Skip to content

Instantly share code, notes, and snippets.

View hegzploit's full-sized avatar
😪
cat /dev/urandom

Yusuf Hegazy hegzploit

😪
cat /dev/urandom
View GitHub Profile
@osy
osy / tpm-rant.md
Last active December 10, 2024 18:59
TPM provides zero practical security

TPM provides zero practical security

TPM (Trusted Platform Module) is as useful for preventing real attackers as the TSA is at preventing real terrorists. The architecture is fundamentally flawed and most existing implementations are completely broken. I thought this argument was settled decades ago[1] when "trusted computing" was introduced mostly as a way to provide DRM and ownership capabilities to organizations. It has largely failed to impact the consumer market when it was introduced back in the early 2000s. However, recently there seems to be a movement by certain parties to reintroduce this failed product back to the market. Microsoft argues that in order to use Windows 11, you need TPM 2.0 compatible hardware because[2]:

The Trusted Platform Module(TPM) requirement ena

@matthw
matthw / asc2023quals.md
Last active July 20, 2024 16:29
ASC Wargames 2023 Quals

Amber

File is packed, drop it in unpac.me, get unpacked PE. The PE does some antidebug checks and ends up doing some RC4 decryption of the flag. If the anti debug fails, the key will be incorrect.

patch the unpacked PE with EBFE after the RC4 so it does an infinite loop:

x = bytearray(open("daa6f5823995e8ffe4fd9de4f86358ec6e0b112c38c78c36f1ae0054277e43c8", "rb").read())
x[0x162b] = 0xeb
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href=" https://cdn.jsdelivr.net/npm/tailwindcss/dist/tailwind.min.css">
<script defer src="https://cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js"></script>
<title>Challenge Maker</title>
@alexander-hanel
alexander-hanel / bn-cheat.md
Last active December 16, 2024 03:01
Cheat Sheet for Binary Ninja
@tessiof
tessiof / dbyol.org
Created June 25, 2022 18:38 — forked from no-defun-allowed/dbyol.org
Don't Build Your Own Lisp

Don’t Build Your Own Lisp

As someone who has worked on various Lisp implementations over time, as well as programmed in Lisp, C, C++, Java, and several other programming languages, I feel vaguely knowledgeable enough to give a pretty harsh review of this book. First off: God help you if you are going to write your first interpreter in C of all things. No one I know thinks it’s a good idea to start inventing a programming language, which perhaps is one of the more ill-defined and bug-prone things you can do, with an implementation in C. So the premise is already a bad

Troubleshooting

Intro

The incident management steps I have in mind when being on-call and getting an alert are:

  • Verify the issue
  • Triage
  • Communicate and scalate if needed
  • Mitigate
@dixyes
dixyes / Readme.md
Last active May 6, 2024 14:22
ASUS ROG Zephyrus G14 2022 GA402RJ pci passthrough

ASUS ROG Zephyrus G14 2022 GA402RJ pci passthrough

This is a record for my own passthrough setup, I can finally use a single laptop for windows gaming and linux programming at the same time.

The device

My G14 is GA402RJ(6800HS + 6700s) with MT7922 WiFi/BT card.

At this time, BIOS version is 309.

@liba2k
liba2k / ghidra.py
Last active November 14, 2024 21:28
Script to run Ghidra from the command line including automatic analysis and lunching Ghidra for existing projects.
#!/usr/bin/env python3
import os
import sys
import click
import subprocess
import tempfile
import itertools as IT
import select
from time import sleep
@ConnorNelson
ConnorNelson / strace_timeline.png
Last active October 24, 2022 23:59
strace timeline
strace_timeline.png