Skip to content

Instantly share code, notes, and snippets.

View z3r0b47's full-sized avatar
🌀
¯\_ (ツ)_/¯

z3r0b47

🌀
¯\_ (ツ)_/¯
View GitHub Profile
@Shotokhan
Shotokhan / bof_cheatsheet.md
Created May 29, 2023 07:02
Buffer overflow cheatsheet for eCPPT / OSCP

Buffer overflow cheatsheet for pentesters

This will be a cheatsheet for exploitation of binary services, aimed at pentesters preparing for exams like eCPPT and OSCP (look at other resources for training about binary exploitation in general, like pwnable.kr).

BOF Windows (no protections, stack buffer overflow)

Suppose you find an open port, you don't know what service is on it but then you realize that there is a custom binary, by interacting with it with netcat. You may have obtained the binary for that service by interacting with other services (e.g., a path traversal vulnerability in a web application) or from external sources (e.g., OSINT).

Preparing a local environment for testing the service

At this point, you can't make the service crash by fuzzing it on the target server, you need a reliable exploit. So, you fire up your Windows 7 VM with debugging tools installed (Immunity with mona). You copy the binary there, open it with Immunity, then you run it (Debug -> Run).

@ScienceWolf666
ScienceWolf666 / Operating Systems Administrator Cheat Sheet ( Ubuntu & Debian ).md
Last active May 19, 2024 13:35
Operating Systems Administrator Cheat Sheet ( Ubuntu & Debian )

📖 | Operating Systems Administrator Cheat Sheet

Systems Operation Manual " Ubuntu & Debian " Basic Commands Help Guide

Aktualizacja systemu

  • Aktualizacja listy pakietów: sudo apt update
  • Aktualizacja zainstalowanych pakietów: sudo apt upgrade
  • Aktualizacja systemu (uwzględnia usuwanie niepotrzebnych pakietów): sudo apt dist-upgrade

Instalacja i usuwanie pakietów

@kconner
kconner / macOS Internals.md
Last active April 24, 2025 10:08
macOS Internals

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

@rain-1
rain-1 / LLM.md
Last active April 8, 2025 13:49
LLM Introduction: Learn Language Models

Purpose

Bootstrap knowledge of LLMs ASAP. With a bias/focus to GPT.

Avoid being a link dump. Try to provide only valuable well tuned information.

Prelude

Neural network links before starting with transformers.

@localzet
localzet / AITool.md
Created January 17, 2023 10:17
AI Tool Master List
@axelarator
axelarator / Feedly.opml
Last active February 21, 2023 02:23
Feedly Infosec Gist
<?xml version="1.0" encoding="UTF-8"?>
<opml version="1.0">
<head>
<title>Taylor subscriptions in feedly Cloud</title>
</head>
<body>
<outline text="Threat Intelligence" title="Threat Intelligence">
<outline type="rss" text="secrutiny.com" title="secrutiny.com" xmlUrl="https://secrutiny.com/feed/" htmlUrl="https://secrutiny.com/"/>
<outline type="rss" text="Infosec in Walmart Global Tech Blog on Medium" title="Infosec in Walmart Global Tech Blog on Medium" xmlUrl="https://medium.com/feed/walmartglobaltech/tagged/infosec" htmlUrl="https://medium.com/walmartglobaltech/tagged/infosec?source=rss----905ea2b3d4d1--infosec"/>
@ruevaughn
ruevaughn / 1_top+hacker_methodologies.md
Last active April 2, 2025 17:36
Hacker Methodologies & Tools (NEW)

The Top Hacker Methodologies & Tools Notes

By Chase. ** *

Nuclei Templates

Concrete5 CMS : Identification, Mass Hunting, Nuclei Template Writing & Reporting

@extratone
extratone / AppleInternals.csv
Created October 4, 2022 07:11
[Apple Internals](https://mroi.github.io/apple-internals/)
Term Description
1TR One True Recovery; booting into macOS recovery on Apple Silicon by holding the power button to verify physical presence; enables interaction with SEP to change Boot Policy
AA Apple account
AA Apple Archive, see also Apple Encrypted Archive; command line tools: aa, aea, compression_tool
AAC Automatic Assessment Configuration; AutomaticAssessmentConfiguration.framework; puts device in a locked mode for exam-style test applications
AAT Apple Advanced Typography; font format and rendering engine
Accounts launchd service: com.apple.accountsd; /System/Library/Accounts
ACDE Apple Connect Device External? ACDEClient.framework, old two-step verification, derived from a company-internal AppleConnect system? server: appleconnect.apple.com
ACFS Apple Clustered File System; deprecated file system for Xsan; acfs.framework
Acoustic ID Siri feature to recognize songs
@thypon
thypon / custom-netsec.googles
Last active November 28, 2022 10:49
Custom Netsec Goggle
! name: MyNetsec
! description: Prioritizes domains popular with the information security community. Primarily uses submissions and scoring from /r/netsec.
! public: true
! author: Andrea Brancaleoni
! avatar: #ff0000
! homepage: https://github.com/thypon
! Goggle extras
$discard
$boost=3,site=github.io
@Te-k
Te-k / threat_intel.md
Last active September 12, 2024 07:23
Threat Intelligence platforms