Skip to content

Instantly share code, notes, and snippets.

View davehardy20's full-sized avatar

Dave Hardy davehardy20

122 followers · 325 following
  • UK
View GitHub Profile
@githubfoam
githubfoam / windows event logs cheat sheet
Last active December 15, 2025 11:26
windows event logs cheat sheet
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# PS : ChatGPT makes mistakes, consider "trust but verify" principle
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#Events to Monitor
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#run
eventvwr.msc Event viewer
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Event Viewer(Local)-Windows Logs (shutdown / restart )
@byt3bl33d3r
byt3bl33d3r / Caddyfile
Last active October 6, 2023 23:38
Caddyfile reverse proxy example for C2 platforms
{
# This instructs Caddy to hit the LetsEncrypt staging endpoint, in production you should remove this.
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
(proxy_upstream) {
# Enable access logging to STDOUT
log
# This is our list of naughty client User Agents that we don't want accessing our C2
@OTaKuHP
OTaKuHP / Bug Bounty Checklist and Cheatsheets.md
Created June 11, 2021 03:42
@andrenbrandao
andrenbrandao / .tmux.conf
Created May 10, 2021 00:42
# Set vi key bindings mode
set -g mode-keys vi
set -g status-keys vi
# Set new panes to open in current directory
bind c new-window -c "#{pane_current_path}"
bind '"' split-window -c "#{pane_current_path}"
bind % split-window -h -c "#{pane_current_path}"
# List of plugins
@tcpdump-examples
tcpdump-examples / tcpdump.md
Last active August 20, 2024 06:35

Tcpdump is a CLI tool to capture raw network packets. This is useful for various forms of network troubleshooting. This cheat sheet covers all the basic and advanced options for tcpdump.

Tcpdump cheat sheet

how-to-use-tcpdump

Tcpdump command is a famous network packet analyzing tool that is used to display TCP\IP & other network packets being transmitted over the network attached to the system on which tcpdump has been installed. Tcpdump uses libpcap library to capture the network packets & is available on almost all Linux/Unix flavors.

Capture ICMP Packets With Tcpdump

@broestls
broestls / Remove_VMwareTools.ps1
Last active November 19, 2025 13:13
Force removal of VMware Tools, Program Files, and Windows Services
# This script will manually rip out all VMware Tools registry entries and files for Windows 2008-2019
# Tested for 2019, 2016, and probably works on 2012 R2 after the 2016 fixes.
# This function pulls out the common ID used for most of the VMware registry entries along with the ID
# associated with the MSI for VMware Tools.
function Get-VMwareToolsInstallerID {
foreach ($item in $(Get-ChildItem Registry::HKEY_CLASSES_ROOT\Installer\Products)) {
If ($item.GetValue('ProductName') -eq 'VMware Tools') {
return @{
reg_id = $item.PSChildName;
@theevilbit
theevilbit / divide_and_conquer.c
Created January 17, 2021 15:11
Divide and Conquer NextGen AV bypass
/*
This is a POC for a generic technique I called internally on our red team assessment "Divide and Conquer", which can be used to bypass behavioral based NextGen AV detection. It works by splitting malicious actions and API calls into distinct processes.
*/
#include <stdio.h>
#include <tchar.h>
#include <windows.h>
#include "Commctrl.h"
#include <string>
@BugHunter001
BugHunter001 / Bug_Bounty_tips
Last active August 22, 2024 08:49
site.com/file.php
response = nothing
http://site.com/file.php~
response = source
-------------------------------------
https://github.com/kleiton0x00/CRLF-one-liner
------------------------------------------
try to add admin as your user,
change his email to yours,
@jthuraisamy
jthuraisamy / loaded_psp_drivers.cpp
Last active June 19, 2025 17:45
Loaded Security Product Drivers
#include <Windows.h>
#include <ImageHlp.h>
#include <strsafe.h>
#include "loaded_psp_drivers.h"
#include <set>
#include <string>
#include <algorithm>
#pragma comment(lib, "crypt32.lib")
@GeneralTesler
GeneralTesler / refl.cpp
Last active October 31, 2025 13:25
PoC using RtlCreateProcessReflection + MiniDumpWriteDump to dump lsass.exe process memory
#include <Windows.h>
#include <iostream>
#include <DbgHelp.h>
#include <processsnapshot.h>
#include <TlHelp32.h>
#include <processthreadsapi.h>
//process reflection stuff copied from: https://github.com/hasherezade/pe-sieve/blob/master/utils/process_reflection.cpp
//minidump/process searching copied from: https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
//compile using: cl.exe refl.cpp /DUNICODE