Skip to content

Instantly share code, notes, and snippets.

View hegzploit's full-sized avatar
cat /dev/urandom

Yusuf Hegazy hegzploit

cat /dev/urandom
View GitHub Profile
osy /
Last active April 14, 2024 06:02
TPM provides zero practical security

TPM provides zero practical security

TPM (Trusted Platform Module) is as useful for preventing real attackers as the TSA is at preventing real terrorists. The architecture is fundamentally flawed and most existing implementations are completely broken. I thought this argument was settled decades ago[1] when "trusted computing" was introduced mostly as a way to provide DRM and ownership capabilities to organizations. It has largely failed to impact the consumer market when it was introduced back in the early 2000s. However, recently there seems to be a movement by certain parties to reintroduce this failed product back to the market. Microsoft argues that in order to use Windows 11, you need TPM 2.0 compatible hardware because[2]:

The Trusted Platform Module(TPM) requirement ena

matthw /
Last active August 26, 2023 21:58
ASC Wargames 2023 Quals


File is packed, drop it in, get unpacked PE. The PE does some antidebug checks and ends up doing some RC4 decryption of the flag. If the anti debug fails, the key will be incorrect.

patch the unpacked PE with EBFE after the RC4 so it does an infinite loop:

x = bytearray(open("daa6f5823995e8ffe4fd9de4f86358ec6e0b112c38c78c36f1ae0054277e43c8", "rb").read())
x[0x162b] = 0xeb
<!DOCTYPE html>
<html lang="en">
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="">
<script defer src=""></script>
<title>Challenge Maker</title>
alexander-hanel /
Last active May 17, 2024 23:07
Cheat Sheet for Binary Ninja
tessiof /
Created June 25, 2022 18:38 — forked from no-defun-allowed/
Don't Build Your Own Lisp

Don’t Build Your Own Lisp

As someone who has worked on various Lisp implementations over time, as well as programmed in Lisp, C, C++, Java, and several other programming languages, I feel vaguely knowledgeable enough to give a pretty harsh review of this book. First off: God help you if you are going to write your first interpreter in C of all things. No one I know thinks it’s a good idea to start inventing a programming language, which perhaps is one of the more ill-defined and bug-prone things you can do, with an implementation in C. So the premise is already a bad



The incident management steps I have in mind when being on-call and getting an alert are:

  • Verify the issue
  • Triage
  • Communicate and scalate if needed
  • Mitigate
dixyes /
Last active May 6, 2024 14:22
ASUS ROG Zephyrus G14 2022 GA402RJ pci passthrough

ASUS ROG Zephyrus G14 2022 GA402RJ pci passthrough

This is a record for my own passthrough setup, I can finally use a single laptop for windows gaming and linux programming at the same time.

The device

My G14 is GA402RJ(6800HS + 6700s) with MT7922 WiFi/BT card.

At this time, BIOS version is 309.

liba2k /
Last active April 6, 2024 04:21
Script to run Ghidra from the command line including automatic analysis and lunching Ghidra for existing projects.
#!/usr/bin/env python3
import os
import sys
import click
import subprocess
import tempfile
import itertools as IT
import select
from time import sleep
ConnorNelson / strace_timeline.png
Last active October 24, 2022 23:59
strace timeline