By Branden Clark - https://clark.re
spnow
/ gist:5dd19d12b866dfbc4820188e9a893fe0
Created
January 15, 2026 10:07
— forked from p5/gist:b375deb1d843a5f13c85d7aee4f44c33
SB GRYPE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ~/tmp | |
| ❯ ./syft-hb.sh ghcr.io/secureblue/silverblue-main-hardened:latest > sbom.json | |
| Downloading CPE dictionary... | |
| Downloading supplementary CPE mappings... | |
| Processing supplementary CPE mappings... | |
| Building CPE vendor lookup map... | |
| ~/tmp took 8s | |
| ❯ grype sbom.json | |
| ✔ Scanned for vulnerabilities [617 vulnerability matches] |
spnow
/ httpx-cp-responses.sh
Created
January 15, 2026 07:13
— forked from mhmdiaa/httpx-cp-responses.sh
Copy responses from httpx's output to their original file names
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat urls.txt | httpx -json -store-response -output httpx.json | |
| cat httpx.json | jq -r '"\(.stored_response_path) \(.path | ltrimstr("/"))"' | xargs -n 2 sh -c 'mkdir -p "$(dirname $2)" && cp $1 $2' sh |
spnow
/ unicode.md
Created
December 2, 2020 16:21
— forked from trietptm/unicode.md
A guide to character encoding aware development
spnow
/ resources.md
Created
December 2, 2020 16:11
— forked from trietptm/resources.md
A curated list of Assembly Language / Reversing / Malware Analysis -resources
spnow
/ SSH tunneling
Created
September 23, 2019 21:15
— forked from Jeket/ssh_tunneling.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssh -L {LOCAL_PORT}:{HOST}:{REMOTE_PORT} {REMOTE_HOST} | |
| Example | |
| ###ssh -L 3001:localhost:3001 username@host | |
spnow
/ manage-bde.wsf.txt
Created
April 4, 2018 22:37
— forked from bohops/manage-bde.wsf.txt
Abusing manage-bde.wsf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I came across an interesting Windows Script File (WSF) that has been around a while called 'manage-bde.wsf'. It may be located in SYSTEM32. | |
| Though not nearly as cool as SyncAppvPublishingServer[.com/.vbs], we can 'tamper' with manage-bde.wsf to run things in unattended ways. | |
| Here are a few examples that you may or may not find useful - | |
| 1) Replace ComSpec Variable | |
| set comspec=c:\windows\system32\calc.exe | |
| cscript manage-bde.wsf |
spnow
/ enable_bottom-up_ASLR.reg
Created
December 31, 2017 11:56
— forked from trietptm/enable_bottom-up_ASLR.reg
Enable both Mandatory ASLR *and* Bottom-up ASLR system-wide
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Windows Registry Editor Version 5.00 | |
| [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel] | |
| "MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00 | |
spnow
/ Injectable.cpp
Created
December 31, 2017 11:55
— forked from trietptm/Injectable.cpp
Simple UserMode Hook Example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| FARPROC fpCreateProcessW; | |
| BYTE bSavedByte; | |
| // Blog Post Here: | |
| // https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108 | |
| // tasklist | findstr explore.exe |
spnow
/ Get-Doppelgangers.ps1
Created
December 31, 2017 11:54
— forked from trietptm/Get-Doppelgangers.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-Doppelgangers | |
| { | |
| <# | |
| .SYNOPSIS | |
| Detects use of NTFS transactions for stealth/evasion, aka 'Process Doppelganging' | |
| Author: Joe Desimone (@dez_) | |
| License: BSD 3-Clause | |
spnow
/ Pentest-Tools-Install.sh
Created
December 31, 2017 11:52
— forked from trietptm/Pentest-Tools-Install.sh
Simple script to install the tools I most often use for pentesting.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/bash | |
| # This script sets up two directories. One in ~/tools/ which contains tools that I often use on pentests. | |
| # The other directory is in /var/www/html/ that contains tools/scripts that I often pull down from | |
| # and run on victim machines. | |
| toollist=( | |
| 'https://github.com/ilneill/Py-CiscoT7.git' | |
| 'https://github.com/rsmudge/cortana-scripts.git' | |
| 'https://github.com/CoreSecurity/impacket.git' |
NewerOlder