davidgyoung

// To compile this program, you need to install:
//   sudo apt-get install libbluetooth-dev
// Then you can compile it with:
//   cc scanner.c -lbluetooth -o scanner
// You can then run it with:
//   ./scanner

// Copyright (c) 2021 David G. Young
// Copyright (c) 2015 Damian Kołakowski. All rights reserved.
// License: BSD 3.  See: https://github.com/davidgyoung/ble-scanner

kabute

# This (Istio) Envoy filter will automatically add the 
# recommended HTTP Security headers - https://securityheaders.com/
#
# Just: kubectl apply -f istio-security-by-default-header-filter.yaml
#
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: security-by-default-header-filter
  namespace: istio-system

jdbcode

Balastrong

# These aliases have been collected and shown in the making of this video, explaining how to set up and use git alises
# Source: https://youtu.be/Uk4GnYoQx_I

[alias]
	# Shortcuts
	ch = checkout
	br = branch
	st = status
	br = branch
	cm = commit -m

tsukumijima

/* ==UserStyle==
@name			TwitterRevertColoring
@description	Twitter の UI の配色を元に戻すユーザースタイル
@namespace		https://gist.github.com/tsukumijima
@updateURL		https://gist.github.com/tsukumijima/931905c4ed3f181ce926730463a29d80/raw/TwitterRevertColoring.user.css
@author			tsukumi
@version		1.3.9
@license		MIT
==/UserStyle== */

terjanq

A TL;DR solution to Security Driven by @terjanq

For this year's Google CTF, I prepared a challenge that is based on a real-world vulnerability. The challenge wasn't solved by any team during the competition so here is the proof that the challenge was in fact solvable! :)

• Link to the challenge: https://capturetheflag.withgoogle.com/challenges/web-security-driven
• Link to the PoC: https://github.com/google/google-ctf/tree/master/2021/quals/web-security-driven/solution

The goal of the challenge was to send a malicious file to the admin and leak their file with a flag. The ID of the file was embedded into the challenge description (/file?id=133711377731) and only admin had access to it, because the file was private.

Disclamer: The write-up is written on airplane therefore the quality of it is poor, mostly to showcase the required steps to solve the challenge

GabrielFreeze

#include <stdio.h>
#include <stdint.h>

int main() {
    uint64_t idx[766]={0x061861861861861c,0x0658618618618618,0x0199615280482483,0x025940a1d2045485,0x005205954a112192,0x001205209954a012,0x061861861861854a,
    0x0618618618618618,0x06186187162806d8,0x0618618618618618,0x0242480119618618,0x005224205940a012,0x02030993ca0920c0,0x00592ca212180092,0x034a1d2086052009,
    0x044a0520464891d9,0x061854a012192259,0x0618618618618618,0x02806d8618618618,0x0618618618618716,0x0658618618618618,0x0481655280481481,0x0480001655280481,
    0x018905944a012147,0x005938a0d2045052,0x04ca0920820520c6,0x054a012002489099,0x0615280481481658,0x0618618618618618,0x02806d8618618618,0x07de561b2cae2556,
    0x065882398a7639ec,0x0658615280482480,0x0288484181480002,0x02804830d20c564d,0x054a012112099610,0x0618618618618618,0x06d8618618618618,0x0b249a954f556280,
    0x0ae5aebb28b6aae7,0x054a012152019618,0x0651280489252099,0x04ca092107052204,0x0102486081487099,0x02014840521d93ca,0x001205209961854a,0x054a01205205954a,

agbishara

<?php
//src: http://stackoverflow.com/questions/10334753/how-to-send-an-email-with-a-csv-attachment-from-a-string  
//mysql user variables
 $mysqli = new mysqli("localhost", "user", "password", "database");

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

galiazzi

<?php

use Doctrine\ORM\Query\AST\Functions\FunctionNode;
use Doctrine\ORM\Query\Lexer;
use Doctrine\ORM\Query\Parser;
use Doctrine\ORM\Query\SqlWalker;

class Cast extends FunctionNode
{
    private $expr1;

JGrossholtz

#include <stdio.h>
#include <unistd.h>
#include <modbus.h>
#include <string.h>
#include <errno.h>
#include <sys/ioctl.h>
#include <linux/serial.h>
#include <asm/ioctls.h>

#define NB_REGS 2