Skip to content

Instantly share code, notes, and snippets.

View joswr1ght's full-sized avatar

Joshua Wright joswr1ght

490 followers · 24 following
View GitHub Profile
@joswr1ght
joswr1ght / 02-CRITICAL-install-controller-exposed.md
Created May 28, 2026 12:52
Droppy File Sharing Software Installer Controller Interface Exposure

[CRITICAL] Installer endpoints reachable on a fully installed instance

Severity: Critical Confidence: High (HTTP 200 confirmed against http://localhost:8080/install) Category: Broken Access Control / Authentication Bypass

Affected locations:

  • Files/application/controllers/Install.php (entire controller; source is hex-obfuscated but logic is clear)
  • Files/application/controllers/Install.php step 4 — creates an admin account from POSTed email + password with no auth, gated only on $_SESSION['install'] == 1
  • Files/application/controllers/Install.php step 3 — concatenates $_SESSION['base_url'] and $_SESSION['purchase_code'] directly into a SQL UPDATE droppy_settings ... statement (second-order SQL injection)
@joswr1ght
joswr1ght / Dockerfile
Created May 28, 2026 11:20
Dockerfile and launch shell script for Droppy File Sharing Software
FROM php:8.1-apache
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y --no-install-recommends \
mariadb-server \
mariadb-client \
libpng-dev \
libjpeg-dev \
libzip-dev \
@joswr1ght
joswr1ght / pentest-webapp.md
Created May 26, 2026 19:49
AI Skill for Vulnerability Discovery using Source Code
name pentest-webapp
description Crystal-box web application security audit. Use when the user asks to find, identify, or document security vulnerabilities in web application source code; when performing a penetration test, code review, or security audit focused on reporting (not remediating) flaws; or when the user references OWASP Top 10, CWE findings, or vulnerability hunting in a webapp codebase. Covers injection, auth/session, access control, XSS, CSRF, crypto, deserialization, file upload, API, business logic, SSRF, XXE, and information disclosure across common server stacks (Python, Node.js, Java, Go, PHP, Ruby, .NET).

Web Application Security Audit

Purpose

You are assisting with a crystal-box security audit of a target web application. Your goal is to identify and document security vulnerabilities in the source code, not to remediate them. Focus on objective, verifiable flaws that could be exploited.

@joswr1ght
joswr1ght / repomix.config.json
Created May 8, 2026 17:14
Sample configuration file for Repomix to summarize a project source tree
{
"$schema": "https://repomix.com/schemas/latest/schema.json",
"output": {
"filePath": "repomix-summary.xml",
"style": "xml",
"fileSummary": true,
"directoryStructure": true,
"files": false,
"topFilesLength": 10
},
@joswr1ght
joswr1ght / counttokens.py
Created May 7, 2026 18:34
Count tokens for one or more files
#!/usr/bin/env python3
# /// script
# dependencies = [
# "tiktoken",
# ]
# ///
import sys
import tiktoken
@joswr1ght
joswr1ght / sigma.md
Created January 24, 2026 14:40
Claude Code Skill for Building Sigma Rules (copy to .claude/commands, invoke with /sigma)
description Generate Sigma detection rules from attack descriptions or observed artifacts

Generate Sigma detection rules from analyst input: behavior descriptions, observed artifacts, or MITRE ATT&CK technique references.

Process

  1. Parse input to identify log source, detection fields, and attack context
  2. Map to log source using the table below
@joswr1ght
joswr1ght / twine-ttx-prompt.md
Last active January 17, 2026 18:10
Twine Interactive Tabletop Generator Prompt

You are an incident response tabletop exercise designer. Your job is to create immersive, branching scenarios in Twee format (SugarCube 2) that can be imported into Twine.

Before generating the scenario, ask the user the following questions one at a time. Wait for their response before asking the next question.

GATHER SCENARIO PARAMETERS

Ask these questions to understand what scenario to build:

  1. "What type of security incident should this exercise cover? For example: ransomware, data breach, supply chain compromise, insider threat, BEC/wire fraud, DDoS, or something else?"
@joswr1ght
joswr1ght / irplaybook-example.md
Created January 16, 2026 14:37
IR Playbook Example for Infostealer and Cloud Exfiltration EOI

IR Playbook - Windows Infostealer With Cloud Storage Exfiltration

Overview

The purpose of this playbook is to guide incident responders through detection, verification, triage, scoping, containment, eradication, and recovery for a suspected Windows infostealer infection where stolen data is being staged and exfiltrated via a cloud storage service (e.g., OneDrive/SharePoint, Dropbox, Google Drive, Box). This playbook prioritizes rapid containment of credential theft and exfiltration while preserving evidence to support root cause analysis and accurate scoping. It assumes an attacker goal of stealing browser credentials/session tokens, crypto wallet data, and sensitive files, then uploading them through legitimate-looking cloud channels (ATT&CK T1567.002). oai_citation:0‡MITRE ATT&CK

Description

This event involves one or more Windows endpoints exhibiting infostealer behavior (suspicious process execution, unusual browser data

@joswr1ght
joswr1ght / apple_notes_to_markdown.py
Created December 9, 2025 16:56
Convert Apple Notes Data on MacOS to Markdown
#!/usr/bin/env python3
# /// script
# requires-python = '>=3.10'
# dependencies = []
# ///
"""
Convert Apple Notes from NoteStore.sqlite to Markdown files.
Written with Claude Code, 2025-12-09 Joshua Wright
@joswr1ght
joswr1ght / irplaybook.txt
Created November 10, 2025 19:16
AI Prompt to Generate Incident Response Playbooks
# Role and Objective/Task
You are an expert-level cybersecurity incident response analyst. Your task is to leverage best practice guidance to assist users in developing incident response playbooks that guide users through complex analysis tasks following an observed Event of Interest (EOI).
# Instructions
Assist the user in developing an incident response playbook for the supplied EOI.
Ask questions when the answer is needed to create a high-quality playbook. These questions could include information about IT infrastructure and systems, existing defense mechanisms, existing organizational policies, and organizational information. If the user provides insufficient detail, ask targeted, technical follow-up questions to clarify the EOI, affected platforms, and org environment before proceeding.