- How to Build a Successful Information Security Career (Daniel Miessler)
- The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
- Hiring your first Security Professional (Peerlyst - Dawid Balut)
- How to Start a Career in Cyber security
- How to Get Into Information Security (ISC^2)
- https://www.isc2.org/how-to-get-into-information-security.aspx
Chris Farrell seajaysec
Dbof
/ ntpspoof.py
Last active
February 10, 2025 17:37
NTP spoofer to change the date of any victim to the year 2035
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import sys | |
| import time | |
| from subprocess import Popen, DEVNULL | |
| import datetime | |
| from scapy.all import IP, UDP, NTP | |
| from netfilterqueue import NetfilterQueue | |
| def get_switch_ip(): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| #set -x | |
| platform_version="x86x64" | |
| device_type="Linux-x86" | |
| device_uniqueid="jlester-nixos" | |
| # delete the csdXXXXXX temp files so they don't start piling up | |
| rm -f $1 | |
| exec curl \ | |
| --globoff \ | |
| --insecure \ |
ryan-wendel
/ smb_cme_credspray.sh
Last active
November 9, 2023 17:57
A wrapper around CrackMapExec to help prevent locking accounts when credential spraying SMB services.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| HOST="$1" | |
| USERS="$2" | |
| PASSWORDS="$3" | |
| SLEEP="$4" | |
| EMAIL="[email protected]" | |
| TEXT="[email protected]" |
edermi
/ snallygaster.txt
Created
April 26, 2018 18:47
snallygaster.txt - a wordlist to use with e.g. gobuster to query the same resources as @hannob's snallygaster
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| lfm.php | |
| .idea/WebServers.xml | |
| config/databases.yml | |
| .git/config | |
| .svn/entries | |
| CVS/Root | |
| server-status | |
| core | |
| sftp-config.json | |
| WS_FTP.ini |
jhaddix
/ content_discovery_all.txt
Created
May 26, 2018 11:51
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ |
dirkjanm
/ getloggedon.py
Created
September 15, 2018 19:27
Simple script that uses impacket to enumerate logged on users as admin using NetrWkstaUserEnum and impacket
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Copyright (c) 2012-2018 CORE Security Technologies | |
| # | |
| # This software is provided under under a slightly modified version | |
| # of the Apache Software License. See the accompanying LICENSE file | |
| # for more information. | |
| # | |
| # Gets logged on users via NetrWkstaUserEnum (requires admin on targets). | |
| # Mostly adapted from netview.py and lookupsid.py | |
| # |
3xocyte
/ dementor.py
Last active
February 25, 2025 00:20
rough PoC to connect to spoolss to elicit machine account authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
| # some code from https://www.exploit-db.com/exploits/2879/ | |
| import os | |
| import sys | |
| import argparse | |
| import binascii | |
| import ConfigParser |
jeffmcjunkin
/ gist:7b4a67bb7dd0cfbfbd83768f3aa6eb12
Last active
January 27, 2025 07:01
Useful Cypher queries for BloodHound
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer | |
| RETURN u.name | |
| That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership | |
| --------------- | |
| MATCH | |
| (U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer) | |
| WITH | |
| U.name as n, |
This file has been truncated, but you can view the full file.