Skip to content

Instantly share code, notes, and snippets.

View arall's full-sized avatar

Gerard Arall arall

77 followers · 73 following
View GitHub Profile
@zachlatta
zachlatta / almost_pwned.md
Last active April 16, 2025 11:30

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

  1. Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.

  2. They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.

  3. I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

@stong
stong / cups-browsed.md
Last active January 15, 2025 14:08
CUPS disclosure leaked online. Not my report. The original author is @evilsocket

Original report

  • Affected Vendor: OpenPrinting
  • Affected Product: Several components of the CUPS printing system: cups-browsed, libppd, libcupsfilters and cups-filters.
  • Affected Version: All versions <= 2.0.1 (latest release) and master.
  • Significant ICS/OT impact? no
  • Reporter: Simone Margaritelli [[email protected]]
  • Vendor contacted? yes The vendor has been notified trough Github Advisories and all bugs have been confirmed:
@thesamesam
thesamesam / xz-backdoor.md
Last active April 7, 2025 09:15
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active April 11, 2025 22:49
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@byt3bl33d3r
byt3bl33d3r / log4j_rce_check.py
Created December 10, 2021 06:02
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
#! /usr/bin/env python3
'''
Needs Requests (pip3 install requests)
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.
@kellertk
kellertk / pisugar2-rtc-pwnagotchi.md
Last active November 7, 2024 21:29

The PiSugar2 is a battery board for the Raspberry Pi Zero. It has an integrated RTC chip available over I2C, but there are no drivers included in the kernel with the latest release of the pwnagotchi (or Kali in general). It's a ZXW Shenzhen SD3078; there is surprisingly little information out there about this chip. I suspect it's newish.

The PiSugar folks expect you to install Pisugar Power Manager, which is a web service to get battery status and set the RTC. I prefer to use the standard hwclock utility, because I don't need the extra function in the web interface. There is driver support for this chip in kernels 5.1 or newer, so we can grab that and compile it as an out of tree module. You may be able to adapt these ins

@ImAnEnabler
ImAnEnabler / decodeusbkeypress.py
Created March 26, 2019 22:08
#!/usr/bin/python
# coding: utf-8
from __future__ import print_function
import sys,os
#declare -A lcasekey
lcasekey = {}
#declare -A ucasekey
ucasekey = {}
@aalipar13
aalipar13 / routes.php
Created November 14, 2018 02:50
Export Laravel Routes in CSV format
/**
* Generate a CSV of all the routes
*/
Route::get('r', function()
{
header('Content-Type: application/excel');
header('Content-Disposition: attachment; filename="routes.csv"');
$routes = Route::getRoutes();
$fp = fopen('php://output', 'w');
@s4vitar
s4vitar / Preparación OSCP.md
Last active April 21, 2025 08:23
@haccer
haccer / scanio.sh
Last active February 18, 2025 14:06
PoC script to mass-locate vulnerable subdomains using results from Rapid7's Project Sonar
#!/bin/bash
# Usage : ./scanio.sh <save file>
# Example: ./scanio.sh cname_list.txt
# Premium
function ech() {
spinner=( "|" "/" "-" "\\" )
while true; do
for i in ${spinner[@]}; do
echo -ne "\r[$i] $1"