Skip to content

Instantly share code, notes, and snippets.

View DrSlaughter's full-sized avatar

Joshua Krueger DrSlaughter

35 followers · 258 following
View GitHub Profile
@DavidBuchanan314
DavidBuchanan314 / 00_writeup.md
Last active December 27, 2025 06:03

MD5 Collision with CRC32 Preimage

Here's the scenario: We want to craft two different messages with the same MD5 hash, and a specific CRC32 checksum, simultaneously.

In other words, we want an MD5 collision attack and a CRC32 preimage attack.

This might seem like a contrived scenario, but it's exactly the one I faced while producing my PNG hashquine (Yes OK maybe that's also a contrived scenario, cut me some slack).

On its own, a CRC32 preimage attack is trivial. You can craft a 4-byte suffix that gives any message a specific checksum, calculated using a closed-form expression (which I am too lazy to derive, not even with assistance from Z3). It's not an attack per-se, since CRC32 was never meant to be cryptograpically secure in the first place.

@lizthegrey
lizthegrey / attributes.rb
Last active April 29, 2026 20:02
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'
@ruccho
ruccho / Generate Normal Map.lua
Last active January 3, 2026 08:30
The enhanced version of this script is available: https://gist.github.com/ruccho/2d1eb4aea3dfa55690c2ddc4419172ff
----------------------------------------------------------------------
-- Generate Normal Map
--
-- It works only for RGB color mode.
----------------------------------------------------------------------
if app.apiVersion < 1 then
return app.alert("This script requires Aseprite v1.2.10-beta3")
end
@HarmJ0y
HarmJ0y / LNKBackdoor.ps1
Created July 4, 2016 20:49
Functions to 'backdoor' .LNK files with additional functionality and enumerate all 'backdoored' .LNKs on a system.
function Set-LNKBackdoor {
<#
.SYNOPSIS
Backdoors an existing .LNK shortcut to trigger the original binary and a payload specified by
-ScriptBlock or -Command.
Author: @harmj0y
License: BSD 3-Clause
Required Dependencies: None
@jesusprubio
jesusprubio / gist:8f092af4ca252e252eab
Last active April 12, 2023 15:02
Proposal: A Node.js penetration test framework

Proposal: Node.js penetration test framework

Hi guys! Since I started to write Bluebox-ng I've been tracking the different security projects I found written in Node.js. Now we've published the first stable version we think it's the right moment to speak among us (and, of course, everyone interested in it :).

Why?

  • I think we're rewriting the same stuff in our respective projects again and again. For example, almost any tool supports IPv6 because the functions we need are still not present in the Node core and the libraries I found (IMHO) were not enough.
  • There're different projects implementing exactly the same thing, ie: port scanners.
  • We're working in a too new environment, so we need to make it together.