (ackermann num1 (1- num2)))))) ; This function defines test code for each previous function. (defun test () (print (add 3 1)) (print (average '(1 2 3 4 5 6 7 8 9))) (print (minimum '(5 78 9 8 3))) (print (count-of 'a '(a '(a c) d c a))) (print (iterative-factorial 5)) (print (iterative-factorial 4)) (print (fibonacci 6)) (print (trim-to 'c '(a b c d e))) (print (ackermann 1 1))) ; Calls the test function. (test)

In my DnD group we've always tracked initiative on a white board, and it's always been a pain in the ass. We'd write down the names of everyone in the encounter, take note of their initiative scores, rewrite the whole list in order, and then we'd do all damage calculation by hand. It took way too long, and was always very anticlimactic. We'd be rushing through a cave to some epic music and, at the peak of excitement, the DM shouts "You're greeted by 5 viscous ancient dragons!!" and then we'd have to pause for 5-10 minutes while we fumble around with our white board, and even then the encounter itself would be a bit clumsy as we haphazardly try to figure out damage and whose turn it was. No more! Now there's a tool which will do all of that for you! (though soon after finishing this program I found out there are dozens of free mobile apps that do the same thing...) This tool is Object Oriented, and it keeps track of Mob objects in a linked list. Here is a screenshot: Clicking the bottom 3 buttons creates popup dialogues that you can use to enter the information. Here is the code: Main.java: GUI.java Mob.java There are some small limitations: There is no healing button. What you can do instead is just enter a negative number for damage. I could have easily added a healing button with only a few lines of code overall, but I felt that it would clutter the UI a bit for something that is virtually identical to the damage button. The program does not distinguish between NPCs and players. The only downside of this is that if a player "dies" then it doesn't prompt them to do their death saves. Hopefully your DM can pay enough attention to notice when the player is skipped in the order and just ask them to do it themselves though.

Here is a bit of an incomplete program I started. Well, the code I post works, but I had planned to extend this out. This calculator has a GUI and takes into account order of operations. The only issues that I've had with it, is that output can be a little wonky when answers are negative (such as 1- 9 * 9). At some point when I have time to work on it again, my original plan was to build in the functionality to input an equation and allow the user to specify a range of values that X can hold, it would compute it and output all of the results. And of course to add in more operations such as trig functions, etc. Essentially my end goal at some point is a calculator that could take the place of my graphing calculator. Main.java Calculator.java ParseCalculation.java

I am currently about to finish a class in my course work that deals with digital logic at a very basic level. So, I would like to share a little bit of knowledge of what I have learned. Data Representation in a Computer Communicating digital can be traced back to the days of Samuel Morse and the invention of the telegraph. Communicating over long distances via wire required some sort of standardized system of communication. Samuel Morse developed the famous system that we know as Morse code to facilitate communication. On paper, the language is represented by a series of dots and dashes, coming from a speaking, it is represented by long (DAH) and short (DIT) beeps. By standard convention, a "dah" has a width of 3 "dits." (A) .- [DIT - DAH] (B) -... [DAH - DIT - DIT - DIT] While used in the telegraph, it was not implemented in computers but have become a real world pre-computer example of how information could be stored. Morse code is created to travel across a wire by turning current on and off along a wire, which is generally created by a telegraph operator tapping a metal paddle on to a metal surface.Essentially, just being a switch. Morse code didn't become the standard of data representation, instead binary logic was chosen instead. Representing information in 1s and 0s instead of long and short audio beeps. A "HIGH" voltage is generally considered to be represented by "1" or also known as "ON/TRUE." "LOW" voltage is represented by a "0" or "OFF/FALSE." Now, binary is more than just a convention, it is an actual way of doing mathematics. We conventionally use a "base ten", also known as the "decimal system" ( system of counting (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10). Binary is a "base two" system where there are essentially only two unique characters that make up the whole number system which can be repeated to make more complex number. Look at the bubble below: 0 (zero) 1 (one) 10 (two) 11 (three) 100 (four) Each individual symbol is dubbed a "bit" and can only represent 2 possible values. So "10" is 2 bits in width. A quick way to see how many possible values a certain number of bits can represent, we can do a quick calculation of 2 to the power of some bits. 2^2 = 4 00 01 10 11 2^3 = 8 000 (zero) 001 (one) 010 (two) 011 (three) 100 (four) 101 (five) 110 (six) 111 (seven) The bottom line is that information in computers can be represented as a switch or series of switched. Imagine we have a battery connected to 8 light bulbs with a switch between the battery and each light switch. So, we have 8 light bulbs and 8 light switches. Using binary, we can represent 2^8 numbers starting from zero by switching on lights. Light bulbs that are lit represent a 1, light bulbs that are not lit represent a 0. Computers at the very basic level are a system of switches that perform operations on switches to change the system's state. Boolean Algebra and Truth Tables Boolean was a man who had a goal of being able to relate human decision making to mathematical logic. He wanted to develop a mathematical way of expressing logic. Thus, he developed what we call Boolean Algebra. This form of algebra uses typical math symbols that we are all used to seeing, however they have a different meaning. In this form of math, a state of a machine, or a decision being made is equal to an equation of variables that take on certain behavior based on the state of inputs and their relation to one another. A gppd way to explain this is to take a look at an example and break it down. F = ab + c'b F is the output of an equation. On the right side of the equals sign, we have three variable (a b c). "ab" is an expression that represents multiplication, which in boolean algrebra is representative of "and." The addition symbol is representative of an "or." An apostrophe is means an inversion. Any value that is not inverted is assumed to represent true. An inversion of a value means false. This system will also assume that F is true. This is how we can read this. F is true if a and b are true or c is not true and b is true A quick table for reference: * AND + OR ' NOT Now, another way we can represent data is a more easy way is a truth table. In the follow link is a file named "truthtables.pdf" with three sample truth tables. Each column represents an input or output. The top row of each table is a label, then underneath is the state of that input or output. Schematics of a Basic Digital Circuit Now that some base information has been established, now basic circuits that a system can use to execute logic can be discussed. For creating digital logic circuits in class, I used Logisim, which is what I will be using for create examples. There are three main basic components in a digital circuit, these are made up of transistors. The construction of them from transistors is outside of the scope of this post. These three main components are the ones discussed in the previous section; AND, OR, and NOT. Here are two images, the first is how the gate are represented. The second image are the truth tables to explain the logical operation that is being performed by each type of gate. Using our boolean equation and a truth table is a quick way to prototype a digital circuit. Here is a drawing of logism of the circuit that would produce the same results as the equation "F = ab + c'b." Recreating this circuit in logism or a similar program, we can see that the behavior of this circuit matches what our truth table says. To do this for any boolean expression, simply take the inputs and connect them with their appropriate gates. In the case of "ab," the inputs named a and b are connected to the two input pins of the AND gate. The output is fed to an OR gate that is represented by the addition symbol. Input c is inverted by a NOT gate, the output of the NOT gate is fed into an input of another AND gate that takes another input that comes from b. The output of this second AND gate is also fed into the OR gate. If either of these AND gates outputs true, then the output of the circuit (F) will be true.

