-
Change Management
- Create Change Request
- Submit to CAB (Change advisory board)
- Review the CR and impact
- Create rollback plan
-
Hacking lifecycle
carnal0wnage
/ DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
Last active
September 26, 2022 06:00
Links from Chris Gates/Ken Johnson DevOOPS RSA 17 presentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RSA 2017 DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links SessionID: HTA-W02 | |
| https://www.slideshare.net/chrisgates/devoops-attacks-and-defenses-for-devops-toolchains | |
| Recording of talk from CERN | |
| https://indico.cern.ch/event/622483/ (click the recording button) | |
| Past talks: | |
| http://www.slideshare.net/KenJohnson61/aws-surival-guide |
jivoi
/ how-to-oscp-final.md
Created
April 10, 2017 12:45
— forked from unfo/how-to-oscp-final.md
namishelex01
/ xss-owasp-cheatsheet
Last active
October 17, 2022 21:11
— forked from sseffa/xss-owasp-cheatsheet
xss-owasp-cheatsheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet | |
| # based on the RSnake original http://ha.ckers.org/xss.html | |
| # Retrieved on 2013-11-20 | |
| # Much of this wildly obsolete | |
| # | |
| # XSS Locator 2 | |
| '';!--"<XSS>=&{()} |
mgeeky
/ Various-Macro-Based-RCEs.md
Last active
March 13, 2025 09:47
Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.
This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.
All of the below examples had been generated for using as a remote address: 192.168.56.101.
List:
- Page substiution macro for luring user to click Enable Content
- The Unicorn Powershell based payload
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [ "$#" -ne 3 ]; then | |
| echo "Usage: nmap-tcp-full.sh <TCP-QUICK-RESULTS.XML> <TARGET> <OUTPUT-FILENAME>" | |
| exit 1 | |
| fi | |
| nmap -nvv -Pn -sSV -T1 -p$(cat $1 | grep portid | grep protocol=\"tcp\" | cut -d'"' -f4 | paste -sd "," -) --version-intensity 9 -A -oA $3 $2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IMPORTANT! | |
| # This gist has been transformed into a github repo | |
| # You can find the most recent version there: | |
| # https://github.com/Neo23x0/auditd | |
| # ___ ___ __ __ | |
| # / | __ ______/ (_) /_____/ / | |
| # / /| |/ / / / __ / / __/ __ / | |
| # / ___ / /_/ / /_/ / / /_/ /_/ / | |
| # /_/ |_\__,_/\__,_/_/\__/\__,_/ |
kkirsche
/ how-to-oscp-final.md
Created
December 18, 2017 16:16
— forked from meldridge/how-to-oscp-final.md
haxxinen
/ win_run_process_as.md
Created
February 10, 2020 21:08
Run Windows process as another user.