Skip to content

Instantly share code, notes, and snippets.

View dustyfresh's full-sized avatar
👽

dustyfresh dustyfresh

👽
124 followers · 101 following
View GitHub Profile
@marcnewlin
marcnewlin / apple-hid-read-flash.py
Created March 23, 2024 15:47
#!/usr/bin/env python3
import usb.core
import struct
from collections import namedtuple
APPLE_VID = 0x05ac
Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"])
@xen0bit
xen0bit / Dockerfile
Created October 11, 2023 04:19
CVE-2023-38545
FROM debian:latest
RUN apt-get update && apt-get install -y \
git \
build-essential \
wget \
python3
WORKDIR /build
@adulau
adulau / http2-rapid-reset-ddos-attack.md
Last active April 4, 2024 17:59
HTTP/2 Rapid Reset DDoS Attack

Introduction

This Gist aims to centralise the most relevant public sources of information related to the HTTP/2 Rapid Reset vulnerability. This vulnerability has been disclosed jointly by Google, Amazon AWS, and Cloudflare on 10 October 2023 at 12:00 UTC.

Please help us make this page as comprehensive as possible by contributing relevant references, vendor advisories and statements, mitigations, etc.

References

@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active May 6, 2024 10:09
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@superducktoes
superducktoes / Callback Domains log4j
Last active April 4, 2022 15:33
Callback Domains log4j
ldap://e2216d7a9a31.bingsearchlib.com:39356/a
ldap://612877d3a59b.bingsearchlib.com:39356/a
ldap://205.185.115.217:47324/a
ldap://ab3419ba1f45.bingsearchlib.com:39356/a
ldap://193.3.19.159:53/c
ldap://ea62856c5fc3.bingsearchlib.com:39356/a
ldap://43065f484327.bingsearchlib.com:39356/a
ldap://5486b6edd688.bingsearchlib.com:39356/a
ldap://92d27039ede4.bingsearchlib.com:39356/a
ldap://45cecd2f38ca.bingsearchlib.com:39356/a
@jfmaes
jfmaes / ssl-scraper.py
Last active September 10, 2021 16:52
extract hostnames based on SSL certificates
#!/usr/bin/python
import requests
from socket import *
from requests.packages.urllib3.contrib import pyopenssl as reqs
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
import argparse
import ipaddress
#import asyncio
@veorq
veorq / paperwriting.md
Last active August 28, 2023 01:19
Recommended reading for writers of research papers
@muff-in
muff-in / resources.md
Last active May 8, 2024 16:56
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources
@RienNeVaPlus
RienNeVaPlus / letsencrypt-certbot-arangodb.md
Last active February 28, 2024 12:31
Using Let's Encrypt's Certbot SSL-Certificates with ArangoDB

Using Let's Encrypt's Certbot Certificates with ArangoDB

Let's Encrypt generates SSL certificates for free.
Follow these steps to create and use an SSL certificate with ArangoDB.

1. Install the Certbot from LetsEncrypt (Certbot instructions)

sudo apt-get update
sudo apt-get install software-properties-common
@readmeexe
readmeexe / tvd.py
Last active October 1, 2020 00:15
#!/usr/bin/env python3
# Decrypt Teamviewer Passwords from exported registry file
# Usage: python tvd.py Teamviewer_Settings.reg
# Modified by readmeexe
#
# CVE-2019-18988
# Original Author @whynotsecurity
# https://whynotsecurity.com/blog/teamviewer/
import sys, hexdump, binascii