| Blog | https://emanuelduss.ch |
| GitHub | https://github.com/emanuelduss |
This is probably the easiest way to perform reverse DNS lookups over IP address ranges using the built-in tool getent and bash brace expansion:
getent hosts 130.59.{20,31}.{0..255}
Useful if you are on a system/container with limited tools.
Cool #38c3 talk about bypassing #BitLocker in TPM only mode. A downgrade attack allows you to exploit "bitpixie" again.
https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver
PXE Boot → boot downgraded/vulnerable #Windows boot loader → decrypt disk using TPM → reboot → key stays in memory → boot Linux → read key
Ever wondered how Cellebrite and law enforcement gain access to encrypted devices without knowing the password? In this talk, we’ll demon...
Easy way to find SSH agent sockets on a system:
$ sudo cat /proc/*/environ | grep -Ehaoz "SSH_AUTH_SOCK=.+" 2>/dev/null | tr '\0' '\n' | sort -u
BTW this is one of the rare cases where the useless usage of cat | grep is legit ;-)
Interesting: socat can listen on two ports (1). First, it listens on the first provided port (2), where you can connect to (3). Then it listens on the second provided port (4), where you also can connect to (5). You can then send data between these clients, e.g.from the first client (6) to the second client (7) or vice versa.
The same works via TLS, UDP, IPv6, Unix Sockets, etc.
This can be useful if you want to connect two clients which can't talk to each other directly via another external accessible system.
