Skip to content

Instantly share code, notes, and snippets.

View aadityapurani's full-sized avatar
🎯
Focusing

Aaditya Purani aadityapurani

🎯
Focusing
162 followers · 0 following
View GitHub Profile
@smx-smx
smx-smx / XZ Backdoor Analysis
Last active February 24, 2026 09:30
[WIP] XZ Backdoor Analysis and symbol mapping
XZ Backdoor symbol deobfuscation. Updated as i make progress
@paj28
paj28 / index.md
Last active March 22, 2026 09:21

Unicode XSS via Combining Characters

Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.

Recap of Unicode XSS

Lab: https://4t64ubva.xssy.uk/

A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:

@antonioCoco
antonioCoco / TcbElevation.cpp
Last active February 5, 2026 14:27
// TcbElevation - Authors: @splinter_code and @decoder_it
#define SECURITY_WIN32
#include <windows.h>
#include <sspi.h>
#include <stdio.h>
#pragma comment(lib, "Secur32.lib")
void EnableTcbPrivilege(BOOL enforceCheck);
@NyaMisty
NyaMisty / outline_graph.py
Created September 1, 2022 01:02
IDA Graph view with outlined function included
"""
summary: drawing custom graphs
description:
Showing custom graphs, using `ida_graph.GraphViewer`. In addition,
show how to write actions that can be performed on those.
keywords: graph, actions
"""
from __future__ import print_function
# -----------------------------------------------------------------------
@pzread
pzread / gctf-2022-d8-writeup.md
Last active July 27, 2022 02:47

Google CTF 2022 Pwn d8 Author's Write-up

This year I made the pwn challenge "d8" in Google CTF 2022. d8 allows you to upload and run a piece of v8 code cache. The goal is crafting the code cache to achieve arbitrary code execution.

v8 code cache is a format to serialize the v8 heap and can be deserialized back to the v8 heap. This improves the JS loading time when the same piece of code is reused.

The format of v8 code cache is quite interesting. It doesn't directly serialize the v8 objects in the heap, but uses a bytecode to describe how to reconstruct those v8 objects. There is a series of blog posts by PT SWARM about how it works and it's definitely worth to read.

When studying the v8 code cache, I realized there is neither the boundary check in the deserializer, nor a validator to verify if the constructed v8 objects are legal, which

@loknop
loknop / writeup.md
Last active May 13, 2026 11:38
Solving "includer's revenge" from hxp ctf 2021 without controlling any files

Solving "includer's revenge" from hxp ctf 2021 without controlling any files

The challenge

The challenge was to achieve RCE with this file:

<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');

Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).

I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.

@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active April 30, 2026 10:26
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@iann0036
iann0036 / gist:b473bbb3097c5f4c656ed3d07b4d2222
Last active March 24, 2026 08:55
List of expensive / long-term effect AWS IAM actions
acm-pca:CreateCertificateAuthority
aws-marketplace:AcceptAgreementApprovalRequest
aws-marketplace:Subscribe
backup:PutBackupVaultLockConfiguration
bedrock:CreateProvisionedModelThroughput
bedrock:UpdateProvisionedModelThroughput
devicefarm:PurchaseOffering
dynamodb:PurchaseReservedCapacityOfferings
ec2:ModifyReservedInstances
ec2:PurchaseCapacityBlock
@fransr
fransr / customcsrf.py
Created February 16, 2021 08:30
Hackvertor Custom CSRF tag
import httplib
import urllib
http = httplib.HTTPSConnection('example.com', 443)
cookie = 'your=cookies';
http.request("GET", "/api/v1/csrf", "", {
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.146 Safari/537.36',
'referer': 'https://example.com/',
@cihanmehmet
cihanmehmet / subdomain_wordlist.md
Last active April 20, 2026 01:12
Subdomain Wordlist