Skip to content

Instantly share code, notes, and snippets.

Karan Lyons karanlyons

Block or report user

Report or block karanlyons

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@karanlyons
karanlyons / ZoomDaemon.yara
Last active Sep 14, 2019
Fixes for Zoom, RingCentral, Zhumu (and additional white labels) RCE vulnerabilities
View ZoomDaemon.yara
private rule Macho
{
meta:
description = "private rule to match Mach-O binaries (copied from Apple's XProtect)"
condition:
uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca
}
rule ZoomDaemon
{
@karanlyons
karanlyons / smuggler.py
Last active Aug 19, 2019
Burp Suite is for chumps.
View smuggler.py
#!/bin/env python3
import dataclasses
import re
import socket
import ssl as _ssl
import types
from collections import namedtuple, OrderedDict
from dataclasses import dataclass
from io import StringIO
from itertools import chain
@karanlyons
karanlyons / lazyString.ts
Last active Aug 7, 2019
Procrastinate till you evaluate.
View lazyString.ts
export type StringReturningFunction = (...args: any[]) => string;
interface LazyString extends String {}
interface LazyStringConstructor {
new <F extends StringReturningFunction>(
func: F,
...args: Parameters<F>
): LazyString;
<F extends StringReturningFunction>(func: F, ...args: Parameters<F>): string;
@karanlyons
karanlyons / format.ts
Last active Aug 6, 2019
Add translator friendly markup to translatable strings.
View format.ts
export type Formatters = { [k: string]: (s: string) => string };
export class FormatError extends Error {
constructor(
public message: string,
public str: string,
public formatters: Formatters,
public tag: string
) {
super();
@karanlyons
karanlyons / README.md
Created Sep 25, 2017
Headspace Challenge
View README.md

Headspace Challenge

Requirements

  • Python >=3.5 (compiled with sqlite3 support)
  • That’s it.
  • This may have been a bad idea.

Get Started

@karanlyons
karanlyons / payloadPack.js
Last active Jul 26, 2019
Char wise, byte foolish.
View payloadPack.js
const pack = s =>
s.match(/^[\u0000-\u00ff]*$/)
? s
.split("")
.map(s => s.charCodeAt())
.reduce(
(pairs, c) =>
(
!c || pairs[pairs.length - 1].length === 2
? pairs.push(...(c? [[c]] : [[c], []]))
@karanlyons
karanlyons / solver.py
Last active Jun 10, 2019
Why PRNGs are not the same as CSPRNGs
View solver.py
import z3
def sym_xoroshiro128plus(solver, sym_s0, sym_s1, mask, result):
s0 = sym_s0
s1 = sym_s1
sym_r = (sym_s0 + sym_s1)
condition = z3.Bool('c0x%0.16x' % result)
solver.add(z3.Implies(condition, (sym_r & mask) == result & mask))
View testcase.html
<html>
<head>
<style>
#left, #right, #test {
display: block;
z-index: 0;
}
#left {
float: left;
@karanlyons
karanlyons / partial_range_update.sql
Last active Nov 28, 2018
Postgres: Update only portion of range, preserving other half and bounds.
View partial_range_update.sql
UPDATE <TABLE> SET
<COLUMN>=<RANGE_TYPE>(
lower(<COLUMN>), -- Swap out for actual value
upper(<COLUMN>), -- Swap out for actual value
concat(
CASE WHEN lower_inc(<COLUMN>) THEN '[' ELSE '(' END,
CASE WHEN upper_inc(<COLUMN>) THEN ']' ELSE ')' END
)
)
WHERE <CONDITION>;
@karanlyons
karanlyons / xpath.js
Last active Sep 6, 2018
Poor Man’s JS XPath (With support for wildcard globbing, regex matches, and array slice notation.)
View xpath.js
var slice_re = new RegExp(/^(.*?)\[(-?\d*?)(:?)(-?\d*?)(:?)(-?\d*?)\]$/);
function xpath(path, objects) {
var selectors, selector, is_array_selector, array_components, array_components_length, array_rules, j, i, is_regex_selector, tail_path, objects_length, heap, object, matches, key, matches_length, match, array_start, array_end, array_interval, _, k;
if (!Array.isArray(objects)) {
objects = [objects];
}
selectors = path.split('.');
You can’t perform that action at this time.