Skip to content

Instantly share code, notes, and snippets.

View lirantal's full-sized avatar
💟
Writing a book on Node.js Secure Coding

Liran Tal lirantal

💟
Writing a book on Node.js Secure Coding
2.2k followers · 1k following
View GitHub Profile
@avilum
avilum / cursor-prompt.txt
Last active April 23, 2025 11:38
Cursor prompt template 07/04/2025
[V1]
You are a powerful agentic AI coding assistant, powered by [Claude 3.7 Sonnet]. You operate exclusively in Cursor, the world's best IDE.
Your main goal is to follow the USER's instructions at each message.
# Additional context
Each time the USER sends a message, we may automatically attach some information about their current state, such as what files they have open, where their cursor is, recently viewed files, edit history in their session so far, linter errors, and more.
Some information may be summarized or truncated.
This information may or may not be relevant to the coding task, it is up for you to decide.
@peterc
peterc / README.md
Last active February 20, 2025 16:05
Python scripts to fine-tune Qwen 1.5B slightly to follow a certain requested output format

On Runpod with latest PyTorch image (2.4.0) with a GPU > 32GB VRAM (e.g. NVIDIA A100 80GB PCIe).

ssh in and:

apt update -y
apt install -y nano screen git
pip install git+https://github.com/huggingface/trl.git accelerate transformers datasets peft wandb tqdm ninja flash-attn
@bozdoz
bozdoz / README.md
Last active December 26, 2024 07:09
Simple Example of how Deno could be calling NPM scripts

Important

Run with deno run --allow-run=deno main.ts (this allows us to run deno instead of node in scripts, but prevents any other nefarious scripts)

With NPM

npm run start

> [email protected] start
> node evil.js
@coolaj86
coolaj86 / ChatGPT-Dan-Jailbreak.md
Last active April 27, 2025 07:47
@MidSpike
MidSpike / readme.md
Last active January 29, 2025 18:02
CVE-2022-23812 | RIAEvangelist/node-ipc is malware / protest-ware
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active April 11, 2025 22:49
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@terjanq
terjanq / secdriven.md
Last active July 21, 2024 16:33
A TL;DR solution to Security Driven by @terjanq

A TL;DR solution to Security Driven by @terjanq

For this year's Google CTF, I prepared a challenge that is based on a real-world vulnerability. The challenge wasn't solved by any team during the competition so here is the proof that the challenge was in fact solvable! :)

The goal of the challenge was to send a malicious file to the admin and leak their file with a flag. The ID of the file was embedded into the challenge description (/file?id=133711377731) and only admin had access to it, because the file was private.

Disclamer: The write-up is written on airplane therefore the quality of it is poor, mostly to showcase the required steps to solve the challenge

@nikitastupin
nikitastupin / fingerprint.js
Created February 8, 2021 12:21
fingerprint.js
(() => {
let gadgets = [];
if (typeof _satellite !== 'undefined') {
gadgets.push('Adobe Dynamic Tag Management');
}
if (typeof BOOMR !== 'undefined') {
gadgets.push('Akamai Boomerang');
}
@prologic
prologic / LearnGoIn5mins.md
Last active February 12, 2025 06:52
Learn Go in ~5mins
@colbyfayock
colbyfayock / github-context.json
Created May 31, 2020 18:05
Sample payload for Github Action `github` context
{
"token": "[token]",
"job": "notifySlack",
"ref": "refs/pull/4/merge",
"sha": "[shad]",
"repository": "colbyfayock/demo-github-actions",
"repository_owner": "colbyfayock",
"repositoryUrl": "git://github.com/colbyfayock/demo-github-actions.git",
"run_id": 120667610,
"run_number": "2",