Skip to content

Instantly share code, notes, and snippets.

View krakankrakan's full-sized avatar
👀
Reversing Stuff

krakankrakan

👀
Reversing Stuff
3 followers · 46 following
View GitHub Profile
@guns
guns / Permissive forwarding rule leads to unintentional exposure of containers to external hosts
Created April 15, 2022 01:32
From self[at]sungpae.com Mon Nov 8 16:59:48 2021
Date: Mon, 8 Nov 2021 16:59:48 -0600
From: Sung Pae <self[at]sungpae.com>
To: security@docker.com
Subject: Permissive forwarding rule leads to unintentional exposure of
containers to external hosts
Message-ID: <YYmr4l1isfH9VQCn@SHANGRILA>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="QR1yLfEBO/zgxYVA"
@Khrob
Khrob / metal_compute.swift
Last active November 30, 2022 12:55
///
/// This is a very simple command line application to work out how
/// to just run a compute program on the Metal GPU. It's not safe,
/// and will crash without warning if anything goes wrong, but I
/// was just trying to get the bare minimum thing working.
///
/// It's based off of Apple's sample code here:
/// https://developer.apple.com/documentation/metal/basic_tasks_and_concepts/performing_calculations_on_a_gpu
/// but I converted it from Objective-C to Swift and stripped out all the OO stuff.
///
@four0four
four0four / 01-zynq-uart-exploit.md
Last active May 12, 2024 04:18
Zynq BootROM Secrets: BootROM dump exploit

Zynq BootROM Secrets: Exposing the bootROM with the UART loader

Last time I wrote about this, I lied a little - There is an interesting bug in the UART loader, and it may have been exactly why Xilinx didn't document it. In short: The UART loader writes the entire UART payload to a location in memory (nominally 0x4_0000). The ROM is architected such that when the boot mode is selected, it registers a callback that is called when the ROM wants more data from the boot device. For the UART loader, this is pretty simple - here's the whole thing:

; void uart_callback(u32 r0_offset, void* r1_dest, i32 r2_nbytes)
ROM:0000A578 PUSH            {R3,LR}
ROM:0000A57C MOV             R3, #uart_buff
ROM:0000A584 MOV             R12, #1
ROM:0000A588 LDR             R3, [R3]
@claui
claui / install_jtool2.sh
Last active May 26, 2024 10:18
How to install Jonathan Levin’s jtool2 on macOS 11.0 (Apple Silicon)
# Copy and paste the following snippet, including brackets, into the Terminal
(
set -e;
cd "$(mktemp -d)"
curl -LO 'http://www.newosxbook.com/tools/jtool2.tgz'
tar -x -f jtool2.tgz
lipo jtool2 -thin x86_64 -output jtool2.x86_64
lipo disarm -thin x86_64 -output disarm.x86_64
sudo mkdir -p /usr/local/bin
@psifertex
psifertex / 1_Snippet_Instructions.txt
Last active May 23, 2024 18:33
my current collection of snippets
Welcome to Jordan's grab-bag of common Binary Ninja Snippets.
These snippest are meant to run with the Binary Ninja Snippets Plugin
(http://github.com/Vector35/snippets) though they can all also be pasted
directly into the python console or turned into stand-alone plugins if needed.
To install the entire collection at once, just install the Snippets plugin via
the plugin manager (CMD/CTL-SHIFT-M), confirm the Snippet Editor works
(Tool/Snippets/Snippet Editor), and unzip this bundle (Download ZIP above) into
your Snippets folder.
@nstarke
nstarke / netgear-private-key-disclosure.md
Last active April 30, 2024 06:02
Netgear TLS Private Key Disclosure through Device Firmware Images

Netgear Signed TLS Cert Private Key Disclosure

Overview

There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.

These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.

The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.

@bazad
bazad / vmmap.c
Last active January 4, 2024 16:32
A simple vmmap implementation for macOS.
// Brandon Azad (@_bazad)
#include <assert.h>
#include <errno.h>
#include <mach/mach.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@mhamilt
mhamilt / metal_compute.md
Created August 23, 2019 11:00
Metal Compute Shader

Paralell Data Processing with Metal

Build Instructions

Create a Swift Command Line Tool in Xcode. You can then copy and paste the below code into the .swift and .metal files respectively

Source

main.swift

@pich4ya
pich4ya / root_bypass.js
Created August 5, 2019 20:14
Bypass Android Root Detection / Bypass RootBeer - August 2019
// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh):
// - I added extra whitelisted items to deal with the latest versions
// of RootBeer/Cordova iRoot as of August 6, 2019
// - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
@susam
susam / vectors.md
Last active January 22, 2024 05:10

Recon and Attack Vectors from My Logs

This document contains excerpts from my web server logs collected over a period of 7 years that shows various kinds of recon and attack vectors.

There were a total of 37.2 million lines of logs out of which 1.1 million unique HTTP requests (Method + URI) were found.

$ sed 's/^.* - - \[.*\] "\(.*\) HTTP\/.*" .*/\1/' access.log &gt; requests.txt