Skip to content

Instantly share code, notes, and snippets.

View namishelex01's full-sized avatar
🎯
Focusing

Namish namishelex01

🎯
Focusing
View GitHub Profile
@namishelex01
namishelex01 / g2
Last active July 11, 2023 21:57
network_scanner
import socket
import ipaddress
import json
import time
def save_results(results):
with open("last_scan_results.json", "w") as file:
json.dump(results, file)
def load_results():
@namishelex01
namishelex01 / play-with-pdfs.py
Created July 19, 2021 12:57
Merge pdfs, create pdf from images(jpg, png, etc)
import PyPDF2
from PIL import Image
def mergePdfs():
pdfs = ['sf_1.pdf', 'sf_2.pdf']
merger = PyPDF2.PdfFileMerger()
for pdf in pdfs:
merger.append(pdf)
@namishelex01
namishelex01 / Scenario-based Interview Questions
Last active August 19, 2024 15:04
Scenario-based interview questions for security engineers/analysts
What are the consequences if private keys of a Root CA gets compromised?
If you have rogue certificates of a well-known company, as an attacker, how can you use it for you own benefit?
As a security threat analyst, what will be your approach to respond to this incident? Securing Infra, servers and people!
> https://darknetdiaries.com/transcript/3/
How would you check the signature of a binary and restrict any unsigned binaries to run on a machine(Win/Linux/Mac)
> https://docs.microsoft.com/en-us/windows/win32/seccrypto/using-signtool-to-verify-a-file-signature
> (Rogue) https://blog.rapid7.com/2019/01/03/santas-elfs-running-linux-executables-without-execve/
How can I restrict the normal user to run only limited set of commands in Linux?
https[:]//docs.microsoft.com/en-us/archive/msdn-magazine/2002/march/inside-windows-an-in-depth-look-into-the-win32-portable-executable-file-format-part-2
https[:]//blahcat.github.io/2019/03/17/small-dumps-in-the-big-pool/
https[:]//www.fuzzysecurity.com/tutorials/16.html
https://blog.ropnop.com/hosting-clr-in-golang/
https[:]//evasions.checkpoint.com/
http[:]//www.catb.org/esr/faqs/hacker-howto.html
https[:]//vx-underground.org/
http[:]//sq.ro/malwarez.htm#
https[:]//github.com/d30sa1/RootKits-List-Download
https[:]//github.com/christian-roggia/open-myrtus
@namishelex01
namishelex01 / Security Engineer - Interview Questions.md
Last active September 15, 2024 11:34
Cyber security engineer, Security Engineer, Security Analyst, Information Security Analyst and many more names

Core Information Security

  • What is information security and how is it achieved?

  • What are the core principles of information security?

  • What is the CIA triangle?

  • What is non-repudiation (as it applies to IT security)?

-------------------------------------
INITIAL ACCESS
-------------------------------------
$ Drive-by Compromise
A drive-by compromise is when an adversary gains access to a system through a user visiting a website over the normal course of browsing.
Multiple ways of delivering exploit code to a browser exist, including:
> A legitimate website injected with JavaScript, iFrames, XSS.
> Malicious ads
> Built-in web application interfaces (e.g. forum posts, comments, and other user controllable web content)
CAM table Poisoning
Content Addressable Memory table poisoning attack on network switches.
This attack intends to corrupt the entries in the switch's CAM table so that the network traffic will be directed, causing a DoS attack attack situation
ARP Cache Poisoning-Based MiM
Introducing a spurious IP address to MAC address mapping in another host's ARP cache.
Abnormal ARP Traffic Detection
@namishelex01
namishelex01 / Top Vulnerabilities WebApp
Created August 31, 2018 11:24
I'm listing top vulnerabilities of most used CMS frameworks
> WordPress Plugin Quizlord 2.0 - XSS
> WordPress Plugin Jibu Pro 1.7 - XSS
> phpMyAdmin 4.7.x - XSRF
> WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection
> Responsive FileManager < 9.13.4 - Directory Traversal
> LiteCart 2.1.2 - Arbitrary File Upload
> Gleez CMS 1.2.0 - XSRF (Add Admin)
> WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQLi
> UltimatePOS 2.5 - RCE
> Twitter-Clone 1 - 'code' SQLi
@namishelex01
namishelex01 / Mona Py Cheat sheet
Last active December 12, 2023 15:10
This is a gist compilation of ***Corelan.be*** manual of mona py
Main Project Page -> github.com/corelan/mona
Download the file and save it to this typical location ->
C:\Program Files\Immunity Inc\Immunity Debugger\PyCommands
BASIC USAGE :
!mona in the input box and press enter
For more information = Open log window (ALT-L)
For Help options ->