Skip to content

Instantly share code, notes, and snippets.

View Jack2's full-sized avatar

JAEKI KIM Jack2

34 followers · 61 following
View GitHub Profile
@SwitHak
SwitHak / 20200114-TLP-WHITE_CVE-2020-0601.md
Last active February 9, 2024 14:42
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC

CVE-2020-0601 AKA ChainOfFools OR CurveBall

General

  • Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
  • The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
  • The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

  • NSA description:
  • NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
@jakejarvis
jakejarvis / tor.sh
Created October 1, 2019 00:16
system-wide Tor proxy on macOS
#!/usr/bin/env bash
#
# ######################################################################
# Start Tor and switch the system-wide proxy settings in macOS
# ----------------------------------------------------------------------
# Usage:
# `./tor.sh` in Terminal, kill with ctrl + c
# ----------------------------------------------------------------------
# Source:
# https://kremalicious.com/simple-tor-setup-on-mac-os-x/
@Jinmo
Jinmo / _.md
Last active April 9, 2025 14:20
C/C++ header to IDA

Usage

In IDAPython,

execfile('<path>/cxxparser.py')
parse_file('<path>/a.cpp',[r'-I<path>\LuaJIT-2.0.5\src', '-D__NT__', '-D__X64__', '-D__EA64__'])
parse_file('<path>/malloc.c',['-target=x86_64-linux-gnu'])
@JohnLaTwC
JohnLaTwC / 285e6f550560f0ce01bcf0a1a47350075cca366f9e4bf9b573fd5b03c5644b29
Created November 7, 2018 16:47
VBA XLS + Invoke-Obfuscation
## Uploaded by @JohnLaTwC
## Sample hashes: 285e6f550560f0ce01bcf0a1a47350075cca366f9e4bf9b573fd5b03c5644b29
eec6c63b87b4272a05433babad6da16c82956fe232652c4754b8d754ed036611
2a6f540582d8761b9b3e41f9ea734f72726af969fb04742244267047d883ea78
olevba3 0.53.1 - http://decalage.info/python/oletools
Flags Filename
----------- -----------------------------------------------------------------
OLE:MASIHB-- 285e6f550560f0ce01bcf0a1a47350075cca366f9e4bf9b573fd5b03c5644b29
===============================================================================
@MrThreat
MrThreat / findbadlinkers.yar
Created September 17, 2018 05:25
Bsides malware yara rule APT lnk files.
rule lnkfileoverRFC
{
strings:
$header = {4c00 0000 0114 0200 0000} //lnk file header
$command = "C:\\Windows\\System32\\cmd.exe" fullword ascii //cmd is precursor to findstr
$command2 = {2F 00 63 00 20 00 66 00 69 00 6E 00 64 00 73 00 74 00 72} //findstr in hex
$base64 = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD" ascii //some base64 filler, needed to work with routine
$cert = "l -decode" ascii //base64 decoder
condition:
filesize > 15KB and ($header at 0) and $command and $command2 and $cert and $base64
@allieus
allieus / README.md
Last active August 2, 2018 00:02
@saelo
saelo / yolo.c
Created May 14, 2018 21:44
Exploit for IPWnKit: a macOS IOKit exploit challenge from Defcon Qualifier CTF 2018
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <pthread.h>
#include <sys/mman.h>
#include <IOKit/IOKitLib.h>
#include <CoreFoundation/CFPropertyList.h>
const char* kMyDriversIOKitClassName = "io_oooverflow_IPwnKit";
@trishume
trishume / Flagsifier.ipynb
Created May 14, 2018 02:45
DEF CON Quals 2018 Flagsifier Notebook
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@williballenthin
williballenthin / floss-lite.py
Last active August 16, 2021 13:37
#!/usr/bin/env python3
'''
A simplified FLOSS implementation that only supports stackstrings.
requirements:
- yara-python
- unicorn
author: Willi Ballenthin
email: [email protected]
@seanjensengrey
seanjensengrey / octal_x86.txt
Last active January 13, 2025 22:43
x86 is an octal machine
# source:http://geocities.com/SiliconValley/heights/7052/opcode.txt
From: [email protected] (Mark Hopkins)
Newsgroups: alt.lang.asm
Subject: A Summary of the 80486 Opcodes and Instructions
(1) The 80x86 is an Octal Machine
This is a follow-up and revision of an article posted in alt.lang.asm on
7-5-92 concerning the 80x86 instruction encoding.
The only proper way to understand 80x86 coding is to realize that ALL 80x86