Skip to content

Instantly share code, notes, and snippets.

View hegzploit's full-sized avatar
😪
cat /dev/urandom

Yusuf Hegazy hegzploit

😪
cat /dev/urandom
View GitHub Profile
@osy
osy / tpm-rant.md
Last active January 13, 2025 06:55
TPM provides zero practical security

TPM provides zero practical security

TPM (Trusted Platform Module) is as useful for preventing real attackers as the TSA is at preventing real terrorists. The architecture is fundamentally flawed and most existing implementations are completely broken. I thought this argument was settled decades ago[1] when "trusted computing" was introduced mostly as a way to provide DRM and ownership capabilities to organizations. It has largely failed to impact the consumer market when it was introduced back in the early 2000s. However, recently there seems to be a movement by certain parties to reintroduce this failed product back to the market. Microsoft argues that in order to use Windows 11, you need TPM 2.0 compatible hardware because[2]:

The Trusted Platform Module(TPM) requirement ena

@matthw
matthw / asc2023quals.md
Last active July 20, 2024 16:29
ASC Wargames 2023 Quals

Amber

File is packed, drop it in unpac.me, get unpacked PE. The PE does some antidebug checks and ends up doing some RC4 decryption of the flag. If the anti debug fails, the key will be incorrect.

patch the unpacked PE with EBFE after the RC4 so it does an infinite loop:

x = bytearray(open("daa6f5823995e8ffe4fd9de4f86358ec6e0b112c38c78c36f1ae0054277e43c8", "rb").read())
x[0x162b] = 0xeb
@Ollie-Boyd
Ollie-Boyd / grayscale_dumb_smartphone.md
Last active February 15, 2025 13:31
My dumb grayscale smartphone setup (android)

Intro

This setup lets me smash sub-hour screentimes and I hope it might help you as I've spent a lot of time honing it! Let me know if you have any tips to further my setup and please share yours!

I used a Hisense A5 eink smartphone for over two years. Great phone but a horrible camera. After two years it was bettered as hell and I did miss being able to take and share to my family photographs that didn't look horrific. The eink screen had totally changed my relationship with my phone so I wanted to recreate the grayscale experience on a normal smartphone. I'm really happy with things after a couple of months.

My personal rule is to have nothing on my phone to allows me to browse social media, the internet, or video content. That includes no app-stores, and having no apps that have an in-app browser. For example with Facebook Messenger I would cheat by messaging myself a link to a website and clicking on the link to view it on the in-app browser. In this case I can use Messenger Lite instead which has n

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href=" https://cdn.jsdelivr.net/npm/tailwindcss/dist/tailwind.min.css">
<script defer src="https://cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js"></script>
<title>Challenge Maker</title>
@alexander-hanel
alexander-hanel / bn-cheat.md
Last active December 16, 2024 03:01
Cheat Sheet for Binary Ninja
@tessiof
tessiof / dbyol.org
Created June 25, 2022 18:38 — forked from no-defun-allowed/dbyol.org
Don't Build Your Own Lisp

Don’t Build Your Own Lisp

As someone who has worked on various Lisp implementations over time, as well as programmed in Lisp, C, C++, Java, and several other programming languages, I feel vaguely knowledgeable enough to give a pretty harsh review of this book. First off: God help you if you are going to write your first interpreter in C of all things. No one I know thinks it’s a good idea to start inventing a programming language, which perhaps is one of the more ill-defined and bug-prone things you can do, with an implementation in C. So the premise is already a bad

Troubleshooting

Intro

The incident management steps I have in mind when being on-call and getting an alert are:

  • Verify the issue
  • Triage
  • Communicate and scalate if needed
  • Mitigate
@dixyes
dixyes / Readme.md
Last active May 6, 2024 14:22
ASUS ROG Zephyrus G14 2022 GA402RJ pci passthrough

ASUS ROG Zephyrus G14 2022 GA402RJ pci passthrough

This is a record for my own passthrough setup, I can finally use a single laptop for windows gaming and linux programming at the same time.

The device

My G14 is GA402RJ(6800HS + 6700s) with MT7922 WiFi/BT card.

At this time, BIOS version is 309.

@liba2k
liba2k / ghidra.py
Last active November 14, 2024 21:28
Script to run Ghidra from the command line including automatic analysis and lunching Ghidra for existing projects.
#!/usr/bin/env python3
import os
import sys
import click
import subprocess
import tempfile
import itertools as IT
import select
from time import sleep
@ConnorNelson
ConnorNelson / strace_timeline.png
Last active October 24, 2022 23:59
strace timeline
strace_timeline.png