Bart Black reanimat0r
gopsmith
/ DisableBigSurMonterey.sh
Last active
September 23, 2025 05:52
— forked from b0gdanw/DisableBigSur.sh
Disable Big Sur and Monterey services
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| # CREDITS: Original idea and script disable.sh by pwnsdx https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3 | |
| # Big Sur revision by b0gdanw https://gist.github.com/b0gdanw/40d000342dd1ba4d892ad0bdf03ae6ea | |
| # TEMPORARILY disabling (e.g. STOPPING via 'bootout') unwanted services on macOS 11 Big Sur and macOS 12 Monterey: | |
| # This version is for a special boot that optimizes for real-time music performance and streaming video. | |
| # Due to the read-only system volume introduced with macOS Catalina, this script can NOT be run in Recovery mode's Terminal. | |
| # For my purposes I leave WiFi enabled, for streaming video to a local router with no internet connection. |
reanimat0r
/ kerberos_attacks_cheatsheet.md
Created
February 23, 2022 12:01
— forked from S3cur3Th1sSh1t/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
S3cur3Th1sSh1t
/ kerberos_attacks_cheatsheet.md
Created
December 13, 2021 12:58
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| #Credit: Original idea and script disable.sh by pwnsdx https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3 | |
| #Disabling unwanted services on macOS 11 Big Sur (11) and macOS Monterey (12) | |
| #Disabling SIP is required ("csrutil disable" from Terminal in Recovery) | |
| #Modifications are written in /private/var/db/com.apple.xpc.launchd/ disabled.plist and disabled.501.plist | |
| # user | |
| TODISABLE=() |
sarthakpranesh
/ cleanMacVMs.sh
Last active
September 17, 2025 10:11
Debloat Mac OS ( use at your own risk )
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I use MacOS VMs from github for iOS development. | |
| # By no suprise they are a bit slow and have a lot of things I don't use | |
| # Hence this script for lighter and better VM for my iOS development and builds | |
| # GUI and animation related things to tweak | |
| defaults write NSGlobalDomain NSAutomaticWindowAnimationsEnabled -bool false | |
| defaults write NSGlobalDomain NSWindowResizeTime -float 0.001 | |
| defaults write -g QLPanelAnimationDuration -float 0 | |
| defaults write com.apple.dock autohide-time-modifier -float 0 | |
| defaults write com.apple.dock launchanim -bool false | |
| sudo sysctl debug.lowpri_throttle_enabled=0 |
-
Simply try to change the domain
Example: ?redirect=https://example.com --> ?redirect=https://evil.com
-
Bypass the filter when protocol is blacklisted using
//Example: ?redirect=https://example.com --> ?redirect=//evil.com
fransr
/ logger.js
Last active
July 17, 2025 13:47
logger.js for hunting script gadgets. More info about script gadgets: https://github.com/google/security-research-pocs/tree/master/script-gadgets (Sebastian Lekies / Eduardo Vela Nava / Krzysztof Kotowicz)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var logger = console.trace; | |
| // ELEMENT | |
| ;(getElementByIdCopy => { | |
| Element.prototype.getElementById = function(q) { | |
| logger('getElementById', q, this, this.innerHTML); | |
| return Reflect.apply(getElementByIdCopy, this, [q]) | |
| } | |
| })(Element.prototype.getElementById) |
m8sec
/ slackexec.py
Last active
February 13, 2025 18:52
Python script to monitor a Slack channel and automate task execution.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Author: @m8sec | |
| import os | |
| import threading | |
| from sys import exit | |
| from time import sleep | |
| from datetime import datetime | |
| from subprocess import getoutput | |
| from taser.proto.http import web_request |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import httplib | |
| import urllib | |
| http = httplib.HTTPSConnection('example.com', 443) | |
| cookie = 'your=cookies'; | |
| http.request("GET", "/api/v1/csrf", "", { | |
| 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36', | |
| 'referer': 'https://example.com/', |
NewerOlder