Skip to content

Instantly share code, notes, and snippets.

View theolivenbaum's full-sized avatar

theolivenbaum

57 followers · 16 following
View GitHub Profile
@travisbrown
travisbrown / legacy-verified.csv
Last active August 2, 2023 13:59
Twitter accounts with legacy verification on 4 April 2023 (see https://twitter.com/travisbrown/status/1643229276278235136)
We can't make this file beautiful and searchable because it's too large.
Twitter ID, Screen name, Followers
12,jack,6526006
13,biz,2608289
20,ev,1679155
57,SarahM,17448
59,Tim535353,9340
76,marciadorsey,19501
224,davepell,57523
291,goldman,916937
295,joshk,149086
@tothi
tothi / ms-msdt.MD
Last active April 18, 2024 02:22
The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

  1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
@NickCraver
NickCraver / BotLovin.cs
Last active January 5, 2023 11:36
Some bot/crawler fun on Stack Overflow. 10 hours of fun, to be precise.
private static readonly string[] tenHoursOfFun =
{
"https://www.youtube.com/watch?v=wbby9coDRCk",
"https://www.youtube.com/watch?v=nb2evY0kmpQ",
"https://www.youtube.com/watch?v=eh7lp9umG2I",
"https://www.youtube.com/watch?v=z9Uz1icjwrM",
"https://www.youtube.com/watch?v=Sagg08DrO5U",
"https://www.youtube.com/watch?v=5XmjJvJTyx0",
"https://www.youtube.com/watch?v=IkdmOVejUlI",
"https://www.youtube.com/watch?v=jScuYd3_xdQ",