| // | |
| // PoC.m | |
| // IOSABugTrigger | |
| // | |
| // Created by Linus Henze on 2023-04-08. | |
| // Copyright © 2023 Pinauten GmbH. Some rights reserved. | |
| // | |
| // | |
| // This is a PoC for CVE-2023-28206, triggering an oob memmove in IosaColorManagerMSR8::getHDRStats_gatedContext |
| - 0a6a1c9a7f80a2a5dcced5c4c0473765.bin | |
| - 0c0195c48b6b8582fa6f6373032118da.bin | |
| - 0d5774527af6e30905317839686b449d.bin | |
| - 045ef7a39288ba1f4b8d6eca43def44f.bin | |
| - 07efb8259b42975d502a058db8a3fd21.bin | |
| - 0898af0888d8f7a9544ef56e5e16354e.bin | |
| - 08c1bce6627764c9f8c79439555c5636.bin | |
| - 09672532194b4bff5e0f7a7d782c7bf2.bin | |
| - 0dff47f3b14fb1c1bad47cc517f0581a.bin | |
| - 0fc2653b1c45f08ca0abd1eb7772e3c0.bin |
| - Threat Modelling / Code Review — | |
| Resources-for-Application-Security | |
| How to prepare for a security engineer interview by Eray Mitrani | |
| Security_Engineer_Interview_Questions by Tad Whitaker | |
| Security Engineer - Interview Questions by Namish |
| loader: | |
| project_id: 3074491541 | |
| domain: dgormiugatox.com | |
| bot: | |
| c2s: | |
| - skaiortalop.com | |
| - ijoyzymama.com | |
| - ertusaporf.com | |
| - elcapolis.com | |
| - lezhidov.cloud |
| function Test-WebAcademy-Labs-Status($sessionCookieValue){ | |
| $storageFile="$env:USERPROFILE\.webacademy-labs-status" | |
| $session = New-Object Microsoft.PowerShell.Commands.WebRequestSession | |
| $cookie = New-Object System.Net.Cookie | |
| $cookie.Name = "SessionId" | |
| $cookie.Value = $sessionCookieValue | |
| $cookie.Domain = ".portswigger.net" | |
| $session.Cookies.Add($cookie); | |
| Write-Host "[i] Status storage file: $storageFile" -ForegroundColor Cyan | |
| Write-Host "[+] Retrieving labs status from PortSwigger labs web page..." -ForegroundColor Yellow |
| from hashlib import md5, sha1 | |
| from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes | |
| from cryptography.hazmat.backends import default_backend | |
| from base64 import b64encode, b64decode | |
| import sys, time | |
| import requests | |
| DEFAULT_MASTERKEY=b'p1a2l3o4a5l6t7o8' | |
| class PanCrypt(): |
Those tips where posted between June and July 2022 on LinkedIn by Roberto Migli.
#IAM tip #1: There are 4 main types of IAM policies: Identity-based policies, resource-based policies, permissions boundaries, Organizations SCPs and Session Policies. Matt Luttrell's blog post will guide you through when and how to use them.
A list of interesting conferences for vulnerability researchers. See also: https://twitter.com/i/lists/1543557448123957249
| Name | Dates | Location | Site |
|---|---|---|---|
| OffensiveCon | 10-11/05/2024 | Berlin, Germany | https://www.offensivecon.org/ |
| t2.fi | 18-19/04/2024 | Helsinki, Finland | https://t2.fi/ |
| Zer0Con | 04-05/04/2024 | Seoul, South Korea | https://zer0con.org |
| Code Blue | 08-09/11/2023 | Tokyo, Japan | https://codeblue.jp/ |
| #!/bin/bash | |
| # Verify we have wget and build tools | |
| apt-get update && apt-get install -y wget gcc make | |
| # add or remove python versions; full index @ https://www.python.org/ftp/python/ | |
| cd /tmp &&\ | |
| wget https://www.python.org/ftp/python/3.5.10/Python-3.5.10.tgz &&\ | |
| wget https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz &&\ | |
| wget https://www.python.org/ftp/python/3.7.9/Python-3.7.9.tgz &&\ |
| #!/bin/bash | |
| ######################################################################################################### | |
| # Script to identify Log4J affected class for CVE-2021-44228 in a collection of EAR/WAR/JAR files | |
| # Based on this script: | |
| # https://github.com/righettod/toolbox-pentest-web/blob/master/scripts/identify-class-location.sh | |
| ######################################################################################################### | |
| if [ "$#" -lt 1 ]; then | |
| script_name=$(basename "$0") | |
| echo "Usage:" | |
| echo " $script_name [BASE_SEARCH_FOLDER]" |