ether-vote A decentralized voting application using the Ethereum blockchain architecture. Features Initialize a collection of candidates who will be applying for a position Votes are stored on the blockchain No central authority is required to trust Goals This current version is a proof of concept. Voting systems can serve as a building block for many complex decentralized applications. In the future, the following goals will be completed: Rebuild the app using the Truffle framework Provide clear instructions for deploying the dapp to a testnet Add the ability to interact with the smart contract from the command line Implement a voting token (with a limited supply) into the smart contract Implement a payment system into the dapp that would allow users to buy/sell voting tokens Code EtherVote.sol pragma solidity ^0.4.11; contract EtherVote { mapping (bytes32 => uint8) public numberOfVotesReceived; bytes32[] public listOfCandidates; function EtherVote(bytes32[] candidates) { listOfCandidates = candidates; } function isValidCandidate(bytes32 candidate) returns (bool) { for(uint index = 0; index < listOfCandidates.length; index++) { if(listOfCandidates[index] == candidate) { return true; } } return false; } function getTotalVotesForCandidate(bytes32 candidate) returns (uint8) { require(isValidCandidate(candidate)); return numberOfVotesReceived[candidate]; } function setVoteForCandidate(bytes32 candidate) { require(isValidCandidate(candidate)); numberOfVotesReceived[candidate] += 1; } } .bowerrc { "directory": "web/vendor/" } bower.json { "name": "ether-vote", "appPath": "web", "version": "0.0.1", "dependencies": { "lodash": "~4.17.4", "bootstrap": "v4.0.0-alpha.6", "less": "~2.7.2" } } package.json { "name": "ether-vote", "version": "0.0.1", "devDependencies": { "ethereumjs-testrpc": "^4.1.1", "web3": "^0.20.1", "solc": "^0.4.16" } } Usage (Node) To retrieve the number of votes for a given candidate: contractInstance.getTotalVotesForCandidate.call('Holo'); To cast a vote for a particular candidate: contractInstance.setVoteForCandidate('Kurisu', {from: web3.eth.accounts[1]}); Installation ether-vote requires Node.js and bower to run. Step 1 - Install the frontend dependencies: bower install Step 2 - Install the node modules: npm install Step 3 - Run testrpc node_modules/.bin/testrpc This will generate 10 keypairs (public addresses / private keys) that each have 100 Ether for testing purposes. For example: EthereumJS TestRPC v4.1.1 (ganache-core: 1.1.2) Available Accounts ================== (0) 0x3853246f7dd692044b01786ea42a88197f6dfef9 (1) 0x1067092bee809c703ed33c11cc2ca3f3d3e33f1f (2) 0x4b9ad5d76fc3abe51d02fa9c631fe2e6dd21261a (3) 0xbe5dacc37242be5ca41baa25a88657e73fbae2c1 (4) 0x8afc23d930072c286c31a22d6ec5cb9330acd51e (5) 0x21deb9442d2ac8aefdeaf4521e568a98de3ebb6f (6) 0x39c9c3fffaff694388354aa40d22236ff102cb01 (7) 0x6927e56ae99f8a9531eaa5769486f0d9c67f1d07 (8) 0x65ad95852c58d7a9ab6177a55aa50f4c98507a83 (9) 0xb963574b692ace8f3f392531ba46788258d19eb6 Private Keys ================== (0) fb1e07512bfa729237496733dce0ba217356aaa5c14aecf3cecc317042bc77cc (1) 1b504d05041f1513c14dda6cfcced3b28ae5a47e33a75ce84a5d724adef69f6a (2) e5756fb44810101d141443a4f20d21dbb7ddfb79157a447721a3fc8a118934bc (3) bf811c983a80f53ec805bb956720946672a45e6739fe9d34f8099855f3658f17 (4) 681a0a2d42087966db7ca600f92c9b375f87b2e6dfae53e9358dbf54f3e26fc8 (5) b104ed383582580eae090a6d883307245d67d338db9e988312c28a30c61b543a (6) f74738475aef7b0340f902ea85c0900831b1e1b337bc0f0891e56540eed26491 (7) 96dfa361e52f3f45b24a058846ea6df844f8a89842ef83855309bb0c7827913f (8) 9cb8adf3b2e5026582b20f0c65aae2c2c4f6adb3e406cd3a52df93050a5b12fe (9) 4b152799a199aa7200432698d14aa80f970232ee0c97809e45b87880814dad65 HD Wallet ================== Mnemonic: drama aspect juice culture foot federal frequent pizza hawk giggle tenant happy Base HD Path: m/44'/60'/0'/0/{account_index} Listening on localhost:8545 Step 4.0 - Run node Step 4.1 - Include web3.js Web3 = require('web3'); web3 = new Web3(new Web3.providers.HttpProvider("http://127.0.0.1:8545")); Step 4.2 - Set the output of EtherVote.sol to a variable smartContract = fs.readFileSync('EtherVote.sol').toString(); Step 4.3 - Compile the contract using solc solc = require('solc'); compiledCode = solc.compile(smartContract); The output will return a JSON object that contains important information like the Ethereum Contract Application Binary Interface (ABI) and smart contract bytecode. For example: { contracts: { ':EtherVote': { assembly: [ Object ], bytecode: '6060604052341561000f57600080fd5b6040516103dc3803806103dc833981016040528080518201919050505b806001908051906020019061004292919061004a565b505b506100c2565b82805482825590600052602060002090810192821561008c579160200282015b8281111561008b57825182906000191690559160200191906001019061006a565b5b509050610099919061009d565b5090565b6100bf91905b808211156100bb57600081600............continued............', functionHashes: [ Object ], gasEstimates: [ Object ], interface: '[{"constant":true,"inputs":[{"name":"","type":"bytes32"}],"name":"numberOfVotesReceived","outputs":[{"name":"","type":"uint8"}],"payable":false,"stateMutability":"view","type":"function"},............continued............]', metadata: '{"compiler":{"version":"0.4.16+commit.d7661dd9"},"language":"Solidity","output":{"abi":[{"constant":true,"inputs":[{"name":"","type":"bytes32"}],"name":"numberOfVotesReceived","outputs":[{"name":"","type":"uint8"}],............continued............}]}', opcodes: 'PUSH1 0x60 PUSH1 0x40 MSTORE CALLVALUE ISZERO PUSH2 0xF JUMPI PUSH1 0x0 DUP1 REVERT JUMPDEST PUSH1 0x40 MLOAD PUSH2 0x3DC CODESIZE SUB DUP1 PUSH2 0x3DC DUP4 CODECOPY DUP2 ADD PUSH1 0x40 MSTORE DUP1 DUP1 MLOAD DUP3 ADD SWAP2 SWAP1 POP POP JUMPDEST DUP1 PUSH1 0x1 SWAP1 DUP1 MLOAD SWAP1 PUSH1 0x20 ADD SWAP1 PUSH2 0x42 SWAP3 SWAP2 SWAP1 PUSH2 0x4A JUMP JUMPDEST POP JUMPDEST POP PUSH2 0xC2 JUMP JUMPDEST DUP3 DUP1 SLOAD DUP3 DUP3 SSTORE SWAP1 PUSH1 0x0 MSTORE PUSH1 0x20 ............continued............ ', runtimeBytecode: '60606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680630d8de22c1461006a5780633898ac29146100ab5780638c1d9f30146100ec57806392d7df4a1461012b578063dcebb25e1461016a575b600080fd5b34156100............continued............', srcmap: '2', srcmapRuntime: '', sourceList: [ '' ], sources: { '': { AST: [ Object ] } } } } Step 5.0 - Create an ABI definition object by passing in the ABI definition as JSON from the compiledCode object that was created in Step 4.3. Then, pass this ABI definition object to the web3.eth.contract function in order to create an EtherVote object. abiDefinition = JSON.parse(compiledCode.contracts[':EtherVote'].interface); EtherVoteContract = web3.eth.contract(abiDefinition); Step 5.1 - Save the byteCode object from the compiledCode object to a variable, as we will use this when calling our EtherVoteContract's prototypical .new() function byteCode = compiledCode.contracts[':Voting'].bytecode; Step 5.2 - Deploy the smart contract to the Ethereum blockchain by invoking EtherVoteContract.new(...), which takes in two parameters: The first parameter are the values for the constructor - in this case, our list of candidates to vote for The second parameter is an object that contains the following properties: Property Description data The compiled bytecode that will be deployed to the Ethereum blockchain from The address that will deploy the smart contract gas The amount of money that will be offered to miners in order to include the code on the blockchain deployedContract = EtherVoteContract.new(['Kurisu', 'Holo', 'Rin', 'Haruhi', 'Mitsuha'], { data: byteCode, from: web3.eth.accounts[0], gas: 4700000 } ); Step 5.3 - Create an instance of the smart contract by invoking the at function on the EtherVoteContract object, passing in the address property from the deployedContract object that was created in Step 5.2 contractInstance = EtherVoteContract.at(deployedContract.address); Congratulations, you are now ready to interact with the dapp! (See: Usage above)

