tothi

# MINIMAL USB gadget setup using CONFIGFS for simulating Razer Gaming HID
# devices for triggering the vulnerable Windows Driver installer
# credits for the Windows Driver install vuln: @j0nh4t
#
# https://twitter.com/j0nh4t/status/1429049506021138437
# https://twitter.com/an0n_r0/status/1429263450748895236
#

# the script was developed & tested on Android LineageOS 18.1

LiEnby

In Adobe Flash Player versions newer than 32.0.0.344 they added a "Timebomb" for the EOL. the player would refuse to run any custom flash content after 12/01/2021, instead it would just show this

So knowing this, Lets crack it!

I acturally started looking into this before the 12/01/2021 hit, but only recently did i acturally discover a way to bypass the killswitch

(also- im aware i was not the first to do this, but i still did do it)

tyranid

Param(
    [Parameter(Mandatory, Position = 0)]
    [string]$HostDrive,
    [Parameter(Mandatory, Position = 1)]
    [string]$LocalDrive
)

# Script to map a host drive inside a Windows Docker Server Container
# You need to be an admin in the container for this to work.
# Use as .\map_host_drive C: X:

BenWoodford

All control characteristics are under Service 00001523-1212-EFDE-1523-785FEABCD124

Characteristics

Mode = 00001524-1212-EFDE-1523-785FEABCD124 (READ, WRITE, NOTIFY)

Identify = 00008421-1212-EFDE-1523-785FEABCD124 (WRITE)

Power State = 00001525-1212-EFDE-1523-785FEABCD124 (WRITE, newer firmware also had READ and NOTIFY)

typokign

Zoom Sucks

• Zoom abuses the installer flow on MacOS to bypass permissions dialogs (source)
• Zoom sends identifying device info to Facebook, even when users don't have a Facebook account (source) (fixed)
• A bug in Zoom sent identifying information (including email addresses and profile pictures) of thousands of users to strangers (source)
• Zoom claims that meetings are end-to-end encrypted in their white paper and marketing materials, but meetings are only encrypted in transit, and are available in plaintext to Zoom servers and employees. (source)
• zoomAutenticationTool can be used to escalat

gboudreau

Generating Authy passwords on other authenticators

---

*update: TBC, but this new might affect how easy it is to use this technique past August 2024: Authy is shutting down its desktop app | The 2FA app Authy will only be available on Android and iOS starting in August

---

This gist, based in part on a gist by Brian Hartvigsen, allows you to export from Authy your TOTP tokens you have stored there.
Those can be "standard" 6-digits / 30 secs tokens, or Authy's own version, the 7-digits / 10 secs tokens.

blha303

Contents

• Docs
• Setting up capture process
• Automatically generated API documentation (inaccurate)
• Script to generate API documentation

In the below documentation, all requests return { "d": something } (except the ones that don't), so everything outside of something will be omitted.

API url: https://lis.os.eidos.com/

AKosterin

import jeb.api.IScript;
import jeb.api.JebInstance;
import jeb.api.ast.*;
import jeb.api.ast.Class;
import jeb.api.dex.Dex;
import jeb.api.dex.DexCodeItem;
import jeb.api.dex.DexFieldData;
import jeb.api.dex.DexMethod;
import jeb.api.ui.JavaView;
import jeb.api.ui.View;

dosomder

// ==========================================================
// Sony Xperia SIN (Firmware flashable files) analysis
//
// Author: zxz0O0
// Started: 2014-06-05
// Notes: Numbers are big endian
// Credits: Androxyde
// ==========================================================

struct SinFile

XVilka

THIS GIST WAS MOVED TO TERMSTANDARD/COLORS REPOSITORY.

PLEASE ASK YOUR QUESTIONS OR ADD ANY SUGGESTIONS AS A REPOSITORY ISSUES OR PULL REQUESTS INSTEAD!