This PoC has been moved to an actual repo here.
psifertex
/ 1_Snippet_Instructions.txt
Last active
April 9, 2024 11:10
my current collection of snippets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Welcome to Jordan's grab-bag of common Binary Ninja Snippets. | |
| These snippest are meant to run with the Binary Ninja Snippets Plugin | |
| (http://github.com/Vector35/snippets) though they can all also be pasted | |
| directly into the python console or turned into stand-alone plugins if needed. | |
| To install the entire collection at once, just install the Snippets plugin via | |
| the plugin manager (CMD/CTL-SHIFT-M), confirm the Snippet Editor works | |
| (Tool/Snippets/Snippet Editor), and unzip this bundle (Download ZIP above) into | |
| your Snippets folder. |
saelo
/ 3_years_of_attacking_javascript_engines.txt
Created
October 27, 2019 16:04
3 Years of Attacking JavaScript Engines
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| |=-----------------------------------------------------------------------=| | |
| |=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=| | |
| |=-----------------------------------------------------------------------=| | |
| |=------------------------------=[ saelo ]=------------------------------=| | |
| |=-----------------------------------------------------------------------=| | |
| The following are some brief notes about the changes that have taken place | |
| since the release of the "Attacking JavaScript Engines" paper [1]. In | |
| general, no big conceptional changes have happened since. Mitigations have | |
| been added to break some of the presented techniques and, as expected, a |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Heap Overflow Case Study: CVE-2015-3104 Proof of Concept | |
| Heap Overflow Case Study: A Deeper Look at the Bug | |
| Heap Overflow Case Study: Allocation Control. | |
| Heap Overflow Case Study: Gaining Read/Write Access to the Memory Space | |
| Heap Overflow Case Study: Defeating ASLR | |
| Heap Overflow Case Study: Gaining code execution | |
| Heap Overflow Case Study: Stack Pivoting | |
| Heap Overflow Case Study: Defeating DEP | |
| Executing Shellcode and Restoring the execution flow | |
| Sandbox Escape |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
thom-s
/ dns_amplification.py
Last active
April 11, 2024 23:31
Better understanding DNS Amplification DDoS attacks through Python and Scapy.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Imports | |
| from scapy.all import * | |
| from pprint import pprint | |
| import operator | |
| # Parameters | |
| interface = "eth0" # Interface you want to use | |
| dns_source = "local-ip" # IP of that interface | |
| dns_destination = ["ip1","ip2","ip3"] # List of DNS Server IPs |
ppmotskula
/ piactl
Last active
September 25, 2023 11:19
piactl -- install, configure and control CNIL's PIA software
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ABOUT="piactl 0.10 | |
| Copyright (c) 2018-2020 Peeter P. Mõtsküla <peeterpaul@motskula.net> | |
| https://gist.github.com/ppmotskula/4288167460de27d22225e4959c44c6c4 | |
| License: MIT License (https://opensource.org/licenses/MIT) | |
| piactl helps you to install, configure and control CNIL's PIA software | |
| (https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <configuration> | |
| <system.webServer> | |
| <handlers accessPolicy="Read, Script, Write"> | |
| <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" /> | |
| </handlers> | |
| <security> | |
| <requestFiltering> | |
| <fileExtensions> | |
| <remove fileExtension=".config" /> |
cji
/ win_vm_kerneldbg.md
Last active
April 30, 2021 13:07
Steps to successfully debug the Windows kernel between 2 VMWare VMs
Open the debugger VM's .vmx file. delete the existing serial0 lines (used for printing, not needed) add these lines:
serial0.present = "TRUE"
serial0.pipe.endPoint = "client"
serial0.fileType = "pipe"
serial0.yieldOnMsrRead = "TRUE"
serial0.tryNoRxLoss = "FALSE"
serial0.startConnected = "TRUE"
mgeeky
/ msfvenom-reverse-tcp-WaitForSingleObject.md
Last active
November 14, 2023 19:45
(OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.
Abstract
This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.
Contents:
NewerOlder