This is a program that I wrote a few years ago in order to test a theory that I read online. I read on some website that you could calculate the value of pi by throwing hot dogs on the floor which absolutely blew me away. I couldn't believe it, so I decided to test it. I wrote a program to simulate throwing 1 billion hot dogs on the floor and by golly let me tell you, they're right. Here's how: (Technically this works with any stick-like object.) Let x be the length of our object (hot dog in our case). You must then draw lines on the floor perpendicular to the direction you're facing which are all x length apart. This elegantly drawn image demonstrates what I mean flawlessly: The number of hot dogs which landed on a line divided by the total number of hot dogs thrown is an approximation for pi. Like I said, I simply refused to believe that something so simple could be possible so I wrote a program to simulate the process: #!/usr/bin/perl -w use strict; my($dist, $lower, $upper, $lenComponent, $approx); my $len = 6; my $throws = 1000000; #CHANGE TO WHAT YOU WANT my $intersects = 0; for(1..$throws){ $dist = rand(180); #arbitrary maximum throwing distance $lenComponent = sin(rand(6.28318530718))*$len; #trig with up to 2pi radians rotation $lower = $dist - ($lenComponent/2); $upper = $lower + $lenComponent; for(my $line = 0; $line<=($dist+$len); $line+=$len){ if($line>=$lower and $line<=$upper){ ++$intersects; last; } } } $approx = (1/$intersects)*$throws; print "Pi is approximately: $approx"; And I ran the program overnight with 1 BILLION hot dogs, which yielded this result: 3.14154932843791 VS 3.14159265358979 Error: 0.00004332515 Wowza! I also wrote a second version of the program which uses multi-threading to throw the hot dogs faster. It was actually a neat exercise because I wrote it such that all of the threads can edit the same variable which counts the total number of intersections. Code: #!usr/bin/perl -w use strict; use threads; use threads::shared; my $intersects :shared = 0; my $throws = 10000000; my @threads = (); sub hotdog{ my($dist, $lenComponent, $lower, $upper); my $len = 1; for(1..$throws){ $dist = rand(5); #arbitrary maximum throwing distance $lenComponent = sin(rand(6.28318530718))*$len; #trig with up to 2pi radians rotation $lower = $dist - ($lenComponent/2); $upper = $dist + ($lenComponent/2); for(my $line = 0; $line<=($dist+$len); $line+=$len){ if($line>=$lower and $line<=$upper){ lock($intersects); ++$intersects; last; } } } } for(1..10){ push (@threads, threads->create(\&hotdog)); } $_->join foreach @threads; print "Pi is approximately: ".(($throws*scalar(@threads))/$intersects);

