tin-z

Index

• #prepreqs

• #roadmap

  • #iot
  • #chrome-and-friends (#v8)

• #projects

Homer28

/**
 *    This DLL is designed for use in conjunction with the Ruler tool for
 *    security testing related to the CVE-2024-21378 vulnerability, 
 *    specifically targeting MS Outlook.
 * 
 *    It can be used with the following command line syntax:
 *      ruler [auth-params] form add-com [attack-params] --dll ./test.dll
 *    Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch).
 *
 *    After being loaded into MS Outlook, it sends the PC's hostname and

marcnewlin

#!/usr/bin/env python3

import usb.core
import struct
from collections import namedtuple

APPLE_VID = 0x05ac

Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"])

incogbyte

console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);

/**
 * by incogbyte
 * Common functions 
 * thx apkunpacker, NVISOsecurity, TheDauntless
 * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
 * !!! THIS SCRIPT IS NOT A SILVER BULLET !!

awakecoding

function Get-RdpLogonEvent
{
    [CmdletBinding()]
    param(
        [Int32] $Last = 10
    )

    $RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{
        LogName='Security'
        ProviderName='Microsoft-Windows-Security-Auditing'

NyaMisty

"""
summary: drawing custom graphs
description:
  Showing custom graphs, using `ida_graph.GraphViewer`. In addition,
  show how to write actions that can be performed on those.
keywords: graph, actions
"""

from __future__ import print_function
# -----------------------------------------------------------------------

dr4k0nia

using System.Linq;
using System.Reflection;

namespace HashInvoke;

public class HInvoke
{
    public static T InvokeMethod<T>(uint classID, uint methodID, object[]? args = null)
    {
        // Get the System assembly and go trough all its types hash their name

picar0jsu

# Exploit Title: Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion
# Date: 25/1/2022
# Exploit Author: Jonah Tan (@picar0jsu)
# Vendor Homepage: https://www.oracle.com
# Software Link: https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html
# Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0
# Tested on: Windows Server 2019, WebLogic 12.2.1.3.0, Peoplesoft 8.57.22
# CVE : CVE-2022-21371

# Description

5ec1cff

Zygisk 源码分析

以下分析基于 Magisk 76ddfeb93a8b3612cd68988323f422e996751e16

由于 Magisk 更新太快了，决定弃坑，自己去看源码罢！

Zygisk 注入到 Zygote 进程

Zygisk 加载是通过替换 app_process ，修改 LD_PRELOAD ，再执行原 app_process 实现的。

loknop

Solving "includer's revenge" from hxp ctf 2021 without controlling any files

The challenge

The challenge was to achieve RCE with this file:

<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');

Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).

I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.