Skip to content

Instantly share code, notes, and snippets.

View namishelex01's full-sized avatar
🎯
Focusing

Namish namishelex01

🎯
Focusing
View GitHub Profile
@haxxinen
haxxinen / win_run_process_as.md
Created February 10, 2020 21:08
Run Windows process as another user.

1. Prerequisites

1.1. Account must be enabled (net user Administrator /active:yes)
>net user Administrator | findstr "active"
Account active               Yes
1.2. Info about domain and local host name

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Escalate
  5. Document it

Time yourself

@Neo23x0
Neo23x0 / audit.rules
Last active September 16, 2024 14:59
Linux Auditd Best Practice Configuration
# IMPORTANT!
# This gist has been transformed into a github repo
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/
@coffeegist
coffeegist / nmap-tcp-full.sh
Last active June 21, 2024 16:04
OSCP nmap scripts
if [ "$#" -ne 3 ]; then
echo "Usage: nmap-tcp-full.sh <TCP-QUICK-RESULTS.XML> <TARGET> <OUTPUT-FILENAME>"
exit 1
fi
nmap -nvv -Pn -sSV -T1 -p$(cat $1 | grep portid | grep protocol=\"tcp\" | cut -d'"' -f4 | paste -sd "," -) --version-intensity 9 -A -oA $3 $2
@mgeeky
mgeeky / Various-Macro-Based-RCEs.md
Last active October 4, 2024 16:24
Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.

This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.

All of the below examples had been generated for using as a remote address: 192.168.56.101.

List:

  1. Page substiution macro for luring user to click Enable Content
  2. The Unicorn Powershell based payload
@namishelex01
namishelex01 / xss-owasp-cheatsheet
Last active October 17, 2022 21:11 — forked from sseffa/xss-owasp-cheatsheet
xss-owasp-cheatsheet
#
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
# based on the RSnake original http://ha.ckers.org/xss.html
# Retrieved on 2013-11-20
# Much of this wildly obsolete
#
# XSS Locator 2
'';!--"<XSS>=&{()}
@penafieljlm
penafieljlm / cissp_notes.md
Last active September 29, 2024 22:46
Personal CISSP Study Notes

CISSP Notes

CIA Triad

  • Confidentiality
    • Resources should be protected from unauthorized access
    • Prioritized by governments
    • Concepts
      • Sensitivity
        • How harmful is disclosure
  • Discretion

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

@carnal0wnage
carnal0wnage / DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
Last active September 26, 2022 06:00
Links from Chris Gates/Ken Johnson DevOOPS RSA 17 presentation
@duongkai
duongkai / lecture_note.md
Last active July 30, 2018 05:57
CISSP lectures note

Day 2

Chapter 2. Asset

Change management

  • Change Management

    • Create Change Request
    • Submit to CAB (Change advisory board)
    • Review the CR and impact
    • Create rollback plan
  • Hacking lifecycle