-
- #iot
- #chrome-and-friends: Chrome, V8, Blink, Mojo, etc.
- Linux kernel #todo
- expdev #todo
- fuzzing #todo
Matthew Linney Taius
hawktrace
/ gist:76b3ea4275a5e2191e6582bdc5a0dc8b
Last active
November 6, 2025 14:44
HawkTrace CVE-2025-59287
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import requests | |
| import urllib3 | |
| import xml.etree.ElementTree as ET | |
| from datetime import datetime, timezone | |
| import sys | |
| import uuid | |
| from xml.sax.saxutils import escape |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| import struct | |
| import argparse | |
| from Crypto.Cipher import AES #pip install pycryptodome | |
| def decrypt(blob, key): | |
| """Decrypt PDQ credential blobs""" | |
| #Format for the blob is [header][ivlen][iv][encdata] | |
| #Example blob: 28656e63727970746564290010644d18eb7817dad6de5f531b1b0b60113087662f3cf0ffdaa7760418c15ee6ea | |
| #Example blob: [28656e637279707465642900][10][644d18eb7817dad6de5f531b1b0b6011][3087662f3cf0ffdaa7760418c15ee6ea] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/usr/bin/env sh | |
| curl --proxy http://127.0.0.1:8080/ --user-agent burl --insecure "$@" |
jborean93
/ New-ScheduledTaskSession.ps1
Last active
September 4, 2025 08:50
Creates a PSSession that targets a scheduled task process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2024, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function New-ScheduledTaskSession { | |
| <# | |
| .SYNOPSIS | |
| Creates a PSSession for a process running as a scheduled task. | |
| .DESCRIPTION | |
| Creates a PSSession that can be used to run code inside a scheduled task |
tin-z
/ VR_roadmap.md
Last active
November 7, 2025 18:26
Becoming a Vulnerability Researcher roadmap: my personal experience
Homer28
/ test_dll.c
Last active
June 29, 2025 09:52
DLL code for testing CVE-2024-21378 in MS Outlook
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * This DLL is designed for use in conjunction with the Ruler tool for | |
| * security testing related to the CVE-2024-21378 vulnerability, | |
| * specifically targeting MS Outlook. | |
| * | |
| * It can be used with the following command line syntax: | |
| * ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
| * Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
| * | |
| * After being loaded into MS Outlook, it sends the PC's hostname and |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdint.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdbool.h> | |
| #include <windows.h> | |
| #include "nt_crap.h" | |
| #define ArrayCount(arr) (sizeof(arr)/sizeof(arr[0])) | |
| #define assert(expr) if(!(expr)) { *(char*)0 = 0; } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // How to locate the NT Delegate Callback Table in x86 builds of ntdll.dll | |
| // | |
| // @modexpblog | |
| // | |
| #define PHNT_VERSION PHNT_THRESHOLD | |
| #include <phnt_windows.h> | |
| #include <phnt.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| llmc() { | |
| local system_prompt='Output a command that I can run in a ZSH terminal on macOS to accomplish the following task. Try to make the command self-documenting, using the long version of flags where possible. Output the command first enclosed in a "```zsh" codeblock followed by a concise explanation of how it accomplishes it.' | |
| local temp_file=$(mktemp) | |
| local capturing=true | |
| local command_buffer="" | |
| local first_line=true | |
| local cleaned_up=false # Flag to indicate whether cleanup has been run | |
| cleanup() { | |
| # Only run cleanup if it hasn't been done yet |
WKL-Sec
/ ParentProcessValidator.cpp
Created
February 9, 2024 13:47
This C++ code snippet demonstrates how to verify if an executable is launched by explorer.exe to enhance security during red team operations.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # White Knight Labs - Offensive Development | |
| # Guardrails - Parent Process Check | |
| #include <windows.h> | |
| #include <tlhelp32.h> | |
| #include <psapi.h> | |
| #include <tchar.h> | |
| #include <iostream> | |
| // Function to get the ID of the parent process |
NewerOlder