Skip to content

Instantly share code, notes, and snippets.

View lirantal's full-sized avatar
💟
Writing a book on Node.js Secure Coding

Liran Tal lirantal

💟
Writing a book on Node.js Secure Coding
2k followers · 855 following
View GitHub Profile
@coolaj86
coolaj86 / ChatGPT-Dan-Jailbreak.md
Last active May 8, 2024 10:25
@MidSpike
MidSpike / readme.md
Last active February 5, 2024 18:09
CVE-2022-23812 | RIAEvangelist/node-ipc is malware / protest-ware
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active January 28, 2024 08:19
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@terjanq
terjanq / secdriven.md
Last active May 7, 2024 12:07
A TL;DR solution to Security Driven by @terjanq

A TL;DR solution to Security Driven by @terjanq

For this year's Google CTF, I prepared a challenge that is based on a real-world vulnerability. The challenge wasn't solved by any team during the competition so here is the proof that the challenge was in fact solvable! :)

The goal of the challenge was to send a malicious file to the admin and leak their file with a flag. The ID of the file was embedded into the challenge description (/file?id=133711377731) and only admin had access to it, because the file was private.

Disclamer: The write-up is written on airplane therefore the quality of it is poor, mostly to showcase the required steps to solve the challenge

@nikitastupin
nikitastupin / fingerprint.js
Created February 8, 2021 12:21
fingerprint.js
(() => {
let gadgets = [];
if (typeof _satellite !== 'undefined') {
gadgets.push('Adobe Dynamic Tag Management');
}
if (typeof BOOMR !== 'undefined') {
gadgets.push('Akamai Boomerang');
}
@prologic
prologic / LearnGoIn5mins.md
Last active May 5, 2024 17:05
Learn Go in ~5mins
@colbyfayock
colbyfayock / github-context.json
Created May 31, 2020 18:05
Sample payload for Github Action `github` context
{
"token": "[token]",
"job": "notifySlack",
"ref": "refs/pull/4/merge",
"sha": "[shad]",
"repository": "colbyfayock/demo-github-actions",
"repository_owner": "colbyfayock",
"repositoryUrl": "git://github.com/colbyfayock/demo-github-actions.git",
"run_id": 120667610,
"run_number": "2",
@Ryuno-Ki
Ryuno-Ki / index.js
Created April 4, 2020 19:43
Bundling Node.js module with bare return on top level, c.f. https://twitter.com/liran_tal/status/1245626369112821763
import semver from 'semver' // I want this to be bundled in
import './node_modules/abc/abc.js' // this is vanilla JS, I expect this to be imported in the global scope
import * as myData from './mydata.json' // this is just json data I'm working with
async function myOwnThing() {
return some_data_object_here;
}
return myOwnThing();
@UlisesGascon
UlisesGascon / important.md
Last active February 12, 2020 07:57
Nodejs February Security Release
@roborourke
roborourke / wp-packagist-stats.php
Last active February 20, 2020 11:06
Get stats from packagist for all WP related packages
#!/usr/bin/env php
<?php
$plugins = file_get_contents( 'https://packagist.org/packages/list.json?type=wordpress-plugin' );
$muplugins = file_get_contents( 'https://packagist.org/packages/list.json?type=wordpress-muplugin' );
$dropins = file_get_contents( 'https://packagist.org/packages/list.json?type=wordpress-dropin' );
$themes = file_get_contents( 'https://packagist.org/packages/list.json?type=wordpress-theme' );
$plugins_json = json_decode( $plugins, true )['packageNames'];
$muplugins_json = json_decode( $muplugins, true )['packageNames'];