Navaneeth Rao navaneeth-dev
coolaj86
/ ChatGPT-Dan-Jailbreak.md
Last active
May 5, 2024 13:52
tothi
/ ms-msdt.MD
Last active
April 18, 2024 02:22
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process
MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).
The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).
Here are the steps to build a Proof-of-Concept docx:
- Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| RunPE for x64 - classic RunPE for 64-bit executables | |
| Copyright (C) 2020 Valentin-Gabriel Radu | |
| This program is free software; you can redistribute it and/or modify | |
| it under the terms of the GNU General Public License as published by | |
| the Free Software Foundation; either version 2 of the License, or | |
| (at your option) any later version. | |
| This program is distributed in the hope that it will be useful, |
JarLob
/ hook_location_frida.js
Created
March 14, 2020 09:04
— forked from Areizen/hook_location_frida.js
Frida script to fake location on Android
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const simulated_latitude = 48.8534 | |
| const simulated_longitude = 2.3488 | |
| Java.perform(function(){ | |
| const Location = Java.use('android.location.Location') | |
| var location = Location.$new("gps") | |
| location.setLatitude(simulated_latitude) | |
| location.setLongitude(simulated_longitude) |
ulkeshkosh
/ pci-passthrough.md
Last active
February 2, 2024 07:05
PCI-Passthrough Rig, OS, and Setup
This is my guide for a successful PCI-Passthrough from Linux (Arch Linux) to QEMU/KVM via virt-manager and libvirtd into a Windows 10 Home guest.
NOTE: This is a guide for Intel only. I do not own an AMD machine, and will not add AMD information this guide until such time that I do, which could be never.
| Device Type | Device |
|---|---|
| CPU | Intel Core i7 7700K Quad-Core, Hyperthreading |
| Motherboard | Gigabyte Z270X-Gaming 5 |
| Filter | Description | Example |
|---|---|---|
| allintext | Searches for occurrences of all the keywords given. | allintext:"keyword" |
| intext | Searches for the occurrences of keywords all at once or one at a time. | intext:"keyword" |
| inurl | Searches for a URL matching one of the keywords. | inurl:"keyword" |
| allinurl | Searches for a URL matching all the keywords in the query. | allinurl:"keyword" |
| intitle | Searches for occurrences of keywords in title all or one. | intitle:"keyword" |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
lukeeey
/ minecraft-launch-intents.md
Last active
May 3, 2024 10:13
Annoyingly, you can't click these links in this gist because github doesnt recognize them as actual valid links. You cant paste it into a browser address bar either, so create a bookmark with the link and then click that!
Opens Minecraft in Edu Mode. This is the real Education Edition!
Link: minecraft:?edu=1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
vhanla
/ Visual C++.sublime-build
Last active
May 5, 2021 12:42
— forked from mikhdm/Visual C++.sublime-build
Visual C++ build system for sublime text to exec and compile .c and .cpp files from Subime Text editor.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Show hidden characters
| { | |
| "cmd": ["vcvars32.bat", "&&", "cl", "/EHsc", "/Za", "${file}"], | |
| "file_regex": "^(..[^:]*):([0-9]+):?([0-9]+)?:? (.*)$", | |
| "working_dir": "${file_path}", | |
| "selector": "source.c, source.cpp, source.c++", | |
| // By default cl is not in your PATH, so add it to your path (preferably) | |
| // or uncomment "path" and check that it has correct value | |
| //"path": "%PATH%;path:/to/folder/where/cl.exe/located", | |
| // e.g. "path" : "%PATH%;C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\bin\\", | |
| // this also will set path for vcvars32.bat |
NewerOlder