IMO this is only a mind map of passive reconnaissance resources. And that's only half of the first step of Lockheed Martin's cyber killchain. Not to diminish the usefulness of the link at all. As far as passive reconnaissance goes the resources mentioned look quite comprehensive. You could, for example, prepare an initial dossier report to hand off to another active recon team so they could map the company profile to a network topology. This step is indispensable for a large APT, but to say that this covers all the steps is an exaggeration. Because it throws in links to malware analysis resources, and exploit archives, one could get confused about this link and think it was appropriately covering all the resources, but it's by no means its strong point. Again, I don't intend to diminish the usefulness of this link at all! Passive information gathering is the most important step to a large scale APT, yet it's the most glossed over subject in every security course! If you check out Sparc FLOW's "how to hack like a god" and some of his other books, he actually gives some emphasis on casing your target. AND NO WONDER! His books are actually just case studies!

Download all of the released NSA documents (continuously updating) with two scripts. Very hacky, but gets the job done. DEPENDS ON LYNX. (Why? Because I'm lazy) $ apt install lynx nsadl.sh #!/bin/bash echo 'Scraping links from Primary Sources...' lynx -dump "https://www.eff.org/nsa-spying/nsadocs" | grep "https://www.eff.org/document" | awk '/http/{print $2}' > links echo 'Done. Links saved as "links.txt"' echo 'Downloading .pdf documents using "links.txt" -- this may take awhile...' while read line do name=$line sh scraper.sh $name done < links echo 'All done!' scraper.sh #!/bin/bash STR="`wget --quiet -O - $1 | grep -Eo 'https://www.eff.org/files/[0-9]+/[^"]+\.pdf';`" wget --no-clobber --quiet $STR Usage: $ sh nsadl.sh; echo 'Have fun!'

This is a nice and quick information gathering tool to perform a reverse email lookup, to see who owns an email address and gather more information about them. From their site: Link: https://thatsthem.com/reverse-email-lookup

Some other information and links I have come across.... I recommend launching the SD Web UI (automatic1111) with the following argument for better performance: --xformers This site has a lot of tutorials about SD, from technical explanation to how to do different things: https://stable-diffusion-art.com/ I also have been having good success with textual inversion, hypernetworks, and LoRAs. These three are also much easier to make yourself on a budget, compared to checkpoints. For text inversion, check out theally's releases. https://civitai.com/models/3485/princess-style https://civitai.com/models/2289/psycho-style https://civitai.com/models/1998/autumn-style https://civitai.com/models/2032/empire-style I think my favorite hypernet right now for interesting results is Luisa's Magiclight. https://civitai.com/models/4077/luisap-magiclight As cool as LoRAs are, I don't have any favorites to recommend but I do suggest checking out rentry's training guide https://rentry.org/lora_train p.s. don't get pickled! Always use SAFETENSORS for security reasons.

So this project isn't 100% complete, and it may be a bit before I complete it, but I wanted to share the code. The premise of this tool is to allow faster low level development doing bare metal programming on a Raspberri Pi 4B, and potentially faster development of an operating system/kernel. It can be a pain to write code, flash it to an SD card on another machine, then transfer it to the Pi4B, or with a USB. These two tools are meant to more streamline early development processes. Sita Sita is the name for a bare bones C-kernel that will facilitate several functions on the Pi4B. This is communicate over the serial port via UART and execute functions. Warning: The make file was written geared towards compiling it on an M1 MacbookAir. Ganapati Is essentially a communication program in rust to communicate with Sita over USB Serial connection via UART. Agni Agni is the name of the protocol I've cooked up to conduct this over. It is pretty basic. I even wrote a little bit of documentation for it in a repo that can be 'compiled' using MDBook. Central Idea Using the the agni protocol, one has 3 basic methods to call. A peek and poke like method from the days of when machine would ran Basic. You can read what is in a memory address and write to a specific memory address. Ideal for verifying things with registers since datasheets are not always as thorough as we will. Then having the ability to stream compiled binary code over and eventually jump to is and begin executing it. Sita would read it in and place it directly into RAM, jumping to the start address of the program. Repositories https://github.com/martintc/Sita https://github.com/martintc/ganapati https://github.com/martintc/Agni

https://github.com/Alb-310/Geogramint git clone https://github.com/Alb-310/Geogramint.git Geogramint is an OSINT tool that uses Telegram's API to find nearby users and groups. Inspired by Tejado's Telegram Nearby Map, which is no longer maintained, it aims to provide a more user-friendly alternative. Geogramint only finds Telegram users and groups which have activated the nearby feature. Per default it is deactivated. The tool is fully supported on Windows and partially supported on Mac OS and Linux distributions. On Windows With the installer: Click here! With Github: git clone https://github.com/Alb-310/Geogramint.git cd Geogramint/ pip3 install -r requirements.txt python3 geogramint.py Or depending on your installation : git clone https://github.com/Alb-310/Geogramint.git cd Geogramint/ pip install -r requirements.txt python geogramint.py On Mac OS and Linux With Github: git clone https://github.com/Alb-310/Geogramint.git cd Geogramint/ pip3 install -r requirements.txt python3 geogramint.py Or depending on your installation : git clone https://github.com/Alb-310/Geogramint.git cd Geogramint/ pip install -r requirements.txt python geogramint.py More details in the Wiki. Example Start by creating an API key for your Telegram account here. You will also need to put a profile picture on your account and, in your Privacy and Security settings, enable the profile picture for everyone. Launch Geogramint In the settings, write your information (api_id, api_hash and phone number) and then save Choose the location where you want to search, either by moving around the map or by using the search feature with coordinates in lat, lon format Telegram will send you a verification code, write it in the pop-up window (+ your two-step verification password if you have one) Then click Start Search All results will be displayed following: green for 500m yellow for 1000m orange for 2000m red for >3000m (NB: results can also be found in Geogramint/cache_telegram/ in json format + profiles pictures) Reset will clear the results and erase the cache_telegram More details in the Wiki.

