comex

// DySlim is complicated and requires writing 6GB to disk (if only temporarily).
// This lets you mount the dyld shared cache via FUSE; the resulting files are weird but readable by things like otool and strings.
//
// gcc -std=gnu99 -I/opt/local/include -L/opt/local/lib -D_FILE_OFFSET_BITS=64 -o dsc dsc.c -lfuse -framework CoreFoundation

#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <stdio.h>

nelhage

{-
Copyright (c) 2011 Nelson Elhage
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright

argp

#!/usr/bin/env python

import sys
import string
import commands
import subprocess

true = True
false = False

jboner

Latency Comparison Numbers (~2012)
----------------------------------
L1 cache reference                           0.5 ns
Branch mispredict                            5   ns
L2 cache reference                           7   ns                      14x L1 cache
Mutex lock/unlock                           25   ns
Main memory reference                      100   ns                      20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy             3,000   ns        3 us
Send 1K bytes over 1 Gbps network       10,000   ns       10 us
Read 4K randomly from SSD*             150,000   ns      150 us          ~1GB/sec SSD

mfukar

define -mem-heap-dump-chunk
  printf "%#016x: ", $mem_addr
  printf "%016lu %016lu   %#02x ", ((long *)$mem_addr)[0], ((long *)$mem_addr)[1] & ~3, ((long*)$mem_addr)[1] & 3
  printf "%016x %016x\n", ((long *)$mem_addr)[2], ((long *)$mem_addr)[3]
  set $mem_addr = $mem_addr + ((long *)$mem_addr)[1] & ~3
end
document -mem-heap-dump-chunk
!!! FOR INTERNAL USE ONLY - DO NOT CALL !!!
end

argp

\begin{table*}
\centering
{\footnotesize
\caption{Evaluation of Trust Frameworks.}
\begin{tabular}{|c|c|c|c|c|c|c|}
\hline
 \textbf{Proposals} & \textbf{Local trust} & \textbf{Trust} & \textbf{Depth limit} & \textbf{Trust} &  \textbf{Trust} & \textbf{Multi-path}\\
  & & \textbf{hierarchy} & & \textbf{asymmetry} & \textbf{differentiation} & \textbf{contribution}\\\hline
 Marsh \cite{Mar94}                  & Yes & No  & N/A & Yes & No  & No \\\hline
 eBay \cite{Eba06}                   & No  & No  & N/A & Yes & No  & No \\\hline

grutz

#!/bin/bash

#  crack-all-lms-avenger
#  (c) 2012 by Kurt Grutzmacher ([email protected])
#  License: BSD 3-Clause - http://opensource.org/licenses/bsd-3-clause
#
#  So you have a pwdump file and it has some LANMAN hashes, eh? Run this and I
#  guarantee you'll crack a ton of them!
#
#  Some paths are hardcoded. YMMV. No warranty express or implied. See your

krnlutils.cpp

#include "sysret.h"
#include "log.h"
#include "sources\include\beaengine\BeaEngine.h"

BOOL
GetDriverImageBase( 
	OUT PULONG_PTR DriverBase, 
	IN PCHAR DriverName
	)
{

joernchen

This turns https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt 
into a Remote Command Execution:

NOTE: It relies on the PHP expect module being loaded 
(see http://de.php.net/manual/en/book.expect.php)

joern@vbox-1:/tmp$ cat /var/www/server.php 
<?
    require_once("/usr/share/php/libzend-framework-php/Zend/Loader/Autoloader.php");
    Zend_Loader_Autoloader::getInstance();

koto

# This is supposedly what CRIME by Juliano Rizzo and Thai Duong will do
# Algorithm by Thomas Pornin, coding by xorninja, improved by @kkotowicz
# http://security.blogoverflow.com/2012/09/how-can-you-protect-yourself-from-crime-beasts-successor/

import string
import zlib
import sys
import random

charset = string.letters + string.digits + "%/+="