Skip to content

Instantly share code, notes, and snippets.

View mgeeky's full-sized avatar
💭
Wanna sip a sencha?

Mariusz Banach mgeeky

💭
Wanna sip a sencha?
2.7k followers · 103 following
  • Binary-Offensive.com
  • Poland
  • X @mariuszbit
View GitHub Profile
@willccbb
willccbb / grpo_demo.py
Last active April 25, 2025 06:11
GRPO Llama-1B
# train_grpo.py
#
# See https://github.com/willccbb/verifiers for ongoing developments
#
import re
import torch
from datasets import load_dataset, Dataset
from transformers import AutoTokenizer, AutoModelForCausalLM
from peft import LoraConfig
from trl import GRPOConfig, GRPOTrainer
@zachlatta
zachlatta / almost_pwned.md
Last active April 16, 2025 11:30

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

  1. Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.

  2. They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.

  3. I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

@ThePirateWhoSmellsOfSunflowers
ThePirateWhoSmellsOfSunflowers / atexec_rpc.py
Last active April 24, 2025 15:30
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
@LuemmelSec
LuemmelSec / Get-SPVersionInfo.ps1
Last active December 9, 2024 10:08
Script to get SharePoint Version and release date remotely
# To use the function, call it like this:
# iex(new-object net.webclient).downloadstring("https://gist.githubusercontent.com/LuemmelSec/208b8ba52b645ec189031d2b5200f76e/raw/c6c1008da1b5670d3fb549578968c2a2f086a00b/Get-SPVersionInfo.ps1")
# Get-SPVersionInfo -ServerUrl "https://my-sharepointserver"
function Get-SPVersionInfo {
param (
[string]$ServerUrl,
[switch]$SkipCertificateCheck, # Flag to skip certificate checks
[switch]$SkipHttpErrorCheck # Flag to skip HTTP error handling
)
@odzhan
odzhan / aperm.py
Created October 18, 2024 15:01
Affine Permutation For Obfuscation
#!/usr/bin/env python3
"""
Affine Permutation File Encoder/Decoder
This script allows you to encode and decode files using an Affine Permutation.
It uses command-line arguments to specify the operation mode (encode or decode), input file, and output file.
Additionally, it stores a SHA256 hash of the original data to verify successful decoding.
Usage:
To encode a file:
@dadevel
dadevel / main.c
Created May 7, 2024 21:30
EFS Trigger
#include <windows.h>
int main() {
HANDLE file = CreateFileA(".\\test.txt", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL|FILE_ATTRIBUTE_ENCRYPTED|FILE_FLAG_DELETE_ON_CLOSE, NULL);
if (!file || file == INVALID_HANDLE_VALUE) {
return GetLastError();
}
CloseHandle(file);
return 0;
}
@Homer28
Homer28 / test_dll.c
Last active December 13, 2024 20:24
DLL code for testing CVE-2024-21378 in MS Outlook
/**
* This DLL is designed for use in conjunction with the Ruler tool for
* security testing related to the CVE-2024-21378 vulnerability,
* specifically targeting MS Outlook.
*
* It can be used with the following command line syntax:
* ruler [auth-params] form add-com [attack-params] --dll ./test.dll
* Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch).
*
* After being loaded into MS Outlook, it sends the PC's hostname and
@thesamesam
thesamesam / xz-backdoor.md
Last active April 7, 2025 09:15
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@two06
two06 / PyCel.py
Created August 31, 2023 09:55
Python tool for interacting with Excel Python container (preview release)
#!/usr/bin/python3
import requests
import sys
import uuid
from requests.packages.urllib3.exceptions import InsecureRequestWarning
#Disable annoying warnings about using burp proxy.
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
http_proxy = "http://127.0.0.1:8080"
@adamsvoboda
adamsvoboda / gist:9ac52548d3d81f3185e36b9f0be31990
Created August 30, 2023 15:02
Windows Defender LSASS ASR Exclusion Paths - 08.30.2023
%windir%\system32\WerFaultSecure.exe
%windir%\system32\mrt.exe
%windir%\system32\svchost.exe
%windir%\system32\NETSTAT.EXE
%windir%\system32\wbem\WmiPrvSE.exe
%windir%\system32\DriverStore\FileRepository\*\NVWMI\nvWmi64.exe
%programfiles(x86)%\Microsoft Intune Management Extension\ClientHealthEval.exe
%programfiles(x86)%\Microsoft Intune Management Extension\SensorLogonTask.exe
%programfiles(x86)%\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe
%programdata%\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\*\OpenHandleCollector.exe