mistymntncop

#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <windows.h>

#include "nt_crap.h"

#define ArrayCount(arr) (sizeof(arr)/sizeof(arr[0]))
#define assert(expr) if(!(expr)) { *(char*)0 = 0; }

DavidBuchanan314

"""
31-round sha256 collision.

Not my research, just a PoC script I put together with numbers plugged in from the slide at
https://twitter.com/jedisct1/status/1772647350554464448 from FSE2024

SHA256 impl follows FIPS 180-4
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
"""

saagarjha

// Sometimes you have a large file on a small disk and would like to "transform"
// it in some way: for example, by decompressing it. However, you might not have
// enough space on disk to keep both the the compressed file and the
// decompressed results. If the process can be done in a streaming fashion, it
// would be nice if the file could be "drained"; that is, the file would be
// sequentially deleted as it is consumed. At the start you'd have 100% of the
// original file, somewhere in the middle you'd have about half of the original
// file and half of your output, and by the end the original file will be gone
// and you'll be left with just the results. If you do it this way, you might
// be able to do the entire operation without extra space!

MaxBWMinRTT

Some quick notes about the CVE-2023-3079(V8 type confusion), no PoC yet.

Official patch: https://chromium-review.googlesource.com/c/v8/v8/+/4584248

Patch come from KeyedStoreIC::StoreElementHandler(), it returns fast path code(Turbofan builtin) for keyed store depends on "receiver_map" and "store_mode". Based on the content of this function is all about element STORE, I personally believe that this is an OOB writes vulnerability.

If we divide the PoC exploration into two parts based on this func, they are:

kconner

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

NyaMisty

How to Use

1. In Ghidra's Project Tool, Go to Tools -> Import Tool..., select mistyCodeBrowser.tool
2. Dragging file onto the new CodeBrowser_1 in ToolChest

coolaj86

Chat GPT "DAN" (and other "Jailbreaks")

• https://chat.openai.com/
• Is ChatGPT "DAN" Real? Gonna find out [Part 1]
  (https://www.youtube.com/watch?v=-q8woRG9FrI)
• Part 2: I thought ChatGPT DAN was a hoax, but...
  (https://www.youtube.com/watch?v=rHZRrDu3A2U&lc=UgxfrxX8aK7gnCzkend4AaABAg)

tothi

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.

kenji21

Use previous/older SDKs with Xcode

Since monterey update does not allow us to use Xcode previous than 13, let's show how to "install previous SDKs"

Needed

Swift toolchains, from https://swift.org/download/

Previous Xcode.xip, from the https://developer.apple.com

saagarjha

// To compile: clang++ -arch x86_64 -arch arm64 -std=c++20 library_injector.cpp -lbsm -lEndpointSecurity -o library_injector,
// then codesign with com.apple.developer.endpoint-security.client and run the
// program as root.

#include <EndpointSecurity/EndpointSecurity.h>
#include <algorithm>
#include <array>
#include <bsm/libbsm.h>
#include <cstdint>
#include <cstdlib>