Basic algorithm for RSA key generation 1. Choose 2 large primes and make those p and q 2. Let N = p * q 3. Let T = (p-1)(q-1) resulting in the Euler Totient 4. Choose 2 numbers, e and d, where (e*d) mod T = 1 5. Let the public key be (e, N) 6. Let the private key be (d, N) A few details about my implementation Primes are generated by a crate called 'num_primes". Values e, d are selected by letting e = 0 and d = T, looping until the condition (e*d) mod T = 1. If the condition is not true, add one to e and subtract one to d. Code Cargo.toml [package] name = "rust-rsa-fun" version = "0.1.0" edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] num-primes = "0.3.0" main.rs use num_primes::{Generator, BigUint}; struct PublicKey { n: BigUint, e: u64, } struct PrivateKey { n: BigUint, d: u64, } impl PublicKey { pub fn new(n: BigUint, e: u64) -> Self { PublicKey { n: n, e: e, } } pub fn print(&self) { println!("Public Key"); println!("\tN: {}", self.n); println!("\te: {}", self.e); } } impl PrivateKey { pub fn new(n: BigUint, d: u64) -> Self { PrivateKey { n: n, d: d } } pub fn print(&self) { println!("Private Key"); println!("\tN: {}", self.n); println!("\td: {}", self.d); } } fn calc_e_d(e: u64, d: u64, t: &BigUint) -> u64 { let T: u64 = t.bits().try_into().unwrap(); (e * d) % T } fn find_d_e(t: &BigUint) -> Option<(u64, u64)> { let mut d: u64 = t.bits().try_into().unwrap(); let mut e: u64 = 2; let one: u64 = 1; while calc_e_d(e, d, &t) != one { if d == 2 { return None; } e = e + one; d = d - one; } Some((e, d)) } fn main() { let p = Generator::new_prime(64); let q = Generator::new_prime(64); println!("Let p = {p}"); println!("Let q = {q}"); let N = &p * &q; println!("Let N = {N}"); let one: u64 = 1; let T = (p - one) * (q - one); println!("Let T = {T}"); let keys = if let Some(k) = find_d_e(&T) { k } else { println!("Could not find numbers e and d"); return; }; let public_key = PublicKey::new(N.clone(), keys.0); let private_key = PrivateKey::new(N.clone(), keys.1); public_key.print(); private_key.print(); }

https://wiki.archlinux.org/title/Xephyr Before Reading this post I recommend watching the above video and wiki page. Here I only provide an example script of setting up a dev environment. #!/bin/sh Xephyr -br -ac -noreset -screen 800x600 :1 & DISPLAY=:1 awesome --config ./rc.lua & ls ./*.lua | entr kill -s SIGHUP $(ps | grep -Po '([0-9]*)(?=( p.*\.awesome))') & Explanation: first lines runs a Xephyr instance and creates a DISPLAY :1 next line starts the window manager using the config file in the current directory. next line uses entr to listen for changes to the file and send a SIGHUP signal to the window manager to reload the rc.lua. also in case you need to kill everything running in the background of you pty for string in `ps | cut -d ' ' -f 1`; do kill -s term $string; done Result

Grabify is a service that allows you to enter a URL, which in turn provide you with a logging URL that you can give to people. Once a person goes to your new logging URL, their IP address is recorded, and they are forwarded to the original URL that you entered. You can check your logs at any time via a unique tracking code, to see the hits you got. https://grabify.link/

Sn1per is an opensource AIO offensive security framework that includes features such as: Attack Surface Discovery Penetration Testing Visual Recon IT Asset Inventory Vulnerability Management Web Application Scans Reporting OSINT Collection Continuous Scan Coverage Domain Takeover Tools There are also many help topics and integration guides listed directly in the README. Link to repository: https://github.com/1N3/Sn1per

I need it suprisingly often, my previous build had 32 and I swapped alot which turns a simple 1 hour script runtime into a week. I often fill the 64 but when I know it will turn into swapping, I run the jobs at our works' cluster(s). I have workloads with machine learning (i.e trying to figure out the interesting data of 1PB of hydroacoustics), NLP (we've done some contractual governmental work, looking for interference from foreign governments etc), and SoMe analysis. Its also super handy when compiling alot of safety critical application (for iintegration testing and so forth), after all bring ups, there's thousands if not millions of distributed components and doing local simulations are super handy, and it can usually take up to 40-50 GB of RAM. Also, I am retarded so the coding is probably subpar, hence more RAM is super handy

This site is hands down the best most up-to-date resource for anyone wanting to know about all things crypto and DNM (darknet market) related. They have a ton of great informative articles as well as how-to's. Check out jollyrogers security guide. Also there is a great article detailing now to route all your jabber traffic through tor. You can also get the latest news on any DNM (darknet markets) and DNV (darknet vendors) if your so inclined. https://www.deepdotweb.com/

From my understanding the Alpha your using connects via USB. Try adding it in the settings menu of VirtualBox, if that's the virtualization software your running. If it's not, then I don't know what to tell you. Do this by going to the USB settings and clicking the add button. Keep in mind with many types of devices, VIrtualbox does not like to share. It want's 1 OS to "own" it so to speak. So, if your depended on using the interent for your main box, and try using it in a VM you need to choose which one is actually going to get to use it. Make sure you also have the extension pack installed for VB. Go to help -> about virtualbox. This will give you your version number: If you have an older version, you can grab that extension pack here: https://www.virtualbox.org/wiki/Download_Old_Builds If it's up to date, go to the download page for VB, and look for the black heading: "VirtualBox 6.1.26 Oracle VM VirtualBox Extension Pack" click the hyperlink under that. To install it, you can do it with kali open, (easiest) simply click on "install guest addons" in the menu. The image will mount, then cp the files. cp VBoxAddonsLinux*.run Some shit like that this is from memory, so figure it out. (if you prefer gui, open the mounted "disk" and copy that file to the desktop). In terminal (or w/e) cd to Desktop. sudo chmod +x NAMEOFTHE.RUNFILEYOUTRANSFERED sudo ./NAMEOFTHERUNFILEYOUDOWNLOADED.RUN Reboot, the vm. OR. After you grab the extension disk from the download page as explained above, go to file -> preferences, in VBox. click extensions click on the green plus sign to the right, find your download of the extension pack. ALTERNATIVELY, if you open virtualbox, and download the extension pack, you will/may get an options like this: click I agree, and run as admin: Now that all that bullshit is done, attach your wifi adapter. Do this by navigating to the "USB" option in the preferences for that VM. if your adapted does not show up, try switching between USB 1.1 -> USB 2.0 or 3.0. Stat's came up wrong? Double click the adapter, by doing this we can manually add the Vendor and Product ID. Now go to Setting->Network. Select tab Adapter 1. Then in the "Attached to" drop down box, select Bridge adapter, "Name" drop down box select wireless adapterwhich you have , go to advance option, leave adapter type default, set promiscuous mode "Deny" and check the Cable connected box. (yes, though it is wireless adapter, we have to check it). Then Ok. Now remove the wireless adapter physically from your host machine port. Run the virtual machine (Kali Linux). After running Kali, insert wireless adapter in the port of physical machine and see it is showing WiFi interface. Connect it and in terminal, type "ifconfig" command. There will be wireless network interface wlan0. Remember if you remove the wireless adapter physically from your host and after that run Kali linux, it will prompt you a message that Network adapter (w/e name you gave it) is not found. Don't worry if go to next then Kali will run and remove the current network setting. Then it will get back to default setting with eth0.

