Skip to content

Instantly share code, notes, and snippets.

💥
🦆

Gareth Jones symm

💥
🦆
Block or report user

Report or block symm

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@lizthegrey
lizthegrey / attributes.rb
Last active Sep 16, 2019
Hardening SSH with 2fa
View attributes.rb
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@mattifestation
mattifestation / LoadInMemoryModule.ps1
Created Mar 30, 2018
A stealthier method of loading a .NET PE in memory - via the Assembly.LoadModule method
View LoadInMemoryModule.ps1
$Domain = [AppDomain]::CurrentDomain
$DynAssembly = New-Object System.Reflection.AssemblyName('TempAssembly')
$AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('TempModule')
# Create a stub module that the in-memory module (i.e. this mimics the loading of a netmodule at runtime) will be loaded into.
$ModuleBuilder2 = $AssemblyBuilder.DefineDynamicModule('hello.dll')
$TypeBuilder = $ModuleBuilder.DefineType('TempClass', [Reflection.TypeAttributes]::Public)
$TypeBuilder.CreateType()
$HelloDllBytes = [Convert]::FromBase64String('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJNPvloAAAAAAAAAAOAAAiELAQsAAAQAAAAGAAAAAAAAPiMAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOQiAABXAAAAAEAAAJgCAAAAAAAAAAAAAAAAAAA
View README.md

Root OnePlus5 without unlocking the bootloader

Gain adb root.

$ adb shell am start -n com.android.engineeringmode/.qualcomm.DiagEnabled --es "code" "angela"

Download Magisk-v14.0 and extract it somewhere. Download MagiskManager.

@sators
sators / connect.php
Last active Feb 25, 2019
PHP MySQLi Amazon Aurora RDS EC2 IAM Role Based Authentication
View connect.php
<?php
/********* CONFIG ********/
$clusterEndpoint = "";
$clusterPort = 3306;
$clusterRegion = "us-east-1";
$dbUsername = "";
$dbDatabase = "";
/*************************/
@konsumer
konsumer / radioreference2SDRTouchPresets.js
Last active Feb 8, 2019
Build SDRTouch Presets from radioreference site
View radioreference2SDRTouchPresets.js
// Put this into Developer console
// on a page like https://www.radioreference.com/apps/db/?inputs=2&ctid=2230
function tableToJs ($table) {
const headers = $('th', $table).map((i, th) => $(th).text().trim())
const out = []
$('tr', $table).each((i, tr) => {
const row = {}
$('td', tr).map((i, td) => {
row[ headers[i] ] = $(td).text()
View chat-frontend.js
"use strict";
// for better performance - to avoid searching in DOM
const inputElement = document.getElementById('input');
const contentElement = document.getElementById('content');
const statusElement = document.getElementById('status');
// my color assigned by the server
var myColor = false;
// my name sent to the server
@egirault
egirault / Syscan2015Badge.md
Last active Jul 13, 2019
Dumping the flash memory of the Syscan 2015 badge
View Syscan2015Badge.md

Dumping the flash of the Syscan 2015 badge

The badge of the Syscan 2015 conference included an ARM-based STM32F030R8 processor running some challenges. Although SWD pins are accessible on the badge, some have noted that the STM32 is readout-protected, meaning that it will refuse to dump its flash memory.

Fortunately, two researchers (Johannes Obermaier and Stefan Tatschner) recently published a paper at the WOOT '17 conference, in which they reveal a vulnerability allowing to bypass the readout protection. Their technique allows to dump the flash one DWORD at a time, rebooting the CPU between each access.

I implemented this attack using a BusPirate and the PySWD module. Here is a quick'n dirty PoC to

@alexellis
alexellis / k8s-pi.md
Last active Sep 13, 2019
K8s on Raspbian
View k8s-pi.md
View clock-example.php
<?php
/**
* This is the clock interface. It's really simple, you write it once, use it anywhere.
* Cool extra things you can do:
* - have it return custom value objects
* - separate method for currentDate() without time part
*/
interface Clock
{
@Spomky
Spomky / apn.php
Last active Jun 10, 2018
Generate JWT for Apple Push Notification
View apn.php
<?php
require_once 'vendor/autoload.php';
use Jose\Factory\JWKFactory;
use Jose\Factory\JWSFactory;
$key_file = '/PATH/TO/KEY/FILE';
$secret = null; // If the key is encrypted, the secret must be set in this variable
You can’t perform that action at this time.