Top HN posts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I'll be doing another one for Linux, but this one will give you | |
| # a pop up notification and sound alert (using the built-in sounds for macOS) | |
| # Requires https://github.com/caarlos0/timer to be installed | |
| # Mac setup for pomo | |
| alias work="timer 60m && terminal-notifier -message 'Pomodoro'\ | |
| -title 'Work Timer is up! Take a Break 😊'\ | |
| -appIcon '~/Pictures/pumpkin.png'\ | |
| -sound Crystal" |
X-C3LL
/ FreshyCalls-VBA.vba
Created
September 4, 2022 23:51
Retrieving SSN for syscalling in VBA following FreshyCalls technique
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' Proof of Concept: retrieving SSN for syscalling in VBA | |
| ' Author: Juan Manuel Fernandez (@TheXC3LL) | |
| 'Based on: | |
| 'https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/ | |
| 'https://www.crummie5.club/freshycalls/ | |
| Private Type LARGE_INTEGER |
In the olden days, HTML was prepared by the server, and JavaScript was little more than a garnish, considered by some to have a soapy taste.
After a fashion, it was decided that sometimes our HTML is best rendered by JavaScript, running in a user's browser. While some would decry this new-found intimacy, the age of interactivity had begun.
But all was not right in the world. Somewhere along the way, we had slipped. Our pages went uncrawled by Bing, time to first meaningful paint grew faster than npm, and it became clear: something must be done.
And so it was decided that the applications first forged for the browser would also run on the server. We would render our HTML using the same logic on the server and the browser, and reap the advantages of both worlds. In a confusing series of events a name for this approach was agreed upon: Server-side rendering. What could go wrong?
In dark rooms, in hushed tones, we speak of colours.
moyix
/ killbutmakeitlooklikeanaccident.sh
Created
February 5, 2022 22:51
Script to inject an exit(0) syscall into a running process. NB: only x86_64 for now!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| gdb -p "$1" -batch -ex 'set {short}$rip = 0x050f' -ex 'set $rax=231' -ex 'set $rdi=0' -ex 'cont' |
How to use:
./wordle.sh
Or try the unlimit mode:
loknop
/ writeup.md
Created
December 30, 2021 14:59
Solving "includer's revenge" from hxp ctf 2021 without controlling any files
The challenge was to achieve RCE with this file:
<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).
I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.
0xabad1dea
/ copilot-risk-assessment.md
Last active
September 11, 2023 10:21
Risk Assessment of GitHub Copilot
this is a rough draft and may be updated with more examples
GitHub was kind enough to grant me swift access to the Copilot test phase despite me @'ing them several hundred times about ICE. I would like to examine it not in terms of productivity, but security. How risky is it to allow an AI to write some or all of your code?
Ultimately, a human being must take responsibility for every line of code that is committed. AI should not be used for "responsibility washing." However, Copilot is a tool, and workers need their tools to be reliable. A carpenter doesn't have to
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ! function(e, t) { | |
| "object" == typeof exports && "undefined" != typeof module ? module.exports = t() : "function" == typeof define && define.amd ? define(t) : (e = e || self).hotkeys = t() | |
| }(this, (function() { | |
| "use strict"; | |
| function e(t) { | |
| return (e = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function(e) { | |
| return typeof e | |
| } : function(e) { |
hiqsociety
/ sysctl.conf
Created
February 4, 2021 21:55
— forked from JoeyBurzynski/sysctl.conf
sysctl.conf Optimization / Ubuntu 18.04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Kernel sysctl configuration file for Linux | |
| # | |
| # Version 1.14 - 2019-04-05 | |
| # Michiel Klaver - IT Professional | |
| # http://klaver.it/linux/ for the latest version - http://klaver.it/bsd/ for a BSD variant | |
| # | |
| # This file should be saved as /etc/sysctl.conf and can be activated using the command: | |
| # sysctl -e -p /etc/sysctl.conf | |
| # | |
| # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and sysctl.conf(5) for more details. |