Skip to content

Instantly share code, notes, and snippets.

Marcin Kozlowski marcinguy

Block or report user

Report or block marcinguy

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View modsecurity-vs-naxsi.md

Golden setup

ModSecurity + Modified Naxsi

Performance:

ab -n 1000 http://localhost/oauth/token
This is ApacheBench, Version 2.3 <$Revision: 1528965 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
@marcinguy
marcinguy / gist:9d42de122c06c28df83d9967da7765c2
Created Nov 23, 2019 — forked from wdormann/gist:874198c1bd29c7dd2157d9fc1d858263
List of Android apps that include libpl_droidsonroids_gif.so - potentially vulnerable to CVE-2019-11932. Sorted by install count.
View gist:9d42de122c06c28df83d9967da7765c2
This file has been truncated, but you can view the full file.
com.whatsapp 1000000000
com.lenovo.anyshare.gps 1000000000
com.instagram.android 1000000000
com.zhiliaoapp.musically 500000000
com.viber.voip 500000000
wp.wattpad 100000000
vStudio.Android.Camera360 100000000
vsin.t16_funny_photo 100000000
com.yahoo.mobile.client.android.mail 100000000
@marcinguy
marcinguy / viber-cve-2019-11932.md
Created Nov 23, 2019
Viber 11.6.0.15 - CVE-2019-11932
View viber-cve-2019-11932.md

Viber Version 11.6.0.15 - Sep 27th 2019

11-23 10:14:33.102 10721 10721 I crash_dump64: performing dump of process 10359 (target tid = 10700)
11-23 10:14:33.116 10721 10721 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
11-23 10:14:33.117 10721 10721 F DEBUG   : Build fingerprint: 'HUAWEI/VOG-L29EEA/HWVOG:9/HUAWEIVOG-L29/9.1.0.224C431:user/release-keys'
11-23 10:14:33.117 10721 10721 F DEBUG   : Revision: '0'
11-23 10:14:33.117 10721 10721 F DEBUG   : ABI: 'arm64'
11-23 10:14:33.117 10721 10721 F DEBUG   : Happend: 'Sat Nov 23 10:14:33 2019
11-23 10:14:33.117 10721 10721 F DEBUG   : '
11-23 10:14:33.117 10721 10721 F DEBUG   : SYSVMTYPE: Art
View list_safe
/* binder.c
*
* Android IPC Subsystem
*
* Copyright (C) 2007-2008 Google, Inc.
*
* This software is licensed under the terms of the GNU General Public
* License version 2, as published by the Free Software Foundation, and
* may be copied, distributed, and modified under those terms.
*
View malicious-pod.yaml
malicious-pod.yaml
::::::::::::::
apiVersion: v1
kind: Pod
metadata:
name: alpine
namespace: kube-system
spec:
containers:
- name: alpine
@marcinguy
marcinguy / check-exposed-ebs.sh
Created Aug 14, 2019
Checks for exposed EBS Snapshots
View check-exposed-ebs.sh
#!/bin/bash
#
# RUN:
# AWS_PROFILE=[profile] AWS_REGION=[region] ./check-exposed-ebs.sh
#
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --output text --query 'Account')
snapshots=$(aws ec2 describe-snapshots \
You can’t perform that action at this time.