claui

# Copy and paste the following snippet, including brackets, into the Terminal
(
  set -e;

  cd "$(mktemp -d)"
  curl -LO 'http://www.newosxbook.com/tools/jtool2.tgz'
  tar -x -f jtool2.tgz
  lipo jtool2 -thin x86_64 -output jtool2.x86_64
  lipo disarm -thin x86_64 -output disarm.x86_64
  sudo mkdir -p /usr/local/bin

owen800q

function bytes sequence signature

arm 32

2D E9 F0 4F A3 B0 81 46 50 20 10 70 D9 F8 98 70 00 2F

arm 64

FF 03 05 D1 FC 6B 0F A9 F9 63 10 A9 F7 5B 11 A9 F5 53 12 A9 F3 7B 13 A9 08 0A 80 52 48 00 00 39 16 54 40 F9 56 07 00 B4 C8 02 40 F9 08 07 00 B4 29 20 40 A9 F3 03 02 AA

heinthanth

• [] radare2 - brew
• [] cutter (radare2) - brew cask
• [] ghidra - brew cask
• [] ida-free - brew cask
• [] nmap - brew
• [] proxychains - brew (https://gist.github.com/allenhuang/3792521)
• [] sqlmap - brew
• [] powershell - brew cask
• [] impacket scripts - git
• [] powersploit - git

onewayticket255

var SecTrustEvaluate_handle =
    Module.findExportByName('Security', 'SecTrustEvaluate');
var SecTrustEvaluateWithError_handle =
    Module.findExportByName('Security', 'SecTrustEvaluateWithError');
var SSL_CTX_set_custom_verify_handle =
    Module.findExportByName('libboringssl.dylib', 'SSL_CTX_set_custom_verify');
var SSL_get_psk_identity_handle =
    Module.findExportByName('libboringssl.dylib', 'SSL_get_psk_identity');
var boringssl_context_set_verify_mode_handle = Module.findExportByName(
    'libboringssl.dylib', 'boringssl_context_set_verify_mode');

superjamie

Reversing for Dummies

This page has migrated to:

https://superjamie.github.io/2016/04/28/reversing-for-dummies

darconeous

Tesla Key Card Protocol

Researched by Robert Quattlebaum darco@deepdarc.com.

Last updated 2020-02-03.

pich4ya

// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh): 
//  - I added extra whitelisted items to deal with the latest versions 
// 						of RootBeer/Cordova iRoot as of August 6, 2019
//  - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {

    var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",

EddiG

The main point is to save the SSL/TLS keys those used by the web browser (SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log).
In the example below we run brand new instance of Google Chrome (--user-data-dir=/tmp/tmp-google do the trick):
SSLKEYLOGFILE=/tmp/tmp-google/.ssl-key.log /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --user-data-dir=/tmp/tmp-google
Then run the Wireshark and open the Preferences -> Protocols -> SSL, where we put the path to the SSL keys log file into the (Pre)-Master-Secret log filename field.
Now all SSL/TLS traffic from this browser instance will be decrypted.

TarlogicSecurity

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

akabe1

/*  Android ssl certificate pinning bypass script for various methods
	by Maurizio Siddu
	
	Run with:
	frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause]
*/

setTimeout(function() {
	Java.perform(function() {
		console.log('');