Skip to content

Instantly share code, notes, and snippets.

View IgorSasovets's full-sized avatar

IgorSasovets

54 followers · 150 following
View GitHub Profile
@invictus-ir
invictus-ir / CloudTrail.csv
Last active March 31, 2025 04:32
An overview of CloudTrail events that are interesting from an Incident Response perspective
We can make this file beautiful and searchable if this error is corrected: It looks like row 8 should actually have 10 columns, instead of 9 in line 7.
"Initial Access","Execution","Persistence","Privilege Escalation","Defense Evasion","Credential Access","Discovery","Lateral Movement","Exfiltration","Impact"
ConsoleLogin,StartInstance,CreateAccessKey,CreateGroup,StopLogging,GetSecretValue,ListUsers,AssumeRole,CreateSnapShot,PutBucketVersioning
PasswordRecoveryRequested,StartInstances,CreateUser,CreateRole,DeleteTrail,GetPasswordData,ListRoles,SwitchRole,ModifySnapshotAttributes ,RunInstances
,Invoke,CreateNetworkAclEntry,UpdateAccessKey,UpdateTrail,RequestCertificate,ListIdentities,,ModifyImageAttribute,DeleteAccountPublicAccessBlock
,SendCommand,CreateRoute,PutGroupPolicy,PutEventSelectors,UpdateAssumeRolePolicy,ListAccessKeys,,SharedSnapshotCopyInitiated,
,,CreateLoginProfile,PutRolePolicy,DeleteFlowLogs,,ListServiceQuotas,,SharedSnapshotVolumeCreated,
,,AuthorizeSecurityGroupEgress,PutUserPolicy,DeleteDetector,,ListInstanceProfiles,,ModifyDBSnapshotAttribute,
,,AuthorizeSecurityGroupIngress,AddRoleToInstanceProfile,DeleteMembers,,ListBuckets,,PutBucketP
@reikoNeko
reikoNeko / build_capteha_images.md
Last active December 16, 2019 14:38
We need moar candy canes!?

Need more images from the Frido Sleigh CAPTEHA? Just want to test your training and categorization?

  • Open the site in a Chrome browser and open the developer tools
  • Log all the images through multiple runs of the CAPTEHA
  • Capture images into a .har archive -- It's just json, and the request strings include the full image in base64 mode.
  • Run the attached script to convert the images from the .har file to .png

Then run Chris Davis's scripts from https://github.com/chrisjd20/img_rec_tf_ml_demo to categorize your images!

@juanesech
juanesech / waf.py
Created December 12, 2018 18:59
Create a ip set based rule and ACL on AWS WAF using boto3
import boto3
import sys
import fileinput
client = boto3.client('waf')
app_name = sys.argv[1]
acl_action = sys.argv[2]
rule_action = sys.argv[3]
ip_set = ''
@githubfoam
githubfoam / pentest cheat sheet
Last active March 9, 2025 08:21
pentest cheat sheet
----------------------------------------------------------------------------------------------------
OWASP Top Ten
https://owasp.org/www-project-top-ten/
The CWE Top 25
https://www.sans.org/top25-software-errors/
2022 CWE Top 25 Most Dangerous Software Weaknesses
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html
@Pulimet
Pulimet / AdbCommands
Last active May 1, 2025 04:50
Adb useful commands list
Hi All!
I've recently launched a tool that wraps many of the commands here with a user interface. This desktop application is currently available for macOS. There's a roadmap outlining planned features for the near future.
Feel free to request any features you'd like to see, and I'll prioritize them accordingly.
One of the most important aspects of this application is that every command executed behind the scenes is displayed in a special log section. This allows you to see exactly what’s happening and learn from it.
Here's the link to the repository: https://github.com/Pulimet/ADBugger
App Description:
ADBugger is a desktop tool designed for debugging and QA of Android devices and emulators. It simplifies testing, debugging, and performance analysis by offering device management, automated testing, log analysis, and remote control capabilities. This ensures smooth app performance across various setups.
@codediodeio
codediodeio / database.rules.json
Last active January 10, 2025 22:28
Common Database Rules for Firebase
// No Security
{
"rules": {
".read": true,
".write": true
}
}
@javilobo8
javilobo8 / download-file.js
Last active March 17, 2025 14:25
Download files with AJAX (axios)
axios({
url: 'http://localhost:5000/static/example.pdf',
method: 'GET',
responseType: 'blob', // important
}).then((response) => {
const url = window.URL.createObjectURL(new Blob([response.data]));
const link = document.createElement('a');
link.href = url;
link.setAttribute('download', 'file.pdf');
document.body.appendChild(link);
@jgamblin
jgamblin / burpsettings.json
Created April 17, 2017 13:04
Burp Settings JSON
{
"project_options":{
"connections":{
"hostname_resolution":[],
"out_of_scope_requests":{
"drop_all_out_of_scope":false,
"exclude":[
{
"enabled":true,
"file":"logout",
@mdonkers
mdonkers / server.py
Last active April 4, 2025 13:11
Simple Python 3 HTTP server for logging all GET and POST requests
#!/usr/bin/env python3
"""
License: MIT License
Copyright (c) 2023 Miel Donkers
Very simple HTTP server in python for logging requests
Usage::
./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer
@candycode
candycode / image-arraybuffer.js
Created March 7, 2014 15:24
Create a jpg image from ArrayBuffer data
// Simulate a call to Dropbox or other service that can
// return an image as an ArrayBuffer.
var xhr = new XMLHttpRequest();
// Use JSFiddle logo as a sample image to avoid complicating
// this example with cross-domain issues.
xhr.open( "GET", "http://fiddle.jshell.net/img/logo.png", true );
// Ask for the result as an ArrayBuffer.
xhr.responseType = "arraybuffer";