Skip to content

Instantly share code, notes, and snippets.

View maxexcloo's full-sized avatar

Max Schaefer maxexcloo

40 followers · 0 following
View GitHub Profile
@kconner
kconner / macOS Internals.md
Last active May 8, 2024 20:39
macOS Internals

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

@throwaway96
throwaway96 / crashd.md
Last active May 4, 2024 16:22
crashd instructions

News

New exploit for webOS 3.5+: DejaVuln (2024-04-21)

See dejavuln-autoroot for a simpler exploit that works on webOS 3.5+ TVs (i.e., models from 2017 and later). It is unpatched as of 2024-04-21 and does not require Developer Mode or even a network connection—just a USB drive.

Otherwise:

  • If you have a webOS 5–8 TV with old enough firmware, WTA (which does not require Dev Mode) will still work.
  • If you have a webOS 4.x TV, you can also try CVE-2023-6319, which is unpatched on the latest (final?) firmware for webOS 4.0 (2018) models.
  • While there will eventually be fully software-based exploits released for older models, they can currently be rooted via NVM.
@SMUsamaShah
SMUsamaShah / List of in-browser VMs.md
Last active April 30, 2024 13:08
List of Javascript based virtual machines running in browser
@yermulnik
yermulnik / tf_vars_sort.awk
Last active April 22, 2024 09:30
Sort Terraform (HCL) file by Resource Block Names using GNU `awk`
#!/usr/bin/env -S awk -f
# https://gist.github.com/yermulnik/7e0cf991962680d406692e1db1b551e6
# Tested with GNU Awk 5.0.1, API: 2.0 (GNU MPFR 4.0.2, GNU MP 6.2.0)
# Usage: /path/to/tf_vars_sort.awk < variables.tf | tee sorted_variables.tf
# Note: "chmod +x /path/to/tf_vars_sort.awk" before use
# No licensing; yermulnik@gmail.com, 2021-2023
{
# skip blank lines at the beginning of file
if (!resource_type && length($0) == 0) next
@glenux
glenux / Faking DNS from userland.md
Last active February 14, 2024 19:53

Faking DNS from userland

To give false DNS responses from userland we need to handle different type of syscalls : gethostbyname(), gethostbyname2(), getaddrinfo(), getnameinfo(), etc. To cover all these cases, and to prevent leaks to real dns servers, we will use two libraries : libresolv_wrapper and libnss_wrapper.

Installation

Install resolv_wrapper and nss_wrapper, either from sources or from your favorite Linux distribution.