sirdarckcat

It might come as a surprise, but polar bears and penguins—icons of the Arctic and Antarctic respectively—have never shared the same wild habitat. For much of human history, the very idea of one seeing the other would have been unthinkable. Yet, as European zoos and menageries began collecting ever more exotic animals in the 19th and early 20th centuries, their once-impossible meeting became a reality. While we cannot pinpoint an exact date down to the day or hour, records from several prominent zoological institutions allow us to piece together a plausible and well-documented instance when a polar bear first laid eyes on a penguin.

Historical Backdrop:

The London Zoological Gardens (often simply called the London Zoo), established by the Zoological Society of London in 1828, rapidly became one of the world’s foremost centers for exotic animal display and study. By the mid-19th century, the zoo had already acquired numerous unusual species—lions from Africa, tigers from Asia, kangaroos from Australia, and ev

sirdarckcat

get vmlinux path from https://syzkaller.appspot.com/upstream/manager/ci2-upstream-kcsan-gce then run https://github.com/torvalds/linux/blob/master/scripts/extract-vmlinux then use r2 to generate a global callgraph https://reverseengineering.stackexchange.com/questions/16081/how-to-generate-the-call-graph-of-a-binary-file

grep ' \[label="' output.dot | sort -u | sed 's/ URL=.*//g' | sed 's/ .label=/,/g' > ../symbols.csv

grep ' -> ' output.dot | grep -v 'sym.__' | sed 's/ .color.*//g' | sed 's/ -> /,/g' > callgraph.csv

sirdarckcat

reptar.elf: reptar.elf.asm
	nasm -f bin reptar.elf.asm -o reptar.elf
	chmod +x reptar.elf

sirdarckcat

rexit: rexit.o
	ld $^ -o $@

rexit.o: rexit.asm
	nasm -f elf64 $^ -o $@

clean:
	rm -rf rexit.o rexit

sirdarckcat

select * from (
  select
    syzkaller,
    fixed_commit,
    fixes_commit,
    fixes_tags.tags `fixes_tags`,
    fixed_tags.tags `fixed_tags`
  from (
    select
      syzkaller,

sirdarckcat

import requests
from urllib3.exceptions import InsecureRequestWarning
import random
import string
import sys


def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
    return ''.join(random.choice(chars) for _ in range(size))

sirdarckcat

Keybase proof

I hereby claim:

• I am sirdarckcat on github.
• I am sirdarckcat (https://keybase.io/sirdarckcat) on keybase.
• I have a public key ASDI4N0BHgeTf4c7SqQxkNozR3Vh4z-dEdjXqNwXO1n6Xgo

To claim this, I am signing this object:

sirdarckcat

FROM ubuntu:20.04
RUN apt update && DEBIAN_FRONTEND=noninteractive apt install -y wget git unzip openjdk-8-jdk google-android-platform-24-installer google-android-build-tools-24-installer android-sdk
RUN cd /usr/lib/android-sdk/build-tools && wget https://dl.google.com/android/repository/build-tools_r24.0.1-linux.zip 2>/dev/null && unzip build-tools_r24.0.1-linux.zip && ls
RUN git clone https://github.com/k3b/intent-intercept.git
RUN cd /usr/lib/android-sdk && mkdir cmdline-tools && cd cmdline-tools && wget https://dl.google.com/android/repository/commandlinetools-linux-6514223_latest.zip 2>/dev/null && unzip commandlinetools-linux-6514223_latest.zip && ls -la
RUN yes | /usr/lib/android-sdk/cmdline-tools/tools/bin/sdkmanager --licenses
RUN update-alternatives --set java /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
RUN cd intent-intercept && export ANDROID_HOME=/usr/lib/android-sdk && ./gradlew assembleDebug

sirdarckcat

gctf.sh

Usage:

wget https://gist.githubusercontent.com/sirdarckcat/087e32982bd77bddbd9c46ccbc72edf7/raw/gctf.sh && chmod +x gctf.sh
mkdir -p google-ctf-2019
DATABASE_URL=https://gctf-2019-da0962m957mnki9l.firebaseio.com ./gctf.sh google-ctf-2019/ctf
DATABASE_URL=https://gctf-2019-da0962m957mnki9l.firebaseio.com/beginners ./gctf.sh google-ctf-2019/bq

sirdarckcat

XS-Search Exploit for Secure Messaging Service

Exploit used during Insomni'hack 2018 for team int3pids.