Skip to content

Instantly share code, notes, and snippets.

View leonjza's full-sized avatar
[hip, hip]

Leon Jacobs leonjza

[hip, hip]
589 followers · 0 following
View GitHub Profile
@thesamesam
thesamesam / xz-backdoor.md
Last active May 4, 2024 09:26
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

@AetherEternity
AetherEternity / user.js
Last active May 3, 2023 22:57
Silent firefox
// Mozilla User Preferences
// To change a preference value, you can either:
// - modify it via the UI (e.g. via about:config in the browser); or
// - set it within a user.js file in your profile (create it if it doesn't exist).
//
// Profile folder location on different systems:
// Windows: C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default
// Mac OS X: Users/<username>/Library/Application Support/Firefox/Profiles/xxxxxxxx.default
// Linux: /home/<username>/.mozilla/firefox/xxxxxxxx.default
@mackwage
mackwage / windows_hardening.cmd
Last active April 28, 2024 20:54
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@curi0usJack
curi0usJack / .htaccess
Last active March 13, 2024 10:17
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
#
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@leonjza
leonjza / inject.py
Last active February 4, 2024 07:47
Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC
# 2017 - @leonjza
#
# Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC
# Full bug description: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
# Usage example:
#
# List available posts:
#
# $ python inject.py http://localhost:8070/
@Arr0way
Arr0way / Super Awesome Bash History Logger for OSX V1.0
Last active August 29, 2015 14:05
Super Awesome Bash History Logger for OSX V1.0 - Might work in Linux
##########################################################################################################
# | #
# . | Super Awesome Bash History Logger for OSX V1.0 #
# .. ............;;. | #
# ..:: @Arr0way ;;;;. | Disclaimer: Use at your own risk. #
# . . ::::::::::::;;:' | #
# :' | Enjoy. #
# | #
# #
# Save your console commands and your sanity.
@vanhoefm
vanhoefm / gist:5326833
Created April 6, 2013 17:10
# -------------- netcatlib.py -----------------------------------
import socket
class Netcat:
# TODO: ip and port should be optionaly, and an open() method should be added
# TODO: specify a timeout argument as well?
def __init__(self, ip, port):
self.buff = ""
self.soc = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.soc.connect((ip, port))
@piscisaureus
piscisaureus / pr.md
Created August 13, 2012 16:12
Checkout github pull requests locally

Locate the section for your github remote in the .git/config file. It looks like this:

[remote "origin"]
	fetch = +refs/heads/*:refs/remotes/origin/*
	url = git@github.com:joyent/node.git

Now add the line fetch = +refs/pull/*/head:refs/remotes/origin/pr/* to this section. Obviously, change the github url to match your project's URL. It ends up looking like this:

@brandonb927
brandonb927 / osx-for-hackers.sh
Last active May 5, 2024 13:30
OSX for Hackers: Yosemite/El Capitan Edition. This script tries not to be *too* opinionated and any major changes to your system require a prompt. You've been warned.
#!/bin/sh
###
# SOME COMMANDS WILL NOT WORK ON macOS (Sierra or newer)
# For Sierra or newer, see https://github.com/mathiasbynens/dotfiles/blob/master/.macos
###
# Alot of these configs have been taken from the various places
# on the web, most from here
# https://github.com/mathiasbynens/dotfiles/blob/5b3c8418ed42d93af2e647dc9d122f25cc034871/.osx
@CocoaBeans
CocoaBeans / gdbinit
Created February 21, 2012 21:58
.gdbinit - A user-friendly gdb configuration file
# INSTALL INSTRUCTIONS: save as ~/.gdbinit
#
# DESCRIPTION: A user-friendly gdb configuration file.
#
# REVISION : 7.3 (16/04/2010)
#
# CONTRIBUTORS: mammon_, elaine, pusillus, mong, zhang le, l0kit,
# truthix the cyberpunk, fG!, gln
#
# FEEDBACK: https://www.reverse-engineering.net