Skip to content

Instantly share code, notes, and snippets.

@Zenexer
Zenexer / Firefox config.txt
Last active Feb 25, 2020
Fix Firefox's smooth scrolling to have the same snappy feel as Chrome, as well as some other tweaks.
View Firefox config.txt
# Apply these in about:config.
# Fix Firefox's smooth scrolling to have the same snappy feel as Chrome
general.smoothScroll.mouseWheel.durationMaxMS = 200
general.smoothScroll.mouseWheel.durationMinMS = 100
# Disable Pocket
extensions.pocket.enabled = false
# Enable ESNI and DoH
View 2018-02-12 CoreText crash fix.regex
{
(?#
# Adapted for PHP by Paul Buonopane
# Based heavily on the following works:
# - https://manishearth.github.io/blog/2018/02/15/picking-apart-the-crashing-ios-string/
# - https://github.com/hackbunny/viramarama
#
# This PHP regex will match any string that contains Indic character
# combinations known to crash many iOS applications as of 11.2.5 and certain
# macOS applications as of 10.13.3.
View Fix for Ubuntu 17.10 on WSL.md

Upgrading to Ubuntu 17.10 on WSL

Note: This workaround is no longer necessary in Windows 10 Insider build 17046 and later. As of 2018-02-07, the patch hasn't yet made it to stable.

  1. Upgrade with do-release-upgrade, as you normally would. It will error out and leave your system in a partially upgraded state.
  2. Close all WSL terminals and ensure that all WSL processes have terminated
  3. Run as a normal user (not root): wget -O - https://gist.githubusercontent.com/Zenexer/10bc12fa5c99848b4b2150184f6beee5/raw/ubuntu-fix.sh | sh -s
  4. Answer any prompts (sudo password, version disambiguation)
  5. If there are errors, resolve them and re-run the script. It is idempotent, meaning that it is safe to run any number of times, even if it only partially completes.
View bash.preinst.sh
#!/bin/sh
set -e
backup() {
if exists "$1"; then
cp -dp "$1" "$2" || return $?
fi
return 0
}
@Zenexer
Zenexer / Parsec vuln 140-1 CSRF.md
Last active Feb 15, 2018
Parsec CSRF vulnerability in version 140-1 and prior
View Parsec vuln 140-1 CSRF.md
@Zenexer
Zenexer / shadowbrokers.aREADME.md
Last active Apr 15, 2017
Technical observations from the Shadow Brokers leak
View shadowbrokers.aREADME.md

What is this?

These are portions of JSON responses from Yandex while browsing the latest Shadow Brokers leak. They include information about the uploads that isn't necessarily visible or easy to access from the web interface.

Observations

  1. The leak was released shortly after a Patch Tuesday and at the start of a holiday weekend.
  2. Uploader's account name: yurishitova
    1. The account doesn't show up anywhere else; it was likely created specifically for this purpose.
  3. My guess is that the name can be broken up into two words:
@Zenexer
Zenexer / escapeshellrce.md
Last active Mar 15, 2021
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure
View escapeshellrce.md

Paul Buonopane paul@namepros.com at NamePros
PGP: https://keybase.io/zenexer

I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.

This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.

This advisory does not yet have associated CVE identifiers.

Summary

View escapetest.c
// Compile with -std=c11
#include <stdlib.h>
#include <stdarg.h>
#include <stdio.h>
#include <inttypes.h>
#include <string.h>
#include <limits.h>
#define MAX_STR_LEN 4095
View passgen.py
# Moved: https://github.com/Zenexer/passgen