Skip to content

Instantly share code, notes, and snippets.

Avatar
👨‍💻

Miglen Evlogiev miglen

👨‍💻
View GitHub Profile
@miglen
miglen / Facebook Messenger Phishing Campaign via zu7.eu .md
Last active May 31, 2022
Facebook Messenger Phishing Campaign via zu7.eu
View Facebook Messenger Phishing Campaign via zu7.eu .md

Today I had recieved an interesting phishing message via Messenger from a frend, who's also a tech guy so it was suprirpising that he got compromised.

The initial message said:

Is it you in this video? 😱
https://zu7.eu/L3VAD6EzsR

The url loaded from any browser, orther than mobile will redirect to twitch.tv otherwise it would display the following html:

@miglen
miglen / xss.py
Created Feb 25, 2022
Simple automated XSS check with selenium
View xss.py
import requests
import time
import urllib.parse
from bs4 import BeautifulSoup
from selenium import webdriver
from selenium.common.exceptions import NoAlertPresentException
url = "https://xss-game.appspot.com/level1/frame"
response = requests.get(url)
soup = BeautifulSoup(response.text)
@miglen
miglen / Esox-Lucius_PiHoleblocklists.txt
Created Sep 30, 2021
Esox-Lucius_PiHoleblocklists.txt
View Esox-Lucius_PiHoleblocklists.txt
This file has been truncated, but you can view the full file.
# Source https://github.com/Esox-Lucius/PiHoleblocklists
0-800-email.com
0-aprcredit-card.website
0-aprcredit-cards.website
0-aprcreditcard.website
0-aprcreditcards.website
0-secure-paypal.com
0.0.0.0 0-0.028.openvpn.cloud.btcchina.com
0.0.0.0 0-100-195.btcc.com
@miglen
miglen / README.md
Created Sep 1, 2021
Notes from Vulnerability management in package dependencies @ Softuni - 31.08.2021
View README.md

Overview

The following page contains my notes and links about the seminar we had @ Softuni on Vulnerability management in package dependencies at 31st of August 2021.

@miglen
miglen / packagejson.py
Created Feb 10, 2021
Dirty check for non existing public npm dependencies
View packagejson.py
#!/bin/env python3
# https://www.bleepingcomputer.com/news/security/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack/
# The following script finds all package.json files in the current dir and checks if there are referenced any
# dependencies that no public package is available for, making your application vulnerable to supply-chain attack.
# Simply run ./packagejson.py in your root repository direcotory.
import json
import requests
from pathlib import Path
import urllib.parse
@miglen
miglen / aws.opml
Created Feb 9, 2021 — forked from benkehoe/aws.opml
AWS RSS feeds
View aws.opml
<?xml version="1.0" encoding="UTF-8"?>
<opml version="1.0">
<head>
<title>AWS RSS feeds 2019-04-22</title>
</head>
<body>
<outline text="AWS" title="AWS">
<outline type="rss" text="Infrastructure &amp; Automation" title="Infrastructure &amp; Automation" xmlUrl="https://aws.amazon.com/blogs/infrastructure-and-automation/feed/" htmlUrl="https://aws.amazon.com/blogs/infrastructure-and-automation/"/>
<outline type="rss" text="AWS Developer Blog" title="AWS Developer Blog" xmlUrl="http://feeds.feedburner.com/AwsDeveloperBlog" htmlUrl="https://aws.amazon.com/blogs/developer/"/>
@miglen
miglen / check-CVE-2021-3156.sh
Created Jan 27, 2021
Test and patch CVE-2021-3156
View check-CVE-2021-3156.sh
#!/bin/bash
# Test and patch CVE-2021-3156
patch() {
# Simple method to patch with yum | apt
if command -v apt-get >/dev/null; then
sudo apt-get update
sudo apt-get install $1
elif command -v yum >/dev/null; then
sudo yum updateinfo $1
@miglen
miglen / iam_priviledge_escallation_deny_poilcy.json
Created Dec 15, 2020
IAM Policy to deny API actions that could potentially allow privilege escalation.
View iam_priviledge_escallation_deny_poilcy.json
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "DenyPriviledgeEscallationActions",
"Effect": "Deny",
"Action": [
"cloudformation:CreateStack",
"codestar:AssociateTeamMember",
"codestar:CreateProject",
"codestar:CreateProjectFromTemplate",
@miglen
miglen / ec2-instance-prompt.sh
Last active Aug 11, 2021
AWS EC2 Instance Prompt with EC2 ARN Instance Id Public IP Private IP Account Id Region and Instance Name Tag
View ec2-instance-prompt.sh
#!/bin/bash
#
# description: EC2 Instance Prompt
# author: Miglen Evlogiev <github@miglen.com>
#
# deployment: copy this file into /etc/profile.d/ec2-instance-prompt.sh
# sudo wget https://gist.githubusercontent.com/miglen/e2e577b95acf1171a1853871737323ce/raw/ec2-instance-prompt.sh -P /etc/profile.d/
# sudo bash /etc/profile.d/ec2-instance-prompt.sh
#
@miglen
miglen / flyefit.py
Created Aug 25, 2020
Automatic booking of flyefit.ie sessions.
View flyefit.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import datetime
import requests
from bs4 import BeautifulSoup
"""
The following script books specified sessions for
tomorrow in flyefiet gym web app.
"""