Skip to content

Instantly share code, notes, and snippets.

@QiuhaoLi
QiuhaoLi / poc.c
Created March 28, 2022 11:11
PoC for CVE-2021-41073 (type confusion in Linux io_uring)
/*
* PoC for CVE-2021-41073, tested on Debian 11 with Linux 5.14
* For writeup and exp visit https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel
* For liburing visit https://github.com/axboe/liburing
* gcc -static -o poc poc.c -luring && ./poc
*/
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
@d4em0n
d4em0n / crasher.c
Created October 16, 2020 14:30
Exploit CVE-2020-8835
#define _GNU_SOURCE
#include <err.h>
#include <stdint.h>
#include <linux/bpf.h>
#include <linux/filter.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <asm/unistd_64.h>
#include <sys/types.h>
@SwitHak
SwitHak / 20200114-TLP-WHITE_CVE-2020-0601.md
Last active February 9, 2024 14:42
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

  • Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
  • The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
  • The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

  • NSA description:
  • NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
@j00ru
j00ru / Insomnihack_Teaser_2017_winworld_exploit.py
Created January 7, 2019 13:38
Insomni'hack Teaser 2017 "winworld" exploit by Mateusz "j00ru" Jurczyk
# Insomni'hack Teaser 2017 "winworld" task exploit
#
# Author: Mateusz "j00ru" Jurczyk
# Date: 21 January 2017
#
import os
import random
import string
import sys
import struct
@mlafeldt
mlafeldt / postmortem.md
Last active March 27, 2024 09:23
Example Postmortem from SRE book, pp. 487-491

Shakespeare Sonnet++ Postmortem (incident #465)

Date

2015-10-21

Authors

  • jennifer
  • martym
@mlafeldt
mlafeldt / Rakefile
Last active April 6, 2016 12:22
Rake task I use for starting a new article for Production Ready
require "stringex"
desc "Create a new letter"
task :new_letter, :title do |t, args|
title = args[:title] || "New Letter"
num = File::basename(Dir['letters/*'].last)[0,3].to_i + 1
filename = "letters/%03d-%s.md" % [num, title.to_url]
date = Time.now.strftime("%Y-%m-%d")
puts "==> Creating new letter: #{filename}"
@mlafeldt
mlafeldt / Rakefile
Last active April 20, 2018 16:06
The Rake tasks I use to manage my blog
require 'stringex'
POSTS_DIR = '_posts'
BUILD_DIR = '_site'
DEPLOY_DIR = '_deploy'
DEPLOY_BRANCH = 'master'
def git(*args)
sh 'git', *args
end
@lantrix
lantrix / get_aws_saml_token.sh
Created February 6, 2015 05:57
How to request SAML assertion from ADFS for Amazon Web Services using curl
curl https://youradfsserver.com.au/adfs/services/trust/13/usernamemixed --data @aws_saml_request.xml -H "Content-Type: application/soap+xml" --verbose -o "saml.xml"
@lantrix
lantrix / aws_saml_request.xml
Last active May 6, 2017 19:33
SOAP request for a SAML token for Amazon Web Services from an ADFS SOAP endpoint
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
<a:To s:mustUnderstand="1">https://youradfsserver.com.au/adfs/services/trust/13/usernamemixed</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="uuid-6a13a244-dac6-42c1-84c5-cbb345b0c4c4-1">
<o:Username>user@domain.com.au</o:Username>
<o:Password>password</o:Password>
@rofl0r
rofl0r / init.c
Created August 6, 2013 21:15
minimal init daemon by rich felker, author of musl libc
#define _XOPEN_SOURCE 700
#include <signal.h>
#include <unistd.h>
int main()
{
sigset_t set;
int status;
if (getpid() != 1) return 1;