Skip to content

Instantly share code, notes, and snippets.

View marcostolosa's full-sized avatar
Memento Mori. Try Harder.

Marcos Tolosa marcostolosa

Memento Mori. Try Harder.
View GitHub Profile
marcostolosa /
Last active March 17, 2018 13:24
Sete Atitudes para Hackear a Indústria de Software

Sete Atitudes para Hackear a Indústria de Software

by Klaus Wuestefeld

1) Torne-se excelente.

Seja realmente bom em alguma coisa. Não fique só choramingando ou querendo progredir às custas dos outros. Não pense q pq vc sentou 4 anos numa faculdade ouvindo um professor falar sobre software q vc sabe alguma coisa. Jogador de futebol não aprende a jogar bola tendo aula. Ele pratica. Instrumentistas geniais nao aprendem a tocar tendo aula. Eles praticam. Pratique. Chegue em casa depois do trabalho e da aula e pratique. No final de semana, pratique.

  • Crie seu próprio virus, seu proprio jogo, seu proprio SO, seu proprio gerenciador de janelas, seu proprio webserver, sua propria VM, qq coisa. Varias coisas.

Nao precisa ser só programacao. Pode ser networking, vendas, etc. Só precisa ser bom mesmo. Tenha paixão pela coisa.

marcostolosa /
Created July 11, 2018 17:20
Docker for Pentesters

Docker for Penetration Testing

Official Kali Linux

docker pull kalilinux/kali-linux-docker 

Official OWASP ZAP

marcostolosa /
Created July 11, 2018 17:22
Diff PNG Images
from PIL import Image
i1 ="A.png")
i2 ="B.png")
img ='RGB', i1.size)
p1 = i1.load()
p2 = i2.load()
pnew = img.load()
marcostolosa /
Last active July 11, 2018 19:57
Linux Command Line - Pentest CheatSheet

Command Line cheat-sheet

Search recursively for a string inside files and directories

grep -R 'string' dir/
egrep -ril 'string|palavra2' ./dir

Download entire website w/ wget

marcostolosa /
Last active July 12, 2018 17:35
Docker Cheat-Sheet
marcostolosa /
Last active July 17, 2018 23:31
Bash Script - Cheat Sheet

Bash Getting started


#!/usr/bin/env bash

echo "Hello $NAME!"
marcostolosa /
Created July 17, 2018 23:36
Bash Shell - Cheat Sheet

Bash is a name of the unix shell, which was also distributed as the shell for the GNU operating system and as default shell on Linux and Mac OS X. Nearly all examples below can be a part of a shell script or executed directly in the shell.

Read more here.

# First line of the script is shebang which tells the system how to execute
# the script:
# As you already figured, comments start with #. Shebang is also a comment.
marcostolosa / nginx.conf
Last active September 5, 2018 19:46
Nginx Improved - Security and Performance
# read more here
# don't send the nginx version number in error pages and Server header
server_tokens off;
# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
add_header X-Frame-Options SAMEORIGIN;
marcostolosa /
Created September 19, 2018 12:52
Vagrant CheatSheet

Typing vagrant from the command line will display a list of all available commands.

Be sure that you are in the same directory as the Vagrantfile when running these commands!

Creating a VM

  • vagrant init -- Initialize Vagrant with a Vagrantfile and ./.vagrant directory, using no specified base image. Before you can do vagrant up, you'll need to specify a base image in the Vagrantfile.
  • vagrant init <boxpath> -- Initialize Vagrant with a specific box. To find a box, go to the public Vagrant box catalog. When you find one you like, just replace it's name with boxpath. For example, vagrant init ubuntu/trusty64.

Starting a VM

  • vagrant up -- starts vagrant environment (also provisions only on the FIRST vagrant up)
marcostolosa / vagranfile.rb
Created September 19, 2018 12:53
Vagrantfile CheatSheet
Vagrant.configure("2") do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at
# Every Vagrant virtual environment requires a box to build off of. = "precise64"
# The url from where the '' box will be fetched if it
# doesn't already exist on the user's system.