- Doesn't validate signature? → Forge arbitrary JWTs
- Acts on data in payload before validating signature? → Forge arbitrary JWTs
- Doesn't validate signature algorithm? → Forge JWT with algorithm
"none"
- Doesn't validate key↔algorithm match? → Create
HS256
signature signed with expected public key - Doesn't validate audience? → Trick victim to sign in to evil app, then use creds to auth to vulnerable app as victim
- Doesn't validate issuer? → Use JWT for one tenant to authenticate to a different tenant
- Doesn't validate nonce? → Replay attack
- Doesn't validate nonce/state against original sent value? → CSRF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import ctypes, sys | |
from ctypes import windll, wintypes | |
from uuid import UUID | |
class GUID(ctypes.Structure): # [1] | |
_fields_ = [ | |
("Data1", wintypes.DWORD), | |
("Data2", wintypes.WORD), | |
("Data3", wintypes.WORD), | |
("Data4", wintypes.BYTE * 8) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$setProxy = { | |
param($proxy) | |
Set-Location 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' | |
Set-ItemProperty . ProxyServer $proxy | |
Set-ItemProperty . ProxyOverride '<local>' | |
Set-ItemProperty . ProxyEnable 1 | |
} | |
# You can run $setProxy as another user like so: | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Add-EnvPath { | |
param( | |
[Parameter(Mandatory=$true)] | |
[string] $Path, | |
[ValidateSet('Machine', 'User', 'Session')] | |
[string] $Container = 'Session' | |
) | |
if ($Container -ne 'Session') { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public interface IKeyValueStore | |
{ | |
T Read<T>(string key); | |
void Write<T>(string key, T value); | |
} | |
public class RegistryKeyValueStore : IKeyValueStore | |
{ | |
readonly RegistryHive _hive; | |
readonly string _regPath; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git config --global --replace-all --type=bool push.autoSetupRemote true | |
git config --global --type=bool rebase.autoStash true | |
git config --global --type=bool rebase.updateRefs true | |
git config --global core.autocrlf input | |
git config --global core.commentChar auto | |
git config --global init.defaultBranch main | |
git config --global pull.ff only | |
git config --global oh-my-zsh.hide-info 1 | |
git config --global alias.ca 'commit --amend --no-edit' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
objs = new Set | |
nameToObj = new Map | |
function t(obj) { | |
if (!obj || objs.has(obj) || typeof obj !== 'object') { return } | |
if (obj.nodeName === 'IFRAME') { return } // iframe descendants can cause security errors | |
objs.add(obj) | |
let proto = Object.getPrototypeOf(obj) | |
let name = (obj.constructor && obj.constructor.name) || (proto && proto.constructor && proto.constructor.name) | |
if (!nameToObj.has(name)) { nameToObj.set(name, []) } | |
nameToObj.get(name).push(obj) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
^!r::Reload | |
RunOrRaise(caption) { | |
r := ComObjGet("winmgmts:") | |
.ExecQuery("SELECT Handle FROM Win32_Process WHERE Caption='" . caption . "'") | |
If r._NewEnum()[proc] | |
{ | |
;WinGet, windows, list | |
;Loop, %windows% |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Moved to: https://github.com/mkropat/todomvc-tagsjs/blob/main/lib/store.js |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
" Pattern 1: | |
" | |
" * Operate over a whole file: :call ConvertFile() | |
" * Or operate over a selection: :'<,'>call ConvertLine() | |
" * Supports the same :s// and normal commands you regularly use in Vim | |
" * So minimal Vim Script knowledge needed | |
function! ConvertFile() | |
%global/^/call ConvertLine() | |
endfunction |
NewerOlder