Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file
Marco Figueroa marcomafcorp
marcomafcorp
/ S1_Malware_lab_config_boxstarter.ps1
Last active
December 17, 2020 04:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-ExecutionPolicy Unrestricted; | |
| iex ((New-Object System.Net.WebClient).DownloadString('http://boxstarter.org/bootstrapper.ps1')); | |
| get-boxstarter -Force; | |
| Install-BoxstarterPackage -PackageName 'https://gist.github.com/marcomafcorp/f4b37da9d58281c39d512cf725c1cb9b/raw/fca0b590e8242b379300296a49fe9bff6e14dc30/S1_Malware_lab_config.ps1'; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # System Configuration | |
| ############################################################################### | |
| # Set up Chocolatey | |
| Write-Host "Initializing chocolatey" | |
| choco feature enable -n allowGlobalConfirmation | |
| choco feature enable -n allowEmptyChecksums | |
| $Boxstarter.RebootOk=$true # Allow reboots? | |
| $Boxstarter.NoPassword=$false # Is this a machine with no login password? |
marcomafcorp
/ guids.txt
Created
May 30, 2019 04:33
— forked from skochinsky/guids.txt
UEFI file/section GUIDs collection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; AMI | |
| [GUID_FILE] | |
| ; ACPI tables | |
| 16D0A23E-C09C-407d-A14A-AD058FDD0CA1=ACPI | |
| 11D8AC35-FB8A-44d1-8D09-0B5606D321B9=DSDT | |
| 95DFCAE5-BB28-4d6b-B1E2-3AF3A6BF434F=PTID | |
| FB045DB2-598E-485A-BA30-5D7B1B1BD54D=AOAC | |
| 60AC3A8F-4D66-4CD4-895A-C3F06E6665EE=iFfsAcpiTables | |
| 5B232086-350A-42c7-A70E-3497B5765D85=OEMSSDT | |
| 299141BB-211A-48a5-92C0-6F9A0A3A006E=PPMACPI |
marcomafcorp
/ WAHH_Task_Checklist.md
Created
April 12, 2019 13:24
— forked from jhaddix/Testing_Checklist.md
The Web Application Hacker's Handbook - Task Checklist - Github-Flavored Markdown
marcomafcorp
/ cloud_metadata.txt
Created
April 12, 2019 13:24
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
marcomafcorp
/ content_discovery_all.txt
Created
April 12, 2019 13:23
— forked from jhaddix/content_discovery_all.txt
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ |
marcomafcorp
/ bountyscan_setup.sh
Created
April 12, 2019 13:21
— forked from jhaddix/bountyscan_setup.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export DEBIAN_FRONTEND=noninteractive; | |
| echo "[*] Starting Install... [*]" | |
| echo "[*] Upgrade installed packages to latest [*]" | |
| echo -e "\nRunning a package upgrade...\n" | |
| apt-get -qq update && apt-get -qq dist-upgrade -y | |
| apt full-upgrade -y | |
| apt-get autoclean | |
| echo "[*] Install stuff I use all the time [*]" |
marcomafcorp
/ all.txt
Created
April 12, 2019 13:20
— forked from jhaddix/all.txt
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| . | |
| .. | |
| ........ | |
| @ | |
| * | |
| *.* | |
| *.*.* | |
| 🎠|
marcomafcorp
/ ghidra-community.md
Created
March 8, 2019 22:14
— forked from adulau/ghidra-community.md
Ghidra community - collection
As the Ghidra open source community is growing, trying to document the new projects around Ghidra. Feel free to fork the gist and propose improvements.
- New 6502 language module for Ghidra
- Atmel AVR helpers for Ghidra - ATmega328p
- Processor definitions for DMG and CGB in Ghidra - Gameboy CPU (LR35902) (WiP)
- ghidra based disassembly of the x68000's IPL.