Skip to content

Instantly share code, notes, and snippets.

View tthtlc's full-sized avatar

Peter Teoh tthtlc

34 followers · 252 following
View GitHub Profile
@tthtlc
tthtlc / MongoDbNotes
Created January 19, 2025 16:20 — forked from vvardhanz/MongoDbNotes
MongoDbNotes
MongoDB University notes.
Mongo Db is a document.
Mongo Db uses JSON object/data.
Mongo Db supports scaling out using sharing technique.
Mongo Db supports scaling out vs scaling up.
BSON:
Mongo Db stores the data in the format of BSON. On the application side manogdb drivers map the BSON data into the native data types.
@tthtlc
tthtlc / seclist
Created January 16, 2025 03:32 — forked from ubogdan/seclist
seclist
0trace 1.5 A hop enumeration tool http://jon.oberheide.org/0trace/
3proxy 0.7.1.1 Tiny free proxy server. http://3proxy.ru/
3proxy-win32 0.7.1.1 Tiny free proxy server. http://3proxy.ru/
42zip 42 Recursive Zip archive bomb. http://blog.fefe.de/?ts=b6cea88d
acccheck 0.2.1 A password dictionary attack tool that targets windows authentication via the SMB protocol. http://labs.portcullis.co.uk/tools/acccheck/
ace 1.10 Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface http://ucsniff.sourceforge.net/ace.html
admid-pack 0.1 ADM DNS spoofing tools - Uses a variety of active and passive methods to spoof DNS packets. Very powerful. http://packetstormsecurity.com/files/10080/ADMid-pkg.tgz.html
adminpagefinder 0.1 This python script looks for a large amount of possible administrative interfaces on a given site. http://packetstormse
@ubogdan
ubogdan / seclist
Created November 18, 2023 16:50 — forked from hanshaze/seclist
seclist
0trace 1.5 A hop enumeration tool http://jon.oberheide.org/0trace/
3proxy 0.7.1.1 Tiny free proxy server. http://3proxy.ru/
3proxy-win32 0.7.1.1 Tiny free proxy server. http://3proxy.ru/
42zip 42 Recursive Zip archive bomb. http://blog.fefe.de/?ts=b6cea88d
acccheck 0.2.1 A password dictionary attack tool that targets windows authentication via the SMB protocol. http://labs.portcullis.co.uk/tools/acccheck/
ace 1.10 Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface http://ucsniff.sourceforge.net/ace.html
admid-pack 0.1 ADM DNS spoofing tools - Uses a variety of active and passive methods to spoof DNS packets. Very powerful. http://packetstormsecurity.com/files/10080/ADMid-pkg.tgz.html
adminpagefinder 0.1 This python script looks for a large amount of possible administrative interfaces on a given site. http://packetstormse
@borzacchiello
borzacchiello / DecompilerExporter.java
Last active September 23, 2024 21:05
Ghidra script to export C pseudo-code on multiple files, including defined types
/* ###
* IP: GHIDRA
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
@xdavidhu
xdavidhu / wokplace-ssl-pinning-bypass.md
Last active March 17, 2025 07:01
Bypassing SSL Pinning in Facebook/Meta Workplace (Android)

Tested on Workplace for Android version 362.0.0.29.109. This approach might work in other Facebook/Meta applications. Thank you Imre Rad for helping me analyze the binary.

How does it work?

The Workplace Android app uses the Fizz open source TLS-1.3 library to communicate with the backend APIs. This library is written in C++, and is compiled to native code. It is running as a native library attached to the Android app.

The certificate verification is implemented in fizz/client/ClientProtocol.cpp, on line 1944. The easiest way to bypass this check is to patch the if (state.verifier()) { check on line 1942.

@ruevaughn
ruevaughn / Bug Bounty Resources.txt
Last active November 24, 2024 17:36
My Resources and Links over time to various Tools, Notes, Videos, Papers, Articles, Writeups, and more. Will be moving to my own private hosted Wikipedia soon. Ascii Art Font: Calvin S
╔╦╗╦ ╦ ╔╗ ┬ ┬┌─┐ ╔╗ ┌─┐┬ ┬┌┐┌┬┐┬ ┬ ╦═╗┌─┐┌─┐┌─┐┬ ┬┬─┐┌─┐┌─┐┌─┐
║║║╚╦╝ ╠╩╗│ ││ ┬ ╠╩╗│ ││ │││││ └┬┘ ╠╦╝├┤ └─┐│ ││ │├┬┘│ ├┤ └─┐
╩ ╩ ╩ ╚═╝└─┘└─┘ ╚═╝└─┘└─┘┘└┘┴ ┴ ╩╚═└─┘└─┘└─┘└─┘┴└─└─┘└─┘└─┘
//
()==========>>======================================--
\\
2FA Bypass
@PatrikFehrenbach
PatrikFehrenbach / Amass Config
Created September 23, 2020 15:43
# Copyright 2017-2020 Jeff Foley. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# Should results only be collected passively and without DNS resolution? Not recommended.
#mode = passive
mode = active
# The directory that stores the Cayley graph database and other output files
# The default for Linux systems is: $HOME/.config/amass
#output_directory = amass
@alexander-hanel
alexander-hanel / GORE.md
Last active April 4, 2025 10:48
Go Lang Reverse Engineering Resources/Links
@dineshbhagat
dineshbhagat / Steps to migrate from jdk-8 to openJDK-11.md
Last active September 26, 2024 16:52
Steps to migrate from jdk-8 to adoptopenjdk-11
@praveen1664
praveen1664 / Machine Learning Made easy
Created June 9, 2019 09:30
Machine Learning Made easy
A curated list of Easy machine learning frameworks, libraries and software (by language).
If you want to contribute to this list (please do), send me a pull request or contact me [@praveen1664](https://www.justadvancetechnology.com/).
Also, a listed repository should be deprecated if:
* Repository's owner explicitly say that "this library is not maintained".
* Not committed for long time (2~3 years).