| Base64 Code | Mnemonic Aid | Decoded* | Description |
|---|---|---|---|
JAB |
🗣 Jabber | $. |
Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env: |
TVq |
📺 Television | MZ |
MZ header |
SUVY |
🚙 SUV | IEX |
PowerShell Invoke Expression |
SQBFAF |
🐣 Squab favorite | I.E. |
PowerShell Invoke Expression (UTF-16) |
SQBuAH |
🐣 Squab uahhh | I.n. |
PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz |
PAA |
💪 "Pah!" | <. |
Often used by Emotet (UTF-16) |
Jens 2001db8
Neo23x0
/ Base64_CheatSheet.md
Last active
October 5, 2025 22:13
Learning Aid - Top Base64 Encodings Table
azet
/ psql_internals_cheatsheet.sql
Last active
March 5, 2021 14:57
PostgreSQL internals SQL collection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # long running queries: | |
| SELECT | |
| pid, | |
| now() - pg_stat_activity.query_start AS duration, | |
| query, | |
| state | |
| FROM pg_stat_activity | |
| WHERE (now() - pg_stat_activity.query_start) > interval '5 minutes'; | |
| ## active queries and killing them: |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
Krazybug
/ calisuck.py
Last active
January 28, 2025 23:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| ''' | |
| calisuck: index, filter-out smartly and download ebooks from Calibre open directories | |
| Installation: | |
| You need python 3.5 installed | |
| Download the file as a zip and unzip-it and get into the dir |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| O'Meirrcy !!!! Download free ebooks from O'Reilly | |
| Usage: | |
| > git clone https://gist.github.com/Krazybug/1ae50814d25b0a1d862dfdf7161ee503 | |
| > mv 1ae50814d25b0a1d862dfdf7161ee503 omercy | |
| > cd omercy | |
| > pip install requests | |
| > pip install bs4 | |
| > python omercy.py |
chunter
/ pageant-autoload-keys-at-startup.txt
Created
June 20, 2017 10:51
Make Pageant autoload keys at startup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| To make Pageant automatically run and load keys at startup: | |
| - Find the location of pageant.exe | |
| - Windows key + R to open the 'run' dialog box | |
| - Type: 'shell:startup' in the dialog box | |
| - Create a shortcut to the pageant.exe and put into this startup folder. |
noopkat
/ workstation.md
Last active
October 13, 2024 16:16
- 13" Macbook Pro 3.3 GHz i7 (late 2016)
- Microsoft Surface Book (2016)
- Dell up3216q 32" monitor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Certbot hook for Hurricane Electric DNS service | |
| # | |
| # Usage: | |
| # | |
| # Renew all certificates: | |
| # HE_SESSID=<session_id> certbot renew \ | |
| # --preferred-challenges dns \ |
rain-1
/ Wannacrypt0r-FACTSHEET.md
Last active
May 14, 2025 19:15
— forked from Epivalent/Wannacrypt0r-FACTSHEET.md
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comis up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
troyfontaine
/ readme.md
Last active
July 17, 2025 02:01
Resize root partition (or how to remove the default /home partition) on CentOS 7 online
This process requires that you are able to ssh OR log in locally using the root user account and that no services be running as users out of /home on the target machine.
The examples are from a default installation with no customization-you NEED to know what you're working with for volumes/partitions to not horribly break things.
By default, CentOS 7 uses XFS for the file system and Logical Volume Manager (LVM), creating 3 partitions: /,/home and swap.
NOTE: If you want to be sure that nothing is writing to /home you can either modify the host to boot into single-user mode OR try to use the
systemctl isolate runlevel1.target command to switch (not tested! should work).