Skip to content

Instantly share code, notes, and snippets.

View dd404x's full-sized avatar
🎯
调焦

Fmvp dd404x

🎯
调焦
23 followers · 74 following
View GitHub Profile
@PushTheModel
PushTheModel / llm-adaptive-unicode-obsfucator-prompt.md
Last active August 4, 2025 09:24
Adaptive Unicode Obfuscation Prompt for LLMs

Adaptive Unicode Obfuscation Prompt

Version 0.1.1

🚧 Experimental & Exploratory
This prompt structure is experimental and subject to refinement.

Features

Readable but obfuscated: Preserves a degree of human interpretability while altering textual recognition.
Resistant to automated reversal: Avoids predictable structures, making de-obfuscation harder.

@PushTheModel
PushTheModel / soc-cot-tabular-reasoner.md
Last active August 13, 2025 23:56
Deep System-2 Thinking SoC CoT Tabular Reasoning Framework (prompt)

Deep System-2 Thinking SoC CoT Tabular Reasoning Framework Instructions

Version: 0.1.0

🚧 Experimental & Exploratory
This prompt structure is experimental and subject to refinement.

This document provides instructions for using the Deep System-2 Thinking stream-of-consciousness (SoC) CoT framework, designed to work with most base and reasoning models. It employs a deep, recursive chain-of-thought (CoT) process structured in tables. Each text element is tagged with a unique identifier (UID) to ensure traceability and facilitate error checking.

Overview

@h4x0r-dz
h4x0r-dz / Generic keys
Created May 5, 2022 09:15
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active March 11, 2026 09:27
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active October 4, 2025 08:06
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@Ci-Jie
Ci-Jie / k8s-coredns.md
Last active July 11, 2023 04:07

筆者最近在部署 Kubernetes 過程中,好奇每個元件究竟安裝與不安裝對 Kubernetes 造成什麼影響?CoreDNS 主要的功能之一是當 Pods 做套件更新或安裝時,可以提供 DNS Forward 功能,將請求轉發至外部進行 Domain 解析,並從正確的位址下載套件進行安裝。

本篇就聚焦在 CoreDNS 將 Pods 的請求轉發至外部 DNS Server 進行解析的運作流程。

問題描述

首先先檢視當前 Kubernetes 上運行的 Pods。

@si9int
si9int / screen.py
Created June 15, 2020 22:49
Performing screenshots on URLS given via STDIN. Chromium and Chromedriver required! Configuration infile.
#!/usr/bin/env python3
# v.0.1 - by SI9INT (https://si9int.sh)
# Chromium and chromedriver required, be sure to check if both version are the same
# `mkdir screens` to get started, script won't create the folder
import queue, threading, sys
from selenium import webdriver
from selenium.webdriver.chrome.options import Options
CHROME_PATH = '/usr/bin/chromium'
@dwisiswant0
dwisiswant0 / st8out.sh
Last active December 18, 2025 10:06
St8out - Extra one-liner for reconnaissance
#!/bin/bash
#####
#
# St8out - Extra one-liner for reconnaissance
#
# Usage: ./st8out.sh target.com
#
# Resources:
# - https://github.com/j3ssie/metabigor
@yassineaboukir
yassineaboukir / List of API endpoints & objects
Last active February 9, 2026 20:44
A list of 3203 common API endpoints and objects designed for fuzzing.
0
00
01
02
03
1
1.0
10
100
1000
@notdodo
notdodo / mashell.py
Last active October 14, 2020 05:45
Execute command using HEX or CHAR encoding. Bypass WAF and IPS filtering enabling RCE using xp_cmdshell: https://knifesec.com/evading-sql-injection-filters-to-get-rce/
#!/usr/bin/env python3
# Injector script to get a pseudo-interactive shell using xp_cmdshell
# Source post:
# Author: notdodo
# https://twitter.com/_d_0_d_o_
#
# USAGE: python3 ./mashell.py "whoami /priv"
#
import binascii
import hashlib