Skip to content

Instantly share code, notes, and snippets.

View mccabe615's full-sized avatar

Mike McCabe mccabe615

62 followers · 34 following
View GitHub Profile
@mccabe615
mccabe615 / helperpaths.txt
Created July 14, 2022 18:11
helper paths
/Users/guptagr/go/pkg/mod/github.com/aws/aws-sdk-go@v1.44.40/aws/arn/arn.go
/Users/guptagr/go/pkg/mod/github.com/aws/aws-sdk-go@v1.44.40/aws/awserr/error.go
/Users/guptagr/go/pkg/mod/github.com/aws/aws-sdk-go@v1.44.40/aws/awserr/types.go
/Users/guptagr/go/pkg/mod/github.com/aws/aws-sdk-go@v1.44.40/aws/awsutil/path_value.go
/Users/guptagr/go/pkg/mod/github.com/aws/aws-sdk-go@v1.44.40/aws/awsutil/prettify.go
/Users/guptagr/go/pkg/mod/github.com/aws/aws-sdk-go@v1.44.40/aws/client/client.go
/Users/guptagr/go/pkg/mod/github.com/aws/aws-sdk-go@v1.44.40/aws/client/default_retryer.go
/Users/guptagr/go/pkg/mod/github.com/aws/aws-sdk-go@v1.44.40/aws/client/logger.go
/Users/guptagr/go/pkg/mod/github.com/aws/aws-sdk-go@v1.44.40/aws/config.go
/Users/guptagr/go/pkg/mod/github.com/aws/aws-sdk-go@v1.44.40/aws/context_background_1_7.go
@mccabe615
mccabe615 / firefox_settings.md
Last active December 7, 2022 23:45
Firefox settings for testing

In about:config in Firefox, all of the below should be set to false

  • network.captive-portal-service.enabled
  • extensions.getAddons.cache.enabled
  • network.prefetch-next
  • browser.newtabpage.enabled
  • toolkit.telemetry.archive.enabled = false
  • toolkit.telemetry.enabled = false
  • toolkit.telemetry.rejected = true
@mccabe615
mccabe615 / android-burp-cert.sh
Created September 25, 2019 18:02 — forked from vavkamil/android-burp-cert.sh
One Liner For Installing Burp Certificate Into Android Nougat and Later
# https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html
#
curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert \
&& openssl x509 -inform DER -in cacert.der -out cacert.pem \
&& cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 \
&& adb root \
&& adb remount \
&& adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/ \
&& echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts/" | adb shell \
&& echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell \
@mccabe615
mccabe615 / InterviewQuestions.md
Last active September 2, 2022 00:48
AppSec Interview Questions
  • What draws you to appsec?
  • Explain a situation that you worked with a developer on.
  • What is your general process for testing an application, and what can you test for if only given the URL to the login page?
  • How do you stay current with the security industry?
  • What do you do besides security and technology for fun?
  • What are two ways to exploit response splitting?
  • How would you fix response splitting?
  • How do the git and svn models differ?
  • What does git branch -a branchname do?
  • What is continous deployment?
@mccabe615
mccabe615 / ioshacking.md
Last active June 5, 2022 05:42
iOS hacking steps

list signing keys

security find-identity -v -p codesigning

patch IPA

objection patchipa --source "outlook.ipa" --codesign-signature 7836F9FC5FD55E48326EA8A1854D030551F413A8

jailbreak

electra

@mccabe615
mccabe615 / .eslintrc
Created March 31, 2017 18:33
eslint security config
{
"plugins": ["security"],
"env": {
"node": true,
"es6": true
},
"rules": {
'security/detect-unsafe-regex': 1,
'security/detect-non-literal-regexp': 1,
'security/detect-non-literal-require': 1,
@mccabe615
mccabe615 / ssh
Created February 19, 2022 15:16
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9A4kmSHmyhncSssfXAuEFIQ8bLExiXxwolr6wrx9NhyQa9229FTuLJmztF+QP755njtLFsV/hx8jlKYtBseEBV2M5DKZLloCP8ucyUmF1ZNS/qZoNQbMNCBLfsEExrD51f17f5aqbH6AeSLDJDn9YhPoZQYYURl3GIK06fn3NoL3gDXL95aLzU0b16WSbgPoTkszvo/LS8r468AalC5npAfyQ8eOpDwcBgJI/4WIXNPYMBr6eN2nYKlJlm5cIgvfEfft1hgrU4lyJFQB0US11vTRIJUOQ+ZLm7P9Axeu2iDSc5QMB1fmpnGJOaIvxr/5Io9x2JOZ5R9PIBBab8TOsL1nCyjZYuqw0mS/RucDyvA001MZUDHJBwnMNzDrp6pkZ9+Owj1rQTJCcnshP7B9H+9IxVW0tTpCGOGVr0v4CV3cTxzgjw1C6W4bn4MWDvuQnVMU2uMmJqFwy9ooo8SCXd3esFMnznvekhBlMDtPVnDhmgeH4G0eroYXxfn/SUE0= rhodes@mdm
@mccabe615
mccabe615 / configrules.py
Last active August 11, 2020 02:41
import boto3, json
print("Account: ", end = '')
print(boto3.client('sts').get_caller_identity()['Account'])
client = boto3.client('config')
print()
print("Getting non-compliant config results")
print()
@mccabe615
mccabe615 / WAHH_Task_Checklist.md
Created April 17, 2014 02:52 — forked from amotmot/WAHH_Task_Checklist.md
@mccabe615
mccabe615 / Nessus Install.md
Created February 24, 2020 20:56

ssh in

apt-get update

scp Nessus-8.7.2-ubuntu1110_amd64.deb root@204.48.31.211:/tmp

cd /tmp

dpkg -i Nessus-8.7.2-ubuntu1110_amd64.deb