This study focuses on the strategies used by the "xz backdoor", an extremely
complex piece of malware that contains its own x64 disassembler inside of it
to find critical locations in your code and hijacks it by swapping out your
code with its own as it runs. Because this a machine-code based attack,
all code written in any program language can be attacked and is vulnerable.
Instead of targeting sshd directly, the xz
backdoor injects itself in the parent systemd process then hijacks the
GNU Dynamic Linker (ld), before sshd is even started or libcrypto.so is
junftnt
junftnt
/ fork_and_daemon.go
Created
July 30, 2024 02:03
— forked from smallnest/fork_and_daemon.go
golang fork and exec and handle signals
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "flag" | |
| "fmt" | |
| "log" | |
| "os" | |
| "os/signal" | |
| "syscall" | |
| ) |
junftnt
/ main.md
Created
April 16, 2024 17:59
— forked from christoofar/main.md
Wrapping a C library call in a defensive Go routine
junftnt
/ chgkvmnetcfg.md
Created
March 19, 2024 01:48
— forked from plembo/chgkvmnetcfg.md
Changing a KVM network configuration
The documentation recommends you do this using virsh net update, but you'll need to read it very carefully to figure out exactly how -- because they provide you with only a
single example to work with.
Only the following virtual network components can be changed using net-update:
ip-dhcp-host
ip-dhcp-range (add/delete only, no modify)
forward-interface (add/delete only)
junftnt
/ pty-demo.c
Created
February 19, 2024 18:15
— forked from akvadrako/pty-demo.c
Linux pseudo TTY example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * gcc -o pty-demo pty-demo.c | |
| * pty-demo bash | |
| */ | |
| #define _XOPEN_SOURCE 600 /* Single UNIX Specification, Version 3 */ | |
| #include <fcntl.h> | |
| #include <errno.h> | |
| #include <stdio.h> /* for convenience */ |
junftnt
/ print-to-terminal-pts.c
Created
February 19, 2024 17:10
— forked from punzik/print-to-terminal-pts.c
Print to terminal via pts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| #include <sys/stat.h> | |
| #include <fcntl.h> | |
| #include <signal.h> | |
| #include <string.h> | |
| volatile int running = 1; |
junftnt
/ aes.go
Created
February 7, 2024 23:23
— forked from enyachoke/aes.go
simple AES encryption/decryption example with PBKDF2 key derivation in Go, Javascript, and Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/aes" | |
| "crypto/cipher" | |
| "crypto/rand" | |
| "crypto/sha256" | |
| "encoding/hex" | |
| "fmt" | |
| "strings" |
junftnt
/ shibboleth-debug.md
Created
December 28, 2023 21:23
— forked from davidjb/shibboleth-debug.md
Shibboleth debugging steps
Throught this whole process, if you're unsure whether a Shibboleth login session
worked (such as if it looks like your application isn't getting attributes etc),
you can test by accessing /Shibboleth.sso/Session after going a
/Shibboleth.sso/Login cycle and it'll list various details, or state:
A valid session was not found
if it didn't work or you haven't logged in yet.
junftnt
/ qemu-networking.md
Created
November 19, 2023 01:32
— forked from extremecoders-re/qemu-networking.md
Setting up Qemu with a tap interface
junftnt
/ launch.json
Created
November 13, 2023 22:47
— forked from borrrden/launch.json
VSCode Setup for Debugging PonchoOS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "version": "0.2.0", | |
| "configurations": [ | |
| { | |
| "name": "Debug Kernel", | |
| "type": "cppdbg", | |
| "request": "launch", | |
| "program": "${workspaceRoot}/kernel/bin/kernel.elf", | |
| "args": [], | |
| "stopAtEntry": false, |
junftnt
/ instructions.sh
Created
November 13, 2023 22:47
— forked from borrrden/instructions.sh
Debugging ponchoOS kernel
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # INSIDE WSL, install gdb (one-time instruction) | |
| sudo apt install gdb | |
| # Add the following to your kernel Makefile CFLAGS, so that gcc will generate | |
| # debug symbols that the debugger can use | |
| # Note: The thing being added is -g, so as of lesson 12 it should look like this. | |
| # Delete all the contents of the lib folder to force a recompile | |
| CFLAGS = -ffreestanding -fshort-wchar -g | |
| # Add the following to your qemu invocation and start QEmu: |
NewerOlder