Skip to content

Instantly share code, notes, and snippets.

View hybriz's full-sized avatar

hybriz

9 followers · 58 following
View GitHub Profile
@hybriz
hybriz / windows.h__.js
Created November 3, 2017 11:38 — forked from mallyvai/windows.h__.js
windows.h.js INFINITY
var ffi = require('ffi'),
ref = require('ref'),
Struct = require('ref-struct'),
Library = require('./Library'),
Type = ref.Type,
NULL = ref.NULL,
isNull = ref.isNull;
var groups = ['libs', 'types', 'structs', 'callbacks', 'enums'];
@hybriz
hybriz / CertTBSHash.ps1
Created November 3, 2017 01:18 — forked from mattifestation/CertTBSHash.ps1
Calculates a ToBeSigned hash of a certificate, producing the same uniquely identifying hash present in code integrity rule sets.
# Example: ls 'C:\Windows\System32\*' -Include '*.dll' | Get-AuthenticodeSignature | Select -ExpandProperty SignerCertificate | Get-TBSHash
filter Get-TBSHash {
[OutputType([String])]
param (
[Parameter(Mandatory, ValueFromPipeline)]
[Security.Cryptography.X509Certificates.X509Certificate2]
$Certificate
)
@hybriz
hybriz / grsecurity_pax_copperheados.md
Created October 3, 2017 14:54 — forked from anestisb/grsecurity_pax_copperheados.md

This is an overview of the usefulness of PaX/grsecurity features for CopperheadOS especially when taking into account the overlap of the access control features with SELinux and that the Nexus line will be entirely 64-bit ARM. Note that it's missing most of the unnamed features without configuration options tied to them. A grsecurity kernel also comes with lots of security bug fixes backported from master, adapted from lkml submissions that were ignored, etc.

Previously, CopperheadOS used ports of PaX to the 3.4 Android kernels used by the Nexus 5 and Galaxy S4. The plan was to start from there, backporting from the PaX stable patches as needed along with reimplementing the relevant pieces of grsecurity without actually applying an old patch and backporting to it.

This is no longer the case for the published releases now that devices have moved to 64-bit ARM (which is not supported by PaX / grsecurity yet) and both the PaX and grsecurity stable patches have become private. There are still PaX ports for test

@hybriz
hybriz / SerialDOS.java
Created September 24, 2017 02:53 — forked from coekie/SerialDOS.java
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.HashSet;
import java.util.Set;
// billion-laughs-style DoS for java serialization
public class SerialDOS {
@hybriz
hybriz / SerialDNSDOS.java
Created September 24, 2017 02:53 — forked from maestros/SerialDNSDOS.java
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.lang.reflect.Field;
import java.net.SocketPermission;
import java.security.SecureRandom;
import java.util.HashSet;
import java.util.Random;
@hybriz
hybriz / caenons3.md
Created September 22, 2017 11:24 — forked from Cloudxtreme/caenons3.md
Camlistore Encryption on S3

Camlistore Encryption on S3

Here's what I found out while setting up Camlistore to sync encrypted blobs to Amazon S3. This works for me, but I'm new to Camlistore so this might not be the best way to do it.

Amazon S3 Config

The encryption handler requires two buckets, one for metadata and one for blobs. In this example, I've created two buckets called my-camlistore-meta and my-camlistore-blob.