xct xct

## defender_update_check.cs
// Add a reference to "WUAPI 2.0 Type Library" in Visual Studio
// References:
//     - https://github.com/xonv/nagios-net-client/blob/0920114874ecc85fc7ab3a4426e547c9dc63a44a/NscaWinUpdateModule/WindowsUpdate.cs
//     - https://docs.microsoft.com/en-us/windows/win32/wua_sdk/portal-client

using System;
using WUApiLib;

namespace WinUpdateTest
{

## blazor-auth.md

      
              1 file
            
          
              16 forks
            
          
              30 comments
            
          
              97 stars
            
          
                SteveSandersonMS
                / blazor-auth.md
            
            
              Created
              June 11, 2019 10:49
            
              
                Blazor authentication and authorization
              
          
    Authentication and Authorization

Authentication means determining who a particular user is. Authorization means applying rules about what they can do. Blazor contains features for handling both aspects of this.
It worth remembering how the overall goals differ between server-side Blazor and client-side Blazor:

Server-side Blazor applications run on the server. As such, correctly-implemented authorization checks are both how you determine which UI options to show (e.g., which menu entries are available to a certain user) and where you actually enforce access rules.
Client-side Blazor applications run on the client. As such, authorization is only used as a way of determining what UI options to show (e.g., which menu entries). The actual enforcement of authorization rules must be implemented on whatever backend server your application operates on, since any client-side checks can be modified or bypassed.

Authentication-enabled templates for Server-Side Blazor


## nmapburp.sh
#!/bin/bash
#Script to Scan All Sites Found With A Simple NMAP Scan With Burp.

sites=$(nmap "$1" --open 443 --resolve-all --open -oG - | awk 'NR!=1 && /open/{print $2}')

for site in $sites
do
curl -vgw "\\n" 'http://127.0.0.1:1337/v0.1/scan' -d '{"urls":["'"$site"'"]}'  > /dev/null 2>&1
printf "Scanning %s with burp.\\n" "$site"
done

## House_of_Roman.md

      
              1 file
            
          
              10 forks
            
          
              0 comments
            
          
              59 stars
            
          
                romanking98
                / House_of_Roman.md
            
            
              Last active
              February 9, 2024 04:21
            
          
    Table of Contents


Disclamair
House Of Roman

------> 2.1 Assumptions

------> 2.2 Protections

------> 2.3 Quick Walkthrough

------> 2.4 Setting the FD to malloc_hook

------> 2.5 Fixing the 0x71 freelist

------> 2.6 Unsorted Bin attack on malloc_hook


## AccessChk.bat
accesschk -w -s -u Users "C:\Program Files" >> programfiles.txt
accesschk -w -s -u Everyone "C:\Program Files" >> programfiles.txt
accesschk -w -s -u "Authenticated Users" "C:\Program Files" >> programfiles.txt
accesschk -w -s -u Interactive "C:\Program Files" >> programfiles.txt
accesschk -w -s -u "This Organization" "C:\Program Files" >> programfiles.txt
accesschk -w -s -u "Authentication authority asserted identity" "C:\Program Files" >> programfiles.txt
accesschk -w -s -u "Mandatory Label\Medium Mandatory Level" "C:\Program Files" >> programfiles.txt
accesschk -w -s -u %username% "C:\Program Files" >> programfiles.txt

accesschk -w -s -u Users "C:\Program Files (x86)" >> programfilesx86.txt

## sqlmap tamper scripts
# All scripts
```
--tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords
```
# General scripts
```
--tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes
```
# Microsoft access
```

## PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set
	// Add a reference to "WUAPI 2.0 Type Library" in Visual Studio
	// References:
	// - https://github.com/xonv/nagios-net-client/blob/0920114874ecc85fc7ab3a4426e547c9dc63a44a/NscaWinUpdateModule/WindowsUpdate.cs
	// - https://docs.microsoft.com/en-us/windows/win32/wua_sdk/portal-client

	using System;
	using WUApiLib;

	namespace WinUpdateTest
	{
	#!/bin/bash
	#Script to Scan All Sites Found With A Simple NMAP Scan With Burp.

	sites=$(nmap "$1" --open 443 --resolve-all --open -oG - \| awk 'NR!=1 && /open/{print $2}')

	for site in $sites
	do
	curl -vgw "\\n" 'http://127.0.0.1:1337/v0.1/scan' -d '{"urls":["'"$site"'"]}' > /dev/null 2>&1
	printf "Scanning %s with burp.\\n" "$site"
	done
	accesschk -w -s -u Users "C:\Program Files" >> programfiles.txt
	accesschk -w -s -u Everyone "C:\Program Files" >> programfiles.txt
	accesschk -w -s -u "Authenticated Users" "C:\Program Files" >> programfiles.txt
	accesschk -w -s -u Interactive "C:\Program Files" >> programfiles.txt
	accesschk -w -s -u "This Organization" "C:\Program Files" >> programfiles.txt
	accesschk -w -s -u "Authentication authority asserted identity" "C:\Program Files" >> programfiles.txt
	accesschk -w -s -u "Mandatory Label\Medium Mandatory Level" "C:\Program Files" >> programfiles.txt
	accesschk -w -s -u %username% "C:\Program Files" >> programfiles.txt

	accesschk -w -s -u Users "C:\Program Files (x86)" >> programfilesx86.txt
	# All scripts
	```
	--tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords
	```
	# General scripts
	```
	--tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes
	```
	# Microsoft access
	```
	# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
	# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

	# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
	# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

	# New function naming schema:
	# Verbs:
	# Get : retrieve full raw data sets
	# Find : ‘find’ specific data entries in a data set