Skip to content

Instantly share code, notes, and snippets.

View soxfmr's full-sized avatar
🎯
Focusing

soxfmr

🎯
Focusing
47 followers · 60 following
  • /dev/null
View GitHub Profile
@zachlatta
zachlatta / almost_pwned.md
Last active May 7, 2025 14:50

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

  1. Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.

  2. They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.

  3. I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

@mjkstra
mjkstra / arch_linux_installation_guide.md
Last active May 7, 2025 23:51
A modern, updated installation guide for Arch Linux with BTRFS on an UEFI system
@NiceRath
NiceRath / nftables_tproxy_example.nft
Last active March 6, 2025 12:00
NFTables TPROXY - proxy input and output
#!/usr/sbin/nft -f
# see also:
# https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks
# https://docs.kernel.org/networking/tproxy.html
# https://powerdns.org/tproxydoc/tproxy.md.html
# http://git.netfilter.org/nftables/commit/?id=2be1d52644cf77bb2634fb504a265da480c5e901
# http://wiki.squid-cache.org/Features/Tproxy4
# https://serverfault.com/questions/1052717/how-to-translate-ip-route-add-local-0-0-0-0-0-dev-lo-table-100-to-systemd-netw
# https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/net/netfilter/nft_tproxy.c
@othyn
othyn / guide.md
Last active May 7, 2025 03:40
Fix horrendously bad macOS (12.3.1 tested) SMB (Samba) performance on Unraid

Intro

Out of the box, my SMB performance on macOS 12.3.1 would top out at around 20MB/s in short ~5 second bursts, which was absolutely horrendous, slow to navigate in Finder and slugish to interact with.

Since making these changes, I now get sustained ~80-100MB/s+ and instant Finder navigation which is superb and how things should be out-of-the-box (OOTB)!

May 2023 update: As of Ventura, the SMB issues were just horribly inconsistent and hard to maintain. Something in the combination of Unraid, macOS and SMB just doesn't play nice. I ended up binning NFS/SMB all together and heading to a locally hosted Nextcloud instance for file syncing, then using SFTP/Ansible Git flow for editing files within appdata.

Sources

@tatumroaquin
tatumroaquin / archlinux-qemu-kvm.md
Last active May 8, 2025 18:16
QEMU-KVM Installation for Arch Linux

QEMU-KVM in Arch Linux

Check Virtualization Support

lscpu | grep -i Virtualization
  • VT-x for Intel
  • AMD-Vi for AMD

Ensure that your kernel includes KVM modules

@mgraeber-rc
mgraeber-rc / MITRE_Attack_WindowsAppControl.csv
Created February 8, 2021 18:58
Windows-specific MITRE ATT&CK techniques application control prevention assessment. This is a first attempt to assess the extent to which application control solutions would mitigate/prevent attack techniques. Note: this highly subjective assessment assumes a system that enforces an application control solution that at a minimum allows all Windo…
ID Name MitigatedByAppControl Notes
T1001 Data Obfuscation Not Applicable Relevant sub-techniques addressed below
T1001.001 Junk Data No Technique is not necessarily related to the execution of arbitrary code on an endpoint.
T1001.002 Steganography Limited If custom attacker code were necessary to perform this technique, it would be prevented.
T1001.003 Protocol Impersonation Limited If custom attacker code were necessary to perform this technique, it would be prevented.
T1003 OS Credential Dumping Not Applicable Relevant sub-techniques addressed below
T1003.001 LSASS Memory Limited Built-in utilities exist to perform this technique. They would have to be explicitly blocked.
T1003.002 Security Account Manager Limited Built-in utilities exist to perform this technique. They would have to be explicitly blocked.
T1003.003 NTDS Limited Built-in utilities exist to perform this technique. They would have to be explicitly blocked.
T1003.004 LSA Secrets Limited Built-in utilities exist to perform this technique.
@2XXE-SRA
2XXE-SRA / netrelease.ps1
Last active January 18, 2025 04:26
Add user to LanmanServer SrvsvcSessionInfo DACL, allowing them to perform NetSessionEnum (e.g. NetSess, BloodHound)
# based on NetCease: https://gallery.technet.microsoft.com/Net-Cease-Blocking-Net-1e8dcb5b
# can be deployed on a per-host basis using this script - e.g. via something like SCCM
# or, once deployed to one host, can be deployed via GPO Registry preferences by copying the set registry value
# (lanmanserver still needs to be restarted when done this way)
# see: https://adsecurity.org/?p=3299 -> Disable Windows Legacy & Typically Unused Features -> Disable Net Session Enumeration (NetCease)
# constants
$key = "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\DefaultSecurity"
$name = "SrvsvcSessionInfo"
@mauronz
mauronz / userafterfree_exploit.py
Created December 22, 2019 17:06
from socket import *
import struct
controller = None
puppet = None
class ChatClient:
def __init__(self, server):
self._server = server
self._sock = socket(AF_INET, SOCK_STREAM, 0)
@StevenACoffman
StevenACoffman / goGetPrivate.md
Last active February 13, 2025 18:17 — forked from dmitshur/gist:6927554
How to `go get` private repos using SSH key auth instead of password auth.

Set GOPRIVATE to match your github organization

I keep fixing this up, but if it fails for you, check if these are better maintained https://tip.golang.org/cmd/go/#hdr-Configuration_for_downloading_non_public_code and https://golang.org/ref/mod#private-modules.

Cloning the repo using one of the below techniques should work correctly but you may still be getting an unrecognized import error.

As it stands for Go v1.13, I found in the doc that we should use the GOPRIVATE variable like so:

GOPRIVATE=github.com/ORGANISATION_OR_USER_NAME go get -u -f github.com/ORGANISATION_OR_USER_NAME/REPO_NAME

The 'go env -w' command (see 'go help env') can be used to set these variables for future go command invocations.

@icecr4ck
icecr4ck / idapython_cheatsheet.md
Last active May 4, 2025 00:07
Cheatsheet for IDAPython