It isn't really one rig, but the family. Showed Wade some of them earlier. So, from left to right. Apple iBook G4 running OpenBSD. In the back is the Macbook Pro 2015, as you can see from the screen, it is not displaying MacOS. It does dual boot. It dual boots NetBSD and MacOS Big Sur Infront of that, Dell netbook running NetBSD. 2007 white polycarbonate Macbook running NetBSD. Underneath that is a cheap Lenovo Ideapad S340 running Debian. Behind the laptops is a Mac Mini 2009 running netBSD and my Raspberry Pi 4B is seen on the right below the lego Saturn V. It currently runs FreeBSD. More images: The off white grey looking keyboard above is a C64 mini from Retrogames. It is a commodore 64 game emulator. I mainly got it because you can put it in "basic" mode and interface with it as if it were a Commodore 64. Btw, the "Run BSD" stickers you can request for free. They are from an organization in the UK who makes them for people to place on their laptops to sort of advertise the BSD family of Operating Systems. The Mars postage stamp. I picked up a book of stamps featuring planets with plans to associate planets with machines and using the postage stamps as a physical way to show it on the machines themselves.

To piggy back on wade's suggestion. You can also install linux or BSD to a USB so you dont need to truly dual boot if you have concerns. Just buy a large enough USB to comfortably fit an installed linux distro on it and space for whatever files and programs you need. You can also do the same with SD cards, but motherboard can be finnicky about this. If you go the living on a USB, just be aware, you will probably have slower I/O between the CPU and USB stick. Unless maybe you have an older conventional HDD with a slow speed in your machine. But if your hard drive in your machine is an SSD or NVME, expect the USB stick to respond a little slower. Also depending on which version of USB you have.

@WarFox I don't think that C will ever completely be replaced. At least in certain areas, like embedded programming where there are so many libraries written in C. In other areas, though, C might not be "king of the hill." I honestly haven't looked into some of the replacement languages like Rust, but was interested in playing around with it after reading about Wasm. C will always be here. I think it will be interesting to see in what areas its replacements become more popular, though!

@cwade12c Yea so generally a group of people go in a building or a space and they essentially cost share the space and investments on tools. Usually other people can join. The best hackerspace I've seen was down in San Diego when I was stationed there. One of the local hams on the 440 repeater I frequented all the time is an EE at Qualcomm and either was a member or was one of the founders of the San Diego one that I checked out. Each hackerspace can vary, it just depends on the space an equipment. If I remember, the one in San Diego had it's standalone building with a garage. The garage had a lift and everything. You could go in there and someone was doing maintenance, swapping an engine or tinkering. Most of them have full electronics labs with scopes and analyzers. If you have one close they are pretty cool. Just remember I said that they vary. It depends on how much money they have for tools or if they get donations. Some have a monthly membership and some have a day rate. Some have classes. Some will reduce the membership cost if you have a skill or knowledge in an area and are willing to dedicate a few hours a week to hosting a class or just being available to help others. So if they have a CNC machine, they may cut someone slack on membership if they have knowledge and are willing to spend 3 hours every Saturday just helping out. For cost reference, the one in San Diego was I think close to $200/month. https://wiki.hackerspaces.org/San_Diego Edit: You may be more familiar with the term makerspace. It can be essentially the same thing, but the term hackerspace was more before the revolution of arduino, RPIs, and other SBC/MicroControllers.

@cwade12c Thanks for kicking this off. Here's my WIP (I'll be editing here over the next few weekends until I have a working system) Nixos -nix -linux -grub bootloader -systemdDesktop env: Base: - gnomeCustom -Light dm -awesomewm -polybar -rofi -compton -feh Utilities: Calc:bc File manager: ranger Text editor: vim Disk util: parted/gparted Webcam Screen shot Network manager Alacrity Zsh + o my zsh Ffmpeg ImageMagick Mplayer TreeApplications: Browser: brave Adobe reader Evolution Vscode Wps office Git Pywal

An operating system that I've recently been very interested in trying out is Qubes OS. This operating system's primary focus is on security, and on being as secure as humanly possible. Part of being extremely security conscious is the recognition of the fact that it's impossible to completely prevent being hacked, so the unique philosophy of Qubes OS is damage mitigation through compartmentalization. Every single aspect of Qubes OS takes place in a virtualized container that is separated from everything else and also labeled based on its trust level, while everything is managed behind the scenes by the Xen Hypervisor. Many people would wrongly assume that Qubes OS is a Linux distro because the GUI is fedora, but the GUI is *only* the GUI. The true operating system is Xen. Here is a flowchart type diagram showing how it works: An incredible feature of Qubes is the ability to easily create disposable VMs on the fly, and these VMs can be based on templates that you create ahead of time which tell the system exactly what programs will come pre-installed on the disposable VM and what all the settings will be. The disposable VM is then an instance of the template. This would allow you to, for example, create a template that includes Firefox or your browser of choice, with all of your bookmarks and add-ons pre-loaded. Then whenever you want to browse the internet you could do it exclusively in this disposable VM giving you ultimate security while hardly sacrificing any convenience. Here is a cool YouTube video reviewing it and walking through all of the features including creating templates and disposable VMs.

