gopsmith

#!/bin/zsh

# CREDITS: Original idea and script disable.sh by pwnsdx https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3
#   Big Sur revision by b0gdanw https://gist.github.com/b0gdanw/40d000342dd1ba4d892ad0bdf03ae6ea

# TEMPORARILY disabling (e.g. STOPPING via 'bootout') unwanted services on macOS 11 Big Sur and macOS 12 Monterey:
# This version is for a special boot that optimizes for real-time music performance and streaming video.
# Due to the read-only system volume introduced with macOS Catalina, this script can NOT be run in Recovery mode's Terminal.
# For my purposes I leave WiFi enabled, for streaming video to a local router with no internet connection.

reanimat0r

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

S3cur3Th1sSh1t

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

b0gdanw

#!/bin/zsh
#Credit: Original idea and script disable.sh by pwnsdx https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3

#Disabling unwanted services on macOS 11 Big Sur (11) and macOS Monterey (12)
#Disabling SIP is required  ("csrutil disable" from Terminal in Recovery)
#Modifications are written in /private/var/db/com.apple.xpc.launchd/ disabled.plist and disabled.501.plist


# user
TODISABLE=()

sarthakpranesh

# I use MacOS VMs from github for iOS development.
# By no suprise they are a bit slow and have a lot of things I don't use
# Hence this script for lighter and better VM for my iOS development and builds
# GUI and animation related things to tweak
defaults write NSGlobalDomain NSAutomaticWindowAnimationsEnabled -bool false
defaults write NSGlobalDomain NSWindowResizeTime -float 0.001
defaults write -g QLPanelAnimationDuration -float 0
defaults write com.apple.dock autohide-time-modifier -float 0
defaults write com.apple.dock launchanim -bool false
sudo sysctl debug.lowpri_throttle_enabled=0

0xblackbird

Open redirect bypasses

• Simply try to change the domain

  Example: ?redirect=https://example.com --> ?redirect=https://evil.com

• Bypass the filter when protocol is blacklisted using //

  Example: ?redirect=https://example.com --> ?redirect=//evil.com

fransr

var logger = console.trace;

// ELEMENT

;(getElementByIdCopy => {
  Element.prototype.getElementById = function(q) {
    logger('getElementById', q, this, this.innerHTML);
    return Reflect.apply(getElementByIdCopy, this, [q])
  }
})(Element.prototype.getElementById)

m8sec

#!/usr/bin/env python3
# Author: @m8sec

import os
import threading
from sys import exit
from time import sleep
from datetime import datetime
from subprocess import getoutput
from taser.proto.http import web_request

fransr

import httplib
import urllib

http = httplib.HTTPSConnection('example.com', 443)

cookie = 'your=cookies';

http.request("GET", "/api/v1/csrf", "", {
    'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36',
    'referer': 'https://example.com/',

aaronst

# C2 FQDNs
first seen fqdn
2019-12-11 23:37:10	updatemanagir.us
2019-12-20 17:51:05	cmdupdatewin.com
2019-12-26 18:03:27	scrservallinst.info
2020-01-10 00:33:57	winsystemupdate.com
2020-01-11 23:16:41	jomamba.best
2020-01-13 05:13:43	updatewinlsass.com
2020-01-16 11:38:53	winsysteminfo.com
2020-01-20 05:58:17	livecheckpointsrs.com