Skip to content

Instantly share code, notes, and snippets.

View minhtt159's full-sized avatar

Minh Trần minhtt159

27 followers · 25 following
View GitHub Profile
@bnhf
bnhf / README.md
Last active April 15, 2024 08:00
Tailscale - Deploying with Docker and Portainer

Just thought I'd put together some detail on deploying Tailscale using Docker and Portainer. These bits-and-pieces are available elsewhere, but not together, so hopefully this will save someone a bit of time if you'd like to add Tailscale to an existing Docker install:

Here's my annotated recommended docker-compose, to use with Portainer-Stacks. Note that I'm not using a pre-made Auth Key. I started that way, but realized it was very easy to simply check the Portainer log for the tailscaled container once the stack is running. In that log you'll see the standard Auth link that you can use to authorize the container. This way you don't need to create a key in advance, or create a reusable key that introduces a security risk:

version: '3.9'
services:
  tailscale:
    image: tailscale/tailscale
    container_name: tailscaled
@jhftss
jhftss / bindiff_symbolization.py
Last active March 16, 2022 18:17
symbolization using the bindiff results
# From the "Matched Functions" window of the bindiff plugin:
# right click, copy all, and then paste to a bindiff_result.txt
with open('/path/to/bindiff_result.txt', 'r') as file:
file.readline() # skip header line
for line in file.readlines():
sp = line.split('\t')
if len(sp) == 18:
similarity = float(sp[0])
confidence = float(sp[1])
addr = int(sp[3], 16)
@0x36
0x36 / oob_events.c
Created November 5, 2020 23:16
IOAccelContext2::finish_fence_event() race condition OOB read/write
#if 0
IOAccelContext2::finish_fence_event() race condition OOB read/write
This is a method exposed to user space, it takes a kernel read-only shared memory
(type 2 via clientMemoryForType()) address and treats it as an IOAccelEvents Array.
The user supplied index is checked against the IOAccelEvents array bounds,since there are no
locks held in this method,it is possible to change the array bounds by calling
IOAccelContext2::clientMemoryForType() again in a separate thread, this will expand the size by
multiplying the older size by 2, but we still have a reference to the old shared memory address
@slykar
slykar / docker-compose-hackintosh.md
Last active April 23, 2024 20:49
Docker and Docker Compose on AMD OSX Hackintosh via Docker Machine

Introduction

Docker.app will complain about incompatible processor, so we will use Docker Machine.

Instalation

Download Docker for Mac (Docker.app). It contains some binaries that are necessary.

brew install virtualbox docker-machine
@PsychoTea
PsychoTea / PanicParser.py
Last active June 11, 2023 19:54
A collection of useful iOS-related scripts
import sys
import json
import re
kslide = 0x0
if len(sys.argv) < 2:
print("Usage: PanicParser.py [file path]")
exit()
@0x36
0x36 / afuu.c
Created November 22, 2019 11:02
AppleFirmwareUpdateKext::loadFirmware() : Missing lock leads to double object release
#if 0
// Fixed in iOS 13.1 with CVE-2019-8747
__thiscall
AppleFirmwareUpdateKext::loadFirmware
(AppleFirmwareUpdateKext *this,IOMemoryDescriptor *Memory,void *off_0x10,uint off_0x18)
{
uint uVar1;
byte addr;
byte len;
@saelo
saelo / writeup.md
Last active February 21, 2023 14:37
Writeup for the "Dezhou Instrumentz" challenge from the Real World CTF Qualifier 2019

Dezhou Instrumentz

The challenge consisted of an iOS app (Calc.app) which implemented a simple calculator. Moreover, the app also registered a custom URL scheme (icalc://) which would simply evaluate the content of the URL. The calculator was implemented using NSExpressions and the input string would simply be parsed as such an expression and executed. NSExpressions are pretty powerful and allow for example calls to ObjC Methods (e.q. typing in sqrt(42) would end up calling +[_NSPredicateUtilities sqrt:@42]). Further, there are two interesting helper functions available in NSExpressions:

FUNCTION(obj, 'foo', "bar")

Which will result in a call of the method 'foo' on object obj with parameter "bar" (an NSString).

@knightsc
knightsc / inject.c
Last active March 19, 2024 01:14
An example of how to inject code to call dlopen and load a dylib into a remote mach task. Tested on 10.13.6 and 10.14.3
#include <dlfcn.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <mach/mach.h>
#include <mach/error.h>
#include <errno.h>
#include <stdlib.h>
#include <sys/sysctl.h>
#include <sys/mman.h>
@svx
svx / delete-evicted-pods-all-namespaces.sh
Created August 15, 2018 12:45 — forked from psxvoid/delete-evicted-pods-all-namespaces.sh
Delete evicted pods from all namespaces (also ImagePullBackOff and ErrImagePull)
#!/bin/sh
# based on https://gist.github.com/ipedrazas/9c622404fb41f2343a0db85b3821275d
# delete all evicted pods from all namespaces
kubectl get pods --all-namespaces | grep Evicted | awk '{print $2 " --namespace=" $1}' | xargs kubectl delete pod
# delete all containers in ImagePullBackOff state from all namespaces
kubectl get pods --all-namespaces | grep 'ImagePullBackOff' | awk '{print $2 " --namespace=" $1}' | xargs kubectl delete pod
# delete all containers in ImagePullBackOff or ErrImagePull or Evicted state from all namespaces
@masklinn
masklinn / cheatsheet.md
Last active March 24, 2024 09:21
launchctl/launchd cheat sheet

I've never had great understanding of launchctl but the deprecation of the old commands with launchctl 2 (10.10) has been terrible as all resources only cover the old commands, and documentation for Apple utilities is generally disgracefully bad, with launchctl not dissembling.

Mad props to https://babodee.wordpress.com/2016/04/09/launchctl-2-0-syntax/ which contains most details

domains

Internally, launchd has several domains, but launchctl 1 would only ask for service names,