Skip to content

Instantly share code, notes, and snippets.

wdormann / CVE-2021-21224.html
Last active Jun 9, 2021
Sample ARM64 PoC for CVE-2021-21224
View CVE-2021-21224.html
function gc() {
for (var i = 0; i < 0x80000; ++i) {
var a = new ArrayBuffer();
let shellcode = [
// Move x18 to x28 (TEB)
wdormann / privtasks.ps1
Last active Nov 15, 2020
List privileged scheduled tasks that don't come with Windows
View privtasks.ps1
$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
if (-Not $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
Write-Warning "We don't have elevated privileges. The following results may not be complete."
schtasks /query /fo csv -v | ConvertFrom-Csv | ? {$_.Status -notlike "Disabled" -and $_.TaskName -notlike "\Microsoft\Windows\*" -and $_.TaskName -notlike "\Microsoft\Office\*" -and $_.TaskName -notlike "\Microsoft\XblGameSave\*" -and $_.TaskName -notlike "TaskName" -and ($_."Run As User" -like "*system" -or $_."Run As User" -like "Administrator*")} | fl taskname,"Comment","Task To Run","Run As User"
wdormann / privileged.ps1
Last active Nov 23, 2020
List privileged services that don't come with Windows 10
View privileged.ps1
$win10_builtin = @('AppVClient', 'ClickToRunSvc', 'COMSysApp', 'diagnosticshub.standardcollector.service',
'msiserver', 'ose', 'perceptionsimulation', 'SecurityHealthService', 'Sense',
'SensorDataService', 'SgrmBroker', 'Spooler', 'ssh-agent', 'TieringEngineService',
'TrustedInstaller', 'UevAgentService', 'vds', 'VSS', 'wbengine', 'WinDefend', 'wmiApSrv',
'WSearch', 'XboxNetApiSvc', 'XboxGipSvc', 'XblGameSave', 'XblAuthManager', 'WwanSvc', 'wuauserv',
'WwanSvc', 'wuauserv', 'WpnService', 'WPDBusEnum', 'WpcMonSvc', 'WManSvc', 'wlidsvc', 'WlanSvc',
'wisvc', 'Winmgmt', 'WiaRpc', 'WerSvc', 'wercplsupport', 'WdiSystemHost', 'WbioSrvc', 'WalletService',
'WaaSMedicSvc', 'vmvss', 'vmicvss', 'vmicvmsession', 'vmicshutdown', 'vmicrdv', 'vmickvpexchange',
'vmicheartbeat', 'vmicguestinterface', 'VaultSvc', 'UsoSvc', 'UserManager', 'UmRdpService',
'TroubleshootingSvc', 'TrkWks', 'TokenBroker', 'Themes', 'TabletInputService',
wdormann /
Last active Sep 2, 2020
List privileged scheduled tasks in Windows that don't come with Windows 10
# Don't use this version!
# Try instead
# Utility for listing SYSTEM-privileged scheduled tasks on Windows
# Tasks that come with Windows 10 are not included.
# Admin privileges are required to list all scheduled tasks.
import csv
import subprocess
import tempfile
wdormann /
Last active Apr 30, 2021
List privileged services that don't come with Windows 10 - deprecated
# Try instead
import os
import subprocess
# See:
svcinfo = {}
FNULL = open(os.devnull, 'w')
wdormann /
Last active Apr 20, 2020
Check for running processes on Windows that have components that do not utilize ASLR
#!/usr/bin/env python
Utility to check for processes running with non-ASLR-compatible components.
Run with Administrative privileges to get visibility into all processes.
(1a) psutil:
Installed via PIP
(1b) Sysinternals ListDLLs:
wdormann / gist:874198c1bd29c7dd2157d9fc1d858263
Last active Jun 21, 2020
List of Android apps that include - potentially vulnerable to CVE-2019-11932. Sorted by install count.
View gist:874198c1bd29c7dd2157d9fc1d858263
This file has been truncated, but you can view the full file.
com.whatsapp 1000000000
com.lenovo.anyshare.gps 1000000000 1000000000
com.zhiliaoapp.musically 500000000
com.viber.voip 500000000
wp.wattpad 100000000
vStudio.Android.Camera360 100000000
vsin.t16_funny_photo 100000000 100000000
wdormann / disable_discimage.reg
Created Aug 29, 2019
Disable Windows Explorer file associations for Disc Image Mount (ISO, IMG, VHD, VHDX)
View disable_discimage.reg
Windows Registry Editor Version 5.00
wdormann / packet-tpkt.c.diff
Created Jun 21, 2019
Patch Wireshark 3.0.2 to hook TPKT dissector into TLS decryption
View packet-tpkt.c.diff
--- packet-tpkt.c.orig 2019-06-21 14:47:47.831026881 +0000
+++ packet-tpkt.c 2019-06-21 15:05:31.115056289 +0000
@@ -22,6 +22,7 @@
#include <epan/show_exception.h>
#include "packet-tpkt.h"
+#include "packet-tls.h"
void proto_register_tpkt(void);
void proto_reg_handoff_tpkt(void);
@@ -42,6 +43,7 @@
static gboolean tpkt_desegment = TRUE;
wdormann / gist:e15fbc671a0741b72264eca168a252e3
Created Mar 29, 2019
Vendor MACs targeted by ASUS attack
View gist:e15fbc671a0741b72264eca168a252e3
AMPAK Technology, Inc.
AzureWave Technology Inc.
BizLink (Kunshan) Co.,Ltd
Chicony Electronics Co., Ltd.
Digital Data Communications Asia Co.,Ltd
Hon Hai Precision Ind. Co.,Ltd.
Intel Corporate