This is really great! I started looking through this, but will need to look through the rest a bit later. My C is pretty rusty, so I doubt I could offer any suggestions, I'll mostly be looking out of interest and to brush up on knowledge. It looks like you've got it working on both netbsd and linux though, which is awesome! I wrote an http server and client in C (and python) a long time ago (I'll try to find the src) and I remember that before doing so, actually simulating sending and recv a request via netcat according to the http spec was very helpful to my understanding. If you get stuck along the way with other enhancements you want to add, I might suggest going through that interactive "simulation" with netcat to wrap your head around the concepts. Looking good! And awesome to see that you have it deployed. I went to the site and it loaded instantly in both Firefox and Brave. Great work.

Oh interesting. This looks almost identical to WinDirStat which I've used. I wonder how they compare.

Here is a small encryption program I wrote after hearing a podcast mentioning XOR encryption. Thought it could be fun for others and maybe spark some ideas for your own projects. #include <stdio.h> #include <unistd.h> #include <stdbool.h> #include <string.h> /** * An XOR encryption tool * * Usage: xor [-k key] [file or stdin] */ static void xor_operate(const char *str, int strLen, const char *key) { static int keyIndex = 0; int keyLen = strlen(key); for (size_t i = 0; i < strLen; ++i) { char ch = str[i] ^ key[keyIndex++]; printf("%c", ch); if (keyIndex >= keyLen) keyIndex = 0; } } int main(int argc, char* argv[]) { int opt; const char *key = "defaultkey"; while ((opt = getopt(argc, argv, "k:")) != -1) { switch (opt) { case 'k': key = optarg; break; default: break; } } fprintf(stderr, "Key: %s\n", key); FILE *in = fopen(argv[optind], "r"); if (in == NULL) in = stdin; char buffer[1024]; unsigned int i = 0; char ch; while ((ch = fgetc(in)) != -1) { buffer[i++] = ch; if (i >= 1024) { xor_operate(buffer, i, key); i = 0; } } xor_operate(buffer, i, key); return 0; }

Here's another one if anyone's interested, see if anyone can get past level 7...i know my sanity didn't https://unescape-room.jobertabma.nl/

As part of larger project, I found myself wanting to create a database of as many DnD monsters as possible. So I set out to write a program that would take them off of public wiki pages so that it could do all of the work for me. The wiki I used was dandwiki and specifically their monster list for 5e. The database isn't particularly useful on its own since it would be impractical to try to read these database items yourself, and like I said, it is part of a larger project. But it could still be useful if you're playing without internet and needed a reference, and it's got a lot of cool regex in it to look at and learn from. Please note that they do have a "terms and conditions for non-human visitors" page here which my program is fully compliant with. I even put a 3 second interval in between page requests so as to be less bothersome. Additionally any database created as a result of running my program will be licensed under the GNU Free Documentation License v1.3 which is available here. Now that the legal nonsense mumbo jumbo is out of the way, the program works by requesting the page for their monster list, then goes through all hyperlinks within that page and requests the pages for any of them that have "(5e_Creature)" in the URL, then uses a ton of regular expressions to find all of the relevant data. It then places that data into this configuration in a .csv file: Note that, by the nature of how this program was written and its source, many of the resulting database entries are likely to be improperly formatted or missing elements. There are simply too many entries for me to manually check if they've been properly processed, and many of the wiki entries have inconsistent formatting. That said, I've written the program to be as flexible as possible and fixed many issues while writing the program, so hopefully even inconsistencies that I'm unaware of should be properly processed. Here is the code: (the indentation messed up a tiny bit) And here is a link to the download for the database so that you don't have to run this and bother the website owners: https://megaupload.nz/D7WdZbvfn4/Monsters_rar

https://www.zdnet.com/article/sha-1-collision-attacks-are-now-actually-practical-and-a-looming-danger/ The article notes the history of collision vulnerabilities in Sha-1 dating back to 2005 when it was broken only in theory, and in 2017 when a successful attack was done by researchers at Google and CWI Amsterdam at the expense of $110,000. Only this month, however, is when this chosen prefix attack was developed by Gaëtan Leurent and Thomas Peyrin. They detailed their multi-phase attack more specifically in this paper (direct pdf link) https://eprint.iacr.org/2019/459.pdf The news article makes the conclusion that Sha-1 should be considered completely and entirely dead and provides a list of alternatives to switch to in order of preference.

This is part of a homework assignment I had to code, figured I would share it since it might be some good code to read for anyone who hasn't dabbled in C. We also had to implement this same program in java and c++. Premise of the program: Using structures and pointers, create a gameboard and game pieces. Be able to create game pieces, place them on the board and move them around. Pieces can not be placed into an already occupied space, and can not move into an occupied space. This program takes board locations as elements of array. So 0, 0 is a a place on the board. If there are 5 rows and columns, rows ranged from [0 - 4] and columns ranges from [0 - 4].

Any way there could be another version of this script that uses tor as a socks5 proxy using proxychains to grab the doc's in a more low key way? Could the editing of the config for proxychains also be automated into the script? Really all the end user would need to do at that point is open up the tor browser bundle, not to mention they could edit the script to grab anything from any site with a bit more privacy. Just a thought. EFF FTW!

