Skip to content

Instantly share code, notes, and snippets.

View singe's full-sized avatar

Dominic White singe

271 followers · 0 following
View GitHub Profile
@singe
singe / allowed.txt
Last active May 28, 2019 06:07
LinkedIn Top 10k Passwords Compared to Twitter Password Blacklist
123456789:allowed
linkedin:allowed
000000:allowed
linked:allowed
1234567890:allowed
222222:allowed
555555:allowed
pakistan:allowed
chocolate:allowed
Linkedin:allowed
@singe
singe / Dockerfile
Last active May 29, 2020 19:49
Simple canary token binary wrapper
FROM alpine:latest as builder
LABEL maintainer="@singe at SensePost <research@sensepost.com>"
RUN apk update && apk --no-cache add \
build-base \
&& rm -rf /var/cache/apk/*
WORKDIR /
COPY yellow.c canary32.c canary32.h /
RUN gcc -o yellow yellow.c canary32.c
@singe
singe / sources.md
Last active September 28, 2020 10:59
Richard Serra & Carlota Fay Schoolman's "Television Delivers People" from March 1973
@singe
singe / get-shift.sh
Created August 11, 2021 21:17
Display the commands required to merge to packet captures and align their time stamps
#!/bin/bash
one=$1
two=$2
if [[ $one == "" || $two == "" ]]; then
echo Display commands to merge two packet captures to the same time
echo $0 "<cap one> <cap two> <offset>"
exit 1
fi
offset=$3
if [[ ! $offset > 0 ]]; then
@singe
singe / macos_perf_notes.md
Last active January 16, 2022 16:05
macOS Perf Approaches

Remember to compile with debug.

Use DTrace - onCPU

  1. Clone https://github.com/brendangregg/FlameGraph

  2. Trace command sudo dtrace -c '<command>' -o out.stacks -n 'profile-997 /execname == "<command name>"/ { @[ustack(100)] = count(); }' > /dev/null

  3. Create Graph

@singe
singe / README.md
Last active March 19, 2022 03:15
Windows Arabic Code Page (1265) for hashcat

A Windows Arabic Code Page (CP1256) hashcat charset file. Its use is described by hashcat here. The original blog post describing it can be found at NTHashes and Encodings.

@singe
singe / hc-to-john-utf8.sh
Created February 11, 2022 13:25
Hashcat Wordlist Stuff
#!/bin/bash
# Convert hashcat.pot to john.pot and merge them
# Usage: hc-to-john.sh <hashcat pot> <john pot>
# NB: Make sure the hashcat pot only contains 16
# and 32 character hashes that are LM and NT hashes
tmp1=$(mktemp -t pot-port)
tmp2=$(mktemp -t pot-port)
hashpot=$1
LC_ALL=UTF-8 sed 's/^\([a-f0-9]\{32\}:[^:]*\)$/$NT$\1/' $hashpot | grep '^\$NT\$' > $tmp1
@singe
singe / request-proxy-facebook.py
Last active October 1, 2022 23:30
Simple Python requests to browser reverse proxy example.
#!/usr/bin/env python3
# A simple demo of Python requests to reverse proxy
# It's an intermediate between vanilla requests and Selenium
# It let's you interact programatically, but still run JS in
# the browser, without Selenium overhead
#
# This is an example of automating aspects of Facebook
#
# by @singe
@singe
singe / README.md
Last active November 7, 2022 19:06
Canarytoken'ed Word .docx yara rule

Remember to unzip the .docx first, or use scan.sh.

Compile the yara rule for scan.sh to work yarac canarytoken.yar canarytoken

@singe
singe / create_certs.sh
Last active November 18, 2022 20:22
A simple tshark EAP certificate extractor
#!/bin/bash
# Simple CA cert generator & leaf cert signer
# By dominic@sensepost.com
# All rights reserved 2019
ca_prefix="ca"
leaf_prefix="host"
ca_validity="1825" #days
leaf_validity="730" #days
size=2048