Skip to content

Instantly share code, notes, and snippets.

View rj-chap's full-sized avatar

Ryan Chapman rj-chap

114 followers · 15 following
View GitHub Profile
@rj-chap
rj-chap / clickfix-hunting_tips_and_tricks.md
Created April 7, 2026 17:28
ClickFix Hunting Tips and Tricks

Tips and tricks for hunting ClickFix

Notes from SANS Stay Ahead of Ransomware Livestream April 2026 episode :)

  1. Suggestion: Trim & strip escape characters
    • Suggest trimming + stripping escape characters and other DOSfuscation-type characters to maximize your string-based queries and avoid falling for escape character pitfalls
    • Use trim or ltrim|rtrim depending on your E/XDR
| make_a_new_field_for_me registry_data = replace(registry_data, "\"", "")
@rj-chap
rj-chap / vishing-ms_teams-tips_and_tricks.md
Last active April 22, 2026 15:53
MS Teams Vishing Tips and Tricks
@rj-chap
rj-chap / gist:b8298f9cf21352d47bb7847cec0aa435
Created June 27, 2022 17:20
keybase.md
### Keybase proof
I hereby claim:
* I am rj-chap on github.
* I am rj_chap (https://keybase.io/rj_chap) on keybase.
* I have a public key whose fingerprint is 4657 AA40 EDE1 B84C 6967 F9EF 2CDD E955 0AC6 BC26
To claim this, I am signing this object:
@rj-chap
rj-chap / gist:5a8d587aefbfd228efb02399fbb18ed2
Created July 13, 2017 04:27
keybase.md
### Keybase proof
I hereby claim:
* I am rj-chap on github.
* I am rj_chap (https://keybase.io/rj_chap) on keybase.
* I have a public key whose fingerprint is 941B 86C4 4007 0D47 ADBD 15D4 5A95 1B09 3A44 A043
To claim this, I am signing this object: