Skip to content

Instantly share code, notes, and snippets.

View cocoonkid's full-sized avatar
💭
/r/masterhacker/

cocoonk1d cocoonkid

💭
/r/masterhacker/
View GitHub Profile
javascript:(function(){function e(){var e=document.createElement("div");e.style.position="fixed",e.style.top="50%",e.style.left="50%",e.style.transform="translate(-50%, -50%)",e.style.backgroundColor="#001f3f",e.style.color="white",e.style.fontFamily="Arial, sans-serif",e.style.padding="20px",e.style.boxShadow="0 0 10px rgba(0,0,0,0.5)",e.style.zIndex="9999",e.style.maxHeight="80%",e.style.maxWidth="80%",e.style.overflowY="auto";var t=document.createElement("button");t.innerText="Close",t.style.position="sticky",t.style.top="0",t.style.backgroundColor="#ff4136",t.style.color="white",t.style.border="none",t.style.padding="10px",t.style.cursor="pointer",t.onclick=function(){document.body.removeChild(e)},e.appendChild(t);var n=document.createElement("div");n.id="endpointContainer",n.innerHTML="<h2 style='color:white;'>Endpoints</h2>",e.appendChild(n);var o=document.createElement("div");o.id="paramContainer",o.innerHTML="<h2 style='color:white;'>Endpoints with Parameters</h2>",e.appendChild(o);var a=document.crea
@grahamhelton
grahamhelton / steal_etcd.sh
Created June 7, 2024 19:25
Quick bash script to steal an etcd database
# This script attempts to take a snapshot of the kubernetes etcd database for exfiltration
# This should be run post-compromise of a node
#!/usr/bin/env bash
NOCOLOR=$(tput sgr0)
RED=$(tput setaf 1)
GREEN=$(tput setaf 2)
BLUE=$(tput setaf 4)
YELLOW=$(tput setaf 3)
TICK="$NOCOLOR[$GREEN+$NOCOLOR] "
@Rhynorater
Rhynorater / nowafpls___8KB.json
Created May 26, 2024 12:37
nowafpls - Caido Convert Workflow
{
"description": "Bypass WAFs with 8KB Padding.",
"edition": 2,
"graph": {
"edges": [
{
"source": {
"exec_alias": "exec",
"node_id": 2
},
@OrionReed
OrionReed / dom3d.js
Last active June 21, 2024 14:11
3D DOM viewer, copy-paste this into your console to visualise the DOM topographically.
// 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks.
// You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/)
(() => {
const SHOW_SIDES = false; // color sides of DOM nodes?
const COLOR_SURFACE = true; // color tops of DOM nodes?
const COLOR_RANDOM = false; // randomise color?
const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com)
const MAX_ROTATION = 180; // set to 360 to rotate all the way round
const THICKNESS = 20; // thickness of layers
const DISTANCE = 10000; // ¯\\_(ツ)_/¯
@0xdevalias
0xdevalias / reverse-engineering-macos.md
Last active June 21, 2024 00:52
Some notes, tools, and techniques for reverse engineering macOS binaries
@ruevaughn
ruevaughn / latency.txt
Created December 1, 2023 08:38 — forked from jboner/latency.txt
Latency Numbers Every Programmer Should Know
Latency Comparison Numbers (~2012)
----------------------------------
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns 14x L1 cache
Mutex lock/unlock 25 ns
Main memory reference 100 ns 20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy 3,000 ns 3 us
Send 1K bytes over 1 Gbps network 10,000 ns 10 us
Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD
@yunginnanet
yunginnanet / fwd55.go
Last active January 6, 2024 03:56
fwd55.go
package main
// ▄─▄ ▄ ▄ ▄ ──▄ ▄─▄ ▄─▄
// ▓─ ▓ ▓ ▓ ▓ ▓ ▀─▄ ▀─▄
// ▀ ▀─▀─▀ ──▀ ▀─▀ ▀─▀
// f w d --> 5 5
//
// simple rfc1928 proxy server
//
//
@colinrubbert
colinrubbert / getAllGlobals.js
Created August 23, 2023 14:44
Get all runtime global variables set by the app
/**
* RuntimeGlobalsChecker
*
* You can use this utility to quickly check what variables have been added (or
* leaked) to the global window object at runtime (by JavaScript code).
* By running this code, the globals checker itself is attached as a singleton
* to the window object as "__runtimeGlobalsChecker__".
* You can check the runtime globals programmatically at any time by invoking
* "window.__runtimeGlobalsChecker__.getRuntimeGlobals()".
*
@0xdevalias
0xdevalias / _deobfuscating-unminifying-obfuscated-web-app-code.md
Last active June 16, 2024 01:01
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
#!/usr/bin/env python3
"""
Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance.
Based on: https://github.com/thalpius/Microsoft-Defender-for-Identity-Check-Instance.
Usage: ./check_mdi.py -d <domain>
"""
import argparse
import dns.resolver