I hereby claim:
- I am sekuryti on github.
- I am int0x33 (https://keybase.io/int0x33) on keybase.
- I have a public key ASCfPw27tiAPkGwjBolUP8VNr5weJ8uVmkc0fnov9NqebAo
To claim this, I am signing this object:
import requests | |
import json | |
# JSON data containing PII | |
data_with_pii = { | |
"id": 1, | |
"firstName": "Terry", | |
"lastName": "Medhurst", | |
"maidenName": "Smitham", | |
"age": 50, |
curl -X POST \ | |
-H "Content-Type: application/json" \ | |
-d '{"text":"{\"name\": \"Matty\", \"last_name\": \"Cincinatti\"}"}' \ | |
https://x.api-factory.com/redact |
#! /usr/bin/env python3 | |
''' | |
Needs Requests (pip3 install requests) | |
Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
I hereby claim:
To claim this, I am signing this object:
using System; | |
using System.Runtime.InteropServices; | |
namespace API_Hashing | |
{ | |
class Program | |
{ | |
[DllImport("kernel32", SetLastError = true, CharSet = CharSet.Ansi)] | |
static extern IntPtr LoadLibrary([MarshalAs(UnmanagedType.LPStr)] string lpFileName); |
# This code is very hacky, please excuse the nonsensical variable/function naming | |
# See https://twitter.com/David3141593/status/1442883432925773829 for context | |
# Derived from this implementation of XXHASH64: https://github.com/Cyan4973/xxHash/blob/dev/xxhash.h | |
from xxhash import xxh64 | |
XXH_PRIME64_1 = 0x9E3779B185EBCA87 | |
XXH_PRIME64_2 = 0xC2B2AE3D27D4EB4F | |
XXH_PRIME64_3 = 0x165667B19E3779F9 | |
XXH_PRIME64_4 = 0x85EBCA77C2B2AE63 |
/* | |
* Copyright (C) 2021 Alyssa Rosenzweig <alyssa@rosenzweig.io> | |
* | |
* Permission is hereby granted, free of charge, to any person obtaining a | |
* copy of this software and associated documentation files (the "Software"), | |
* to deal in the Software without restriction, including without limitation | |
* the rights to use, copy, modify, merge, publish, distribute, sublicense, | |
* and/or sell copies of the Software, and to permit persons to whom the | |
* Software is furnished to do so, subject to the following conditions: | |
* |
[ | |
{ | |
"name": "ext-vars-test.yar", | |
"path": "yara/ext-vars-test.yar", | |
"sha": "acc1317b2308c1eea6b9a002cd234fa4b7312255", | |
"size": 125, | |
"url": "https://api.github.com/repos/Neo23x0/Raccine/contents/yara/ext-vars-test.yar?ref=main", | |
"html_url": "https://github.com/Neo23x0/Raccine/blob/main/yara/ext-vars-test.yar", | |
"git_url": "https://api.github.com/repos/Neo23x0/Raccine/git/blobs/acc1317b2308c1eea6b9a002cd234fa4b7312255", | |
"download_url": "https://raw.githubusercontent.com/Neo23x0/Raccine/main/yara/ext-vars-test.yar", |
Chrome -> DevTools -> Console | |
urls = [] | |
$$('*').forEach(element => { | |
urls.push(element.src) | |
urls.push(element.href) | |
urls.push(element.url) | |
});copy(urls.filter(x=>x&&x!=="")) |
// | |
// Most object types in the V8 JavaScript are described in this file. | |
// | |
// Inheritance hierarchy: | |
// - Object | |
// - Smi (immediate small integer) | |
// - TaggedIndex (properly sign-extended immediate small integer) | |
// - HeapObject (superclass for everything allocated in the heap) | |
// - JSReceiver (suitable for property access) | |
// - JSObject |