Joel Margolis teknogeek
0xdevalias
/ _deobfuscating-unminifying-obfuscated-web-app-code.md
Last active
June 24, 2024 20:44
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Sources: | |
| # - https://ultracrepidarian.phfactor.net/category/computer-science/ | |
| # - https://www.reddit.com/r/LogitechG/comments/sacz2x/comment/hyfx2xo/?utm_source=share&utm_medium=web2x&context=3 | |
| param ( | |
| [Parameter(Mandatory = $true)] | |
| [ValidateSet('On', 'Off')] | |
| [String]$state, | |
| [ValidateRange(1, 100)] |
AbstractUmbra
/ 00-deprecation.md
Last active
June 28, 2024 02:30
discord.py 2.0+ slash command info and examples
... to my blog style space for easier contribution by third parties and to provide what I believe to be an easier reading experience. Please field all enquiries and issues to the source repository.
# Resize the file system in UI, under VM -> Hardware -> Click on the disk to resize, click "Resize disk" button
# Confirm increase in disk space (1TB in my case)
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 1T 0 disk
├─sda1 8:1 0 1M 0 part
├─sda2 8:2 0 1G 0 part /boot
└─sda3 8:3 0 1T 0 part
bored-engineer
/ 0_usage.md
Last active
February 13, 2019 14:34
A jq script to generate strongly typed golang structures based on results from a GraphQL introspection query
Usage (using get-graphql-schema to fetch the schema):
get-graphql-schema https://hackerone.com/graphql --json | jq -rf graphql.jqSupports Union types, Enum types, Interfaces, Input Objects and regular Objects.
See bored-engineer/hackeroni-ql for an example library generated with this script.
dogtopus
/ ps4cse_public.md
Last active
June 26, 2024 03:50
Licensed PS4 Controller "Security Chip" Secure Element
This documentation is provided solely for education and interoperability purposes (aka persons who are tired of proprietary non-customizable hardware and want to use their own hardware for DIY controllers). It enables neither chip-cloning nor controller counterfeiting which would violate copyright and/or any other applicable laws. This documentation also comes without warranty. Use it at your own risk.
- Model: NXP A710x series, possibly semi-customized (Label says 7105 - A7105 does not exist)
- Protocol: I2C
fransr
/ bucket-disclose.sh
Last active
June 19, 2024 08:56
Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Written by Frans Rosén (twitter.com/fransrosen) | |
| _debug="$2" #turn on debug | |
| _timeout="20" | |
| #you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
| _aws_key="AKIA..." | |
| H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
| H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
jhaddix
/ content_discovery_all.txt
Created
May 26, 2018 11:51
a masterlist of content discovery URLs and files (used most commonly with gobuster)
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ` | |
| ~/ | |
| ~ | |
| ×™× | |
| ___ | |
| __ | |
| _ |
random-robbie
/ ssrf.svg
Created
May 25, 2018 15:03
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018. | |
| // N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d | |
| // | |
| // Scroll down do "BEGIN EXPLOIT" to skip the utility functions. | |
| // | |
| // Copyright (c) 2018 Samuel Groß | |
| // | |
| // |
NewerOlder