phpAPE phpAPE is a web application that allows for the administration, registration, and grading of exams. Create exams and in-class exams Create exam categories with custom points Manage locations, rooms, and seats Allow students to register for exams during certain time periods Assign graders to grade exams Register entire classes for an exam with a csv file Configure custom reports and generate reports for exams https://github.com/cwade12c/APE-Rebuild-2.git Credits Personal Notes Nothing too impressive. There's some interesting design patterns and API security, in addition to separation of concerns. Could be a useful resource to learn from. Requirements Software Version php 7.0.22 apache 2.4.18 mod-rewrite curl 7.47.0 Installation --Step 1. Install the required bower packages: bower install --Step 2. Install the required php dependencies: composer install --Step 3. Install the required node modules: npm install --Step 4. Move datetimepicker to the vendor directory: mv node_modules/jquery-datetimepicker vendor --Step 5. Edit the config.default.php file and set the CONFIG_PATH to equal the absolute path to the "config" directory of this project. --Step 6. Edit all of the default files located in the "config" directory. --Step 7. For each file in the "config" directory, remove "-default" from the file name. --Step 8. Rename config.default.php to config.php --Step 9. Create a cache directory that is owned by the web server: mkdir cache; chmod 755 cache; chown www-data cache --Step 10. Create a security.log file located in the LOG_PATH as defined in config/path.config.php cd /var/www; touch security.log; chown www-data security.log; chmod 755 security.log --Step 11. Enable mod-rewrite and restart apache: a2enmod rewrite; service apache2 restart IMPORTANT: Make sure that DEBUG is set to false in config/security.config.php Directory Structure ./ ------------------------------------------ Root directory ├── api ------------------------------------- Contains API files ├── cache ----------------------------------- Twig caching directory ├── config ---------------------------------- Configuration files ├── includes -------------------------------- PHP backend inclusions │ ├── db ---------------------------------- Database related inclusions │ │ ├── functions ----------------------- Database page functions │ │ └── queries ------------------------- Database query functions │ └── operations -------------------------- Operation behaviors for the API ├── node_modules ---------------------------- Contains installed node packages ├── pages ----------------------------------- PHP page files that invoke renderTemplate(...) ├── scripts --------------------------------- APE javascript files ├── sources --------------------------------- General resources │ ├── images ------------------------------ Image resources │ └── styles ------------------------------ Styling resources ├── templates ------------------------------- Twig templates │ ├── components -------------------------- Markup+JS that use Operations │ ├── layout ------------------------------ Common templates that compose layout │ ├── modals ------------------------------ Modal related templates │ └── pages ------------------------------- Page templates that include Components └── vendor ---------------------------------- Contains third party libraries ├── bootstrap --------------------------- CSS library ├── composer ---------------------------- PHP Dependency Manager (Twig) ├── jquery ------------------------------ JavaScript library ├── jquery-datetimepicker --------------- jQuery plugin ├── jquery-mousewheel ------------------- jQuery plugin ├── less -------------------------------- CSS pre-processor ├── lodash ------------------------------ Utility function JavaScript library ├── phpcas ------------------------------ CAS authentication dependency │ └── CAS ├── php-date-formatter ------------------ jQuery plugin ├── remarkable-bootstrap-notify --------- jQuery plugin ├── symfony ----------------------------- Twig dependency ├── tether ------------------------------ Bootstrap dependency └── twig -------------------------------- Template engine Adding a new page Adding a new page consists of: Creating a new php file (pages/pageName.php) Create a $parameters array to send extra variables to Twig template (can be an empty array) Invoke renderPage("pages/pageName.twig.html", $parameters); Creating a new Twig file in templates/pages Extend the base template {% extends "layout/base.twig.html" %} Overwrite the content block {% block content %} {% endblock %} Add custom markup to the content block or include components {% block content %} {{ include('components/nameOfComponent.twig.html') }} {% endblock %} If you need to conditionally show child templates (for example, a different homepage depending on the user type), use Twig conditionals {% block content %} {% if params.type == constant('ACCOUNT_TYPE_STUDENT') %} {{ include('pages/home/student-home.twig.html') }} {% elseif params.type == constant('ACCOUNT_TYPE_GRADER') %} {{ include('pages/home/grader-home.twig.html') }} {% elseif params.type == constant('ACCOUNT_TYPE_TEACHER') %} {{ include('pages/home/teacher-home.twig.html') }} {% elseif params.type == constant('ACCOUNT_TYPE_ADMIN') %} {{ include('pages/home/admin-home.twig.html') }} {% endif %} {% endblock %} New page example URL will be: site.tld/createAccount Create pages/createAccount.php <?php $parameters = array(); renderPage("pages/create-account.twig.html", $parameters); Create templates/pages/create-account.twig.html {% extends "layout/base.twig.html" %} {% block title %}Create Account{% endblock %} {% block head %} {{ parent() }} {% endblock %} {% block content %} <h2>Create New Account</h2> {{ include('components/create-account.twig.html') }} {% endblock %} If you have trouble loading your new page, try clearing Twig's cache: rm -r cache/* Composer Composer offers several subcommands that may be necessary Use composer list to list all commands Use composer install to update dependencies, autoload lists, etc

Here's a BASH ping sweep program I wrote for my systems programming class. Its use case is very narrow: You have a bash shell on a remote box but no access to a better recon tool (like NMAP). Why not just send nmap over the wire and use it? Because you may be in a position where you can't chmod+x nmap after you do so. To be fair you can't chmod+x this script either but you can, with modification, feed it directly into your shell no chmod required. I'm posting it in POC form for ease of analysis. #!/bin/bash function ip_to_decimal() { local dec_ip=0 for ((a=4, b=1; b < 5 ; a--, b++)) do let dec_ip+=$((`echo $1 | cut -d "." -f $b`<<$((8 * ($a - 1))))) done echo $dec_ip } #ip_to_decimal 192.168.56.101 function decimal_to_ip() { local ip for ((a=3, b=0; b < 4 ; a--, b++)) do ip+=$(( ($1 & (0xff000000 >> (8 * $b))) >> (8 * $a) )) if [ "$b" -ne 3 ] then ip+=. fi done echo $ip } #decimal_to_ip 3232249957 function increment_ip_address() { local dec_ip=`ip_to_decimal $1` let dec_ip+=1 local inc_ip=`decimal_to_ip $dec_ip` echo $inc_ip } #increment_ip_address 192.168.56.101 function ips_in_subnet() { local a=`ip_to_decimal $1` a=$(( ((~ $a) & 0xffffff) - 1)) echo "$a" } #ips_in_subnet 255.255.255.0 if [ "$#" -ne 2 ] then printf "Usage:\n\t%s <network-address> <subnet-mask>\n\n" $0 printf "\tExamples:\n" printf "\t\t%s 192.168.56.0 255.255.255.0\n" $0 printf "\t\t%s 192.168.56.0 255.255.255.128\n" $0 printf "\t\t%s 192.168.56.128 255.255.255.128\n" $0 printf "\n" exit fi number_ips=`ips_in_subnet $2` ip_address=$1 for n in `seq 1 $number_ips` do ip_address=`increment_ip_address $ip_address` (ping $ip_address -c 1 -W 1 | grep from | cut -d " " -f 4 | cut -d ":" -f 1 & ) 2> /dev/null done