Skip to content

Instantly share code, notes, and snippets.

View RedTahr's full-sized avatar

Allister RedTahr

  • New Zealand
View GitHub Profile
@wlib
wlib / LICENSE
Last active April 30, 2024 17:07
Run a shell script with bash, line-by-line, prompted on each command. Useful for running unknown scripts or debugging. Not a secure substitute for understanding a script beforehand.
MIT License
Copyright (c) 2021 Daniel Ethridge
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
@mattifestation
mattifestation / HowToDetectTechniqueX_Demos.ps1
Created September 6, 2019 22:03
Demo code from my DerbyCon talk: "How do I detect technique X in Windows?" Applied Methodology to Definitively Answer this Question
#region Attack validations
wmic /node:169.254.37.139 /user:Administrator /password:badpassword process call create notepad.exe
Invoke-WmiMethod -ComputerName 169.254.37.139 -Credential Administrator -Class Win32_Process -Name Create -ArgumentList notepad.exe
$CimSession = New-CimSession -ComputerName 169.254.37.139 -Credential Administrator
Invoke-CimMethod -CimSession $CimSession -ClassName Win32_Process -MethodName Create -Arguments @{ CommandLine = 'notepad.exe' }
$CimSession | Remove-CimSession
winrm --% invoke Create wmicimv2/Win32_Process @{CommandLine="notepad.exe"} -remote:169.254.37.139 -username:Administrator -password:badpassword
@andyraddatz
andyraddatz / ASCIIStringExtensions.cs
Last active May 29, 2024 15:10
C# String extension method to fold diacritics to ASCII characters
// IMPORTANT
using System.Text;
// This gist was created thanks to this comment from Alexander on StackOverflow:
// https://stackoverflow.com/questions/249087/how-do-i-remove-diacritics-accents-from-a-string-in-net#comment86833005_34272324
// This is a derivative work. The logic of this function comes from a switch statement found inside the
// Lucene.Net library. The documentation of the conversion of characters is quite impressive
// (thank you @NightOwl888 and @synhershko !!!):
// https://github.com/apache/lucenenet/blob/master/src/Lucene.Net.Analysis.Common/Analysis/Miscellaneous/ASCIIFoldingFilter.cs
@JohnLaTwC
JohnLaTwC / attack.csl
Created May 7, 2019 16:58
Azure Sentinel Password spray query
let valid_logons = (OfficeActivity
| where TimeGenerated > ago(30d)
| where Operation == 'UserLoggedIn'
| summarize by ClientIP);
let only_invalid_logons = (OfficeActivity
| where TimeGenerated > ago(30d)
| where Operation == 'UserLoginFailed'
| summarize by ClientIP)
| join kind=anti (valid_logons) on ClientIP;
OfficeActivity
@robey
robey / apple1-rom.txt
Last active May 22, 2023 03:49
apple 1 ROM disassembly
;
; the "monitor ROM" of an apple 1 fit in one page (256 bytes).
;
; this is my attempt to take the disassembled code, give names to the
; variables and routines, and try to document how it worked.
;
;
; an apple 1 had 8KB of RAM (more, if you hacked on the motherboard), and a
; peripheral chip that drove the keyboard and video. the video was run by a
; side processor that could treat the display as an append-only terminal that
@marcostolosa
marcostolosa / docker-pentest.md
Created July 11, 2018 17:20
Docker for Pentesters

Docker for Penetration Testing

Official Kali Linux

docker pull kalilinux/kali-linux-docker 

Official OWASP ZAP

@Atticuss
Atticuss / robo_kb.py
Last active May 17, 2019 23:59
Read in a file and pipe it through a virtual keyboard -- uses the pynput module
import time, string, sys
from pynput.keyboard import Key, Controller
kb = Controller()
shift_keys = {
'<' : ',',
':' : ';',
'>' : '.',
'+' : '=',
@wdormann
wdormann / disable_win10_foistware.reg
Created January 2, 2018 23:15
Attempt at disabling Windows 10 automatic installation of 3rd-party foistware
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy]
"Disabled"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager]
"SubscribedContent-338388Enabled"=dword:00000000
@timvisee
timvisee / falsehoods-programming-time-list.md
Last active June 21, 2024 17:39
Falsehoods programmers believe about time, in a single list

Falsehoods programmers believe about time

This is a compiled list of falsehoods programmers tend to believe about working with time.

Don't re-invent a date time library yourself. If you think you understand everything about time, you're probably doing it wrong.

Falsehoods

  • There are always 24 hours in a day.
  • February is always 28 days long.
  • Any 24-hour period will always begin and end in the same day (or week, or month).
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Xamarin.Forms;
namespace CustomNavigationBarSample
{
public class CustomNavigationPage : NavigationPage