Skip to content

Instantly share code, notes, and snippets.

View drunkrhin0's full-sized avatar

Rami drunkrhin0

85 followers · 90 following
View GitHub Profile
@plembo
plembo / ghpwithnamecheap.md
Last active April 10, 2024 01:53
GitHub Pages with Namecheap custom domain

Using GitHub Pages with a custom domain: Namecheap Edition

As often happens, I found the official documentation and forum answers to be "close, but no cigar", and so had to experiment a little to get things working.

The main problem for me was a lack of concrete configuration examples. That's not entirely GitHub's fault: having migrated from Google Domains to Namecheap in the middle of this project, I was once again reminded of how many different ways there are to do things in the name service universe [1].

Although you'd think the simplest setup would be to merely configure for the subdomain case (https://www.example.com), in my experience using the apex domain (https://example.com) instead resulted in fewer complications.

Procedure

So here's my recipe for using a custom domain with GitHub pages where Namecheap is the DNS provider:

@me0wday
me0wday / BlindGraphQL.md
Last active October 17, 2023 15:16
Blind Graphql Discovery to Altair Schema

Playing with GraphQL when introspection is disabled

Quick write up on extracting a GraphQL schema when introspection is disabled. Bits and pieces sourced from various sources. Successfully tested on an Apollo instance.

TLDR: Some GraphQL instances provide name autocomplete suggestions. Some peeps have written tools to automate the extraction process. (ref https://youtu.be/nPB8o0cSnvM).

1. Bruteforce schema without introspection

First step is using a tool called clairvoyance by @nikitastupin (https://github.com/nikitastupin/clairvoyance). I found the main repo to lack error handling and support for additional features such as proxy.

@0xatul
0xatul / foxyproxyBB.json
Created June 25, 2020 09:46
firefox foxy proxy settings for BB stuff
{
"84kr3q1592995213323": {
"type": 1,
"color": "#cc883a",
"title": "Burp",
"active": true,
"address": "127.0.0.1",
"port": 8080,
"proxyDNS": false,
"username": "",
@alexeygrigorev
alexeygrigorev / get-winners.py
Last active June 4, 2021 15:12
Running giveaway campaigns on twitter
from glob import glob
from random import shuffle
import requests
coupon_codes = [
'mlbookcamp-1',
'mlbookcamp-2',
'mlbookcamp-3',
'mlbookcamp-4',
@krejac
krejac / mitigating-cve-2019-0708.md
Created June 27, 2019 14:47

When Microsoft chooses to release security updates for OS's that are way out of support security specialists grabs a cup of coffee and starts reading. BlueKeep (also known as CVE-2019-0708) is a flaw in Microsofts Remote Desktop Services that allows an attacker to gain full control over an affected system.

The vulnerability occurs during pre-authorization, and has the potential to run arbitrary malicious code in the "NT Authority\SYSTEM" user security context. Which means that you don't need to know any credentials to exploit the flaw and that you get to execute code as a privileged user.

Oh, and Microsoft says that it's potentially wormable like WannaCry, meaning that someone could write code that makes this self-replicating, making it possible to spread throughout a (inter-)network without intervention.

The vulnerable systems are Windows Server 2003, Windows XP, Windows Vista, Windo

@7MinSec
7MinSec / WindowsCommandLineShortcutsAndTips.md
Created April 25, 2019 00:09
Windows command line shortcuts and tips

As heard on 7MS #357

Windows command line shortcuts and tips:

Creative ways to play with cmd

Basically, you can do Windows Key + R then type cmd and Enter for quick access to command line.

But lets do some more fun stuff. Wanna open a command window from the desktop and launch a command in one swoop? Try this:

@7MinSec
7MinSec / Pentest_lab_GPOs.md
Last active April 7, 2021 06:40

Pentest lab GPOs

Note: this set of GPOs accompany's a YouTube video all about building your own pentest lab

Personally, when I setup an internal/test/pentest Active Directory environment I like to leave some settings the way most client environments are setup - both for ease of management and easier attacks, so that includes spinning up the following GPOs:

Enable RDP on desktops Create a new GPO and link it whatever OU your workstations are in, and set Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections and set Allow users to connect remotely using Remote Desktop Services to Enable

Then, create a security group in AD, called RDP-peeps for example, that you want to allow to RDP into all workstations.

@kpatnayakuni
kpatnayakuni / Demo-Choices.ps1
Last active March 14, 2024 22:37
Prompt for choice in PowerShell
# PromptForChoice Args
$Title = "Do you want to proceed further?"
$Prompt = "Enter your choice"
$Choices = [System.Management.Automation.Host.ChoiceDescription[]] @("&Yes", "&No", "&Cancel")
$Default = 1
# Prompt for the choice
$Choice = $host.UI.PromptForChoice($Title, $Prompt, $Choices, $Default)
# Action based on the choice
@ClassicOldSong
ClassicOldSong / tmuxlogin
Last active November 21, 2023 22:49
Use tmux as your login shell
#!/bin/bash
# Usage:
# Download this file
# Put it in /bin or wherever you want, eg: `/bin/tmuxlogin`
# Give it excutable permission, eg: `sudo chmod +x /bin/tmuxlogin`
# Modify your `/etc/shells` and add `/bin/tmuxlogin` to it
# Modify your `~/.tmux.conf` and add `set-option -g default-shell /bin/bash(or whatever shell you want)` to it
# `chsh -s /bin/tmuxlogin`
# Done!
@7MinSec
7MinSec / lowhanging.md
Last active June 9, 2022 13:15
Low-hanging hacker fruit (and how to remove it)

Low Hanging Hacker Fruit

This gist focuses on (relatively) free and (relatively) easy things organizations can do to better protect their networks without buying yet another black box with blinking lights.

Got some ideas of your own that should be on this list? Please leave a comment below!

Implementing a stronger AD password policy

Microsoft has a great paper on the topic that gives some nice high level recommendations:

  • Use a unique password per site
  • Enable complexity