Skip to content

Instantly share code, notes, and snippets.

View kiding's full-sized avatar
🦑
🦜 🦜 🦜 🦜

Dongsung "Donny" Kim kiding

🦑
🦜 🦜 🦜 🦜
View GitHub Profile
@thesamesam
thesamesam / xz-backdoor.md
Last active April 7, 2025 09:15
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

#!/usr/bin/env python3
import usb.core
import struct
from collections import namedtuple
APPLE_VID = 0x05ac
Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"])

Unicode XSS via Combining Characters

Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.

Recap of Unicode XSS

Lab: https://4t64ubva.xssy.uk/

A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:

@singleghost2
singleghost2 / load_wrapper.cc
Created November 21, 2023 03:09
Disable ASLR on macOS for dylib include those loaded with `dlopen`
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <spawn.h>
#include <sys/wait.h>
#include <string.h>
/* ASLR disabling magic constant from Apple LLDB source code
https://opensource.apple.com/source/lldb/lldb-76/tools/darwin-debug/darwin-debug.cpp
*/
@matteyeux
matteyeux / decrypted.json
Created November 20, 2023 13:15
Apple Vision Pro firmware keys for VisionOS 1.0 beta 1-5
[
{
"url": "https://updates.cdn-apple.com/2023SummerSeed/patches/042-21091/60572AF0-9BC3-465F-89ED-77117194CB26/com_apple_MobileAsset_SoftwareUpdate/3df121022bd578846478faa25a4dcf3055396954.zip",
"build": "21N5207g",
"filename": "iBEC.n301.RELEASE.im4p",
"kbag": "AB7893B981E44BFF298328C89C826F8BA6EF1A7ADC80DB156C9D55D9F4E27E8AD2CC21AFA42A41E1392B57E9FE90D992",
"key": "34b218667cd03eb93e073b9b3bca4a865b20f130550a800b2aa2c1c2348041865cee47db7e3bcda739d05adde9f9f716"
},
{
"url": "https://updates.cdn-apple.com/2023SummerSeed/patches/042-21091/60572AF0-9BC3-465F-89ED-77117194CB26/com_apple_MobileAsset_SoftwareUpdate/3df121022bd578846478faa25a4dcf3055396954.zip",
// ==UserScript==
// @name ASTx2 Emulator
// @namespace http://tampermonkey.net/
// @version 0.1
// @description try to take over the world!
// @author @BawAppie
// @match https://*/*
// @icon https://www.google.com/s2/favicons?sz=64&domain=ahnlab.com
// @grant none
// ==/UserScript==
function Get-RdpLogonEvent
{
[CmdletBinding()]
param(
[Int32] $Last = 10
)
$RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{
LogName='Security'
ProviderName='Microsoft-Windows-Security-Auditing'
# IDA (disassembler) and Hex-Rays (decompiler) plugin for Apple AMX
#
# WIP research. (This was edited to add more info after someone posted it to
# Hacker News. Click "Revisions" to see full changes.)
#
# Copyright (c) 2020 dougallj
# Based on Python port of VMX intrinsics plugin:
# Copyright (c) 2019 w4kfu - Synacktiv
@nikolay-n
nikolay-n / syscalls.txt
Last active February 22, 2025 15:55
macOS syscall
syscall = 0
exit = 1
fork = 2
read = 3
write = 4
open = 5
close = 6
wait4 = 7
link = 9
unlink = 10
@IsaacXen
IsaacXen / README.md
Last active April 12, 2025 01:49
(Almost) Every WWDC videos download links for aria2c.