content, build fixes

_includes/layouts/base.njk

@@ -19,7 +19,7 @@
 		<link rel="stylesheet" href="{% getBundleFileUrl "css" %}">
 		<link rel="stylesheet" href="{% getBundleFileUrl "css", "defer" %}">
 		<script src="{% getBundleFileUrl "js" %}"></script>
-		<script src="{% getBundleFileUrl "js", "module %}"></script>
+		<script src="{% getBundleFileUrl "js", "module" %}"></script>
 		{% getBundle "html", "head" %}
 	</head>
 	<body>

content/blog.njk

@@ -1,10 +1,10 @@
 ---
 layout: layouts/home.njk
 eleventyNavigation:
-  key: Archive
+  key: Posts
   order: 2
 ---
-<h1>Archive</h1>
+<h1>Posts</h1>
 
 {% set postslist = collections.posts %}
 {% include "postslist.njk" %}

content/blog/github-codesarch.md

@@ -0,0 +1,34 @@
+---
+title: Abusing regex in GitHub code search
+date: 2025-04-24
+tags:
+	- short
+	- cybersec
+---
+
+I recently discovered that the new(ish) GitHub Code Search feature
+supports regular expressions. While dorking on the classic GitHub search
+has been documented to death by skids, I haven't seen anyone reference this yet.
+I'm sure someone is using it, since it's powerful.
+
+Case in point:
+```
+/"[a-z]{4}(?: [a-z]{4}){3}"/ language:Python SMTP
+```
+
+That regex is a bit tricky, but it's just matching for 4 space-separated
+groups of 4 lowercase letters. What good does that do, you might ask?
+The SMTP should be a hint - it's some kind of credential for email.
+More specifically, this is the Google app password format.
+
+This search has 5k hits.
+
+I think Google will still block suspicious connections, so this isn't a huge
+pwn. But I guarantee at least one of these accounts has bad opsec, so you can
+determine their location. Combined with a bit of residential proxy work... you
+get the idea.
+
+GitHub should be a lot more proactive about this stuff - blocking it from
+search, blocking it from public discovery, or even blocking the commit
+itself. Most people who are posting this stuff don't know how they could do it
+better.

content/blog/hacking-hikmicro-pt1/hacking-hikmicro.md

@@ -1,7 +1,9 @@
 ---
 title: Reversing an image format
 date: 2025-01-15
-tags: [reverse-engineering, hacking-hikmicro]
+tags:
+	- reverse-engineering
+	- hacking-hikmicro
 drafts: true
 ---
 

content/now.md

@@ -1,6 +1,7 @@
 ---
 layout: layouts/base.njk
 title: Now
+draft: true
 eleventyNavigation:
   key: Now
   order: 4
@@ -11,14 +12,13 @@ Rate-Monotonic scheduling my life.
 
 ### Playing
 
-- Helldivers 2 {gamepad}
+- Helldivers 2
 - Ocarina of Time Randomizer Multiworld [link](https://wiki.ootrandomizer.com/index.php?title=Multiworld)
 
 ### Doing
 
-- Putting out fires at $dayjob {fire}
 - Bouldering!
 
-## Breaking
+### Breaking
 
 - Hacking together servers with [NixOS](https://nixos.org/)