Skip to content

Instantly share code, notes, and snippets.

View jpluimers's full-sized avatar

Jeroen Wiert Pluimers jpluimers

  • Amsterdam, The Netherlands
View GitHub Profile
jpluimers / log.txt
Created April 2, 2024 15:11
Screenshot from Testing the XZ Utils backdoor kill switch (yolAbejyiejuvnup=Evjtgvsh5okmkAvj) this string stop the backdoor, so it won't hooking into RSA_public_decrypt() function.
detection@detection:~/Desktop$ time env -i LC_LANG=C LD_PRELOAD=/usr/lib/x86_64-linux-gnu/ /usr/sbin/sshd -h
option requires an argument -- h
OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
usage: sshd [-46DdeiqTt] [-C connection_spec] [c host_cert_file]
[-E log file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-o option] [-p port] [-u len]
real 0m0,162s
user 0m0,161s
sys 0m0,000s
detection@detection:~/Desktop$ time env -i LC_LANG=C yolAbejyiejuvnup=Evjtgvsh5okmkAvj LD_PRELOAD=/usr/lib/x86_64-linux-gnu/ /usr/sbin/sshd -h
jpluimers / XZ Backdoor Analysis
Created March 31, 2024 20:24 — forked from smx-smx/XZ Backdoor Analysis
[WIP] XZ Backdoor Analysis and symbol mapping
XZ Backdoor symbol deobfuscation. Updated as i make progress
jpluimers /
Created March 20, 2024 12:14 — forked from simahawk/
python icecast source streamer
# -*- coding: utf-8 -*-
# Inspired by
import click
import os
import shouty
import sys
import logging
logger = logging.getLogger('[broadcaster]')
jpluimers / BOA.TXT
Created March 17, 2024 19:37
Root directory files from (MD5 hash of BC4BOA.ZIP: ef331d49370ebe508f7301d5916c40a6; SHA1 hash of BC4BOA.ZIP: 089a5fad1169ba5f815f6aaec0d052aa4eecfa97; SHA256 hash of BC4BOA.ZIP: f0035eb5932ea065eff1d36af7940dd7bf882e721c5b41318d4337fa8cd3ef31; SHA512 hash of BC4BOA.ZIP: c2f633…
jpluimers /
Last active March 15, 2024 15:02
URLs voor NPO radio sites, miniplayers, track API endpoints, mp3/aac streams en meer

URLs voor NPO

Er is een GraphQL API die vanuit elke mini-player wordt gebruikt:

Elke track vanuit de mini-player geeft ook een call naar een player API url als deze:

Het lijkt erop dat http gebaseerde icecast streams in Google Chrome vanzelf gaan afspelen, maar https gebaseerde streams niet:

Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
<!-- Copyright (C) Microsoft Corporation. All rights reserved. -->
<!DOCTYPE html>
<html dir="ltr" class="" lang="en">
<title>Sign in to your account</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
jpluimers / AccCheckConsole.txt
Created February 28, 2024 19:15 — forked from bohops/AccCheckConsole.txt
AccChecker LOLBIN [AccCheckConsole.exe]
- UI Accessibility Checker
- Verifies UI accessibility requirements
*LOLBIN Functionality/Steps
1) Go to "Custom Verification Routines" link in reference section and copy the sample verification C# code into Visual Studio.
2) Add proper assembly references (e.g. AccCheck.dll)
3) Insert your C# code under a target method such as Execute()
4) Compile to a .NET managed library (DLL)
5) Invoke the code
export const getThumbnail = (id, size = 300) =>
export const getIcon = (mimeType) =>
export const getFile = (id) => `${id}`;
const downloadFile = (id) =>