Skip to content

Instantly share code, notes, and snippets.

View richinseattle's full-sized avatar

richinseattle

259 followers · 27 following
View GitHub Profile
@richinseattle
richinseattle / grsec-debian-digitalocean.md
Created November 3, 2015 15:25 — forked from ageis/grsec-debian-digitalocean.md

Building a grsec-patched Linux kernel for Debian 8 and DigitalOcean

It's possible to run a custom (instead of hypervisor-managed) kernel for use with Debian 8.x on a DigitalOcean droplet.

We'll build one with grsecurity, "an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening".

Note: The stable patches for Linux 3.14.x and 3.2.x are not publicly available anymore, so we'll be applying the free 4.2.x (test) patch. The URLs and filenames in this document may become outdated, so fetch the latest from grsecurity.net and kernel.org.

Install dependencies:

@richinseattle
richinseattle / windows10qemu.sh
Created May 20, 2017 01:41 — forked from Manouchehri/windows10qemu.sh
Running Windows 10 in a UEFI enabled QEMU environment with KVM.
# Installing
qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 2048 -cdrom ~/Downloads/Win10_English_x64.iso -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -drive file=~/Downloads/virtio-win-0.1.105.iso,index=1,media=cdrom
# Running
qemu-system-x86_64 -bios /usr/share/ovmf/ovmf_x64.bin -enable-kvm -cpu host -smp 4 -m 4096 -net nic,model=virtio -net user -drive file=~/vm/win10.hd.img.raw,format=raw,if=virtio -vga qxl -usbdevice tablet -rtc base=utc
@richinseattle
richinseattle / smbloris.c
Created August 3, 2017 21:11 — forked from marcan/smbloris.c
SMBLoris attack proof of concept
/* SMBLoris attack proof-of-concept
*
* Copyright 2017 Hector Martin "marcan" <marcan@marcan.st>
*
* Licensed under the terms of the 2-clause BSD license.
*
* This is a proof of concept of a publicly disclosed vulnerability.
* Please do not go around randomly DoSing people with it.
*
* Tips: do not use your local IP as source, or if you do, use iptables to block
@richinseattle
richinseattle / CVE-2012-nvidia-root.c
Last active August 3, 2017 21:19 — forked from zyxar/nvidia.c
nvidia bomb?
/* Anonymous
*
* How to use: sudo rm -rf /
*
* greetz: djrbliss, kad, Ac1dB1tch3z, nVidia!
*
* Only complete fix patch nvidia drivers and redefine
* IS_BLACKLISTED_REG_OFFSET:
#define IS_BLACKLISTED_REG_OFFSET(nv, offset, length) 1
@richinseattle
richinseattle / web-servers.md
Created November 12, 2017 12:00 — forked from willurd/web-servers.md
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@richinseattle
richinseattle / install-api.py
Created December 4, 2017 00:22 — forked from withzombies/install-api.py
Install the Binary Ninja Python API
#!/usr/bin/env python
import os
import sys
import os.path
import site
try:
import binaryninja
print "Binary Ninja API Installed"
@richinseattle
richinseattle / TrustedHashes.csv
Created December 22, 2017 00:48 — forked from mattifestation/TrustedHashes.csv
All catalog hashes extracted from a mounted install.wim from en_windows_10_multi-edition_vl_version_1709_updated_sept_2017_x64_dvd_100090741.iso
We can't make this file beautiful and searchable because it's too large.
"Algorithm","Hash","CatalogPath","Hint"
"SHA256","71A0AEC9941BA21780C3BED570AEAF3BC5B9473BB6662F7CAF194F33C0E1B918","C:\Windows\InfusedApps\Frameworks\Microsoft.Advertising.Xaml_10.1705.4.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat",
"SHA256","F5EEEC38876E48617643A9E735A30B9EC3D08D77075CD81F239A15626E3F7DD5","C:\Windows\InfusedApps\Frameworks\Microsoft.Advertising.Xaml_10.1705.4.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat",
"SHA256","4BA33EC224E42FC929BA6487041C2C4275C5BCA66CD89471A09BC7F522A5661F","C:\Windows\InfusedApps\Frameworks\Microsoft.Advertising.Xaml_10.1705.4.0_x86__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat",
"SHA256","71A0AEC9941BA21780C3BED570AEAF3BC5B9473BB6662F7CAF194F33C0E1B918","C:\Windows\InfusedApps\Frameworks\Microsoft.Advertising.Xaml_10.1705.4.0_x86__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat",
"SHA256","29DC48FD41061B58DE61060BA568C5B5C25328B454E84F5FD5C33310E9A501D8","C:\Windows\InfusedApps\Frameworks\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe
@richinseattle
richinseattle / semtex.c
Created January 4, 2018 05:32 — forked from Nyangawa/semtex.c
semtex.c
/*
* linux 2.6.37-3.x.x x86_64, ~100 LOC
* gcc-4.6 -O2 semtex.c && ./a.out
* 2010 sd@fucksheep.org, salut!
*
* update may 2013:
* seems like centos 2.6.32 backported the perf bug, lol.
* jewgold to 115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g if you insist.
*/
@richinseattle
richinseattle / hax.c
Created January 4, 2018 05:33 — forked from katlogic/hax.c
//
// CVE-2006-0741 reloaded
// CVE-2014-4699 actually
// kat@lua.cz
//
#define _GNU_SOURCE
#include <sched.h>
#include <stdlib.h>
#include <sys/ptrace.h>
@richinseattle
richinseattle / peb.c
Created January 5, 2018 04:01 — forked from Wack0/peb.c
Getting a pointer to the PEB in C, for every architecture that NT was ported to (where at least one build of the port was leaked/released)
// Gets a pointer to the PEB for x86, x64, ARM, ARM64, IA64, Alpha AXP, MIPS, and PowerPC.
// This relies on MS-compiler intrinsics.
// It has only been tested on x86/x64/ARMv7.
inline PEB* NtCurrentPeb() {
#ifdef _M_X64
return (PEB*)(__readgsqword(0x60));
#elif _M_IX86
return (PEB*)(__readfsdword(0x30));