kconner

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

ameetsaahu

Using capset

// Thanks to @pqlqpql
#include <linux/io_uring.h>
#include <sys/capability.h>
#include <sys/syscall.h>

struct user_cap_data_struct {
    uint32_t effective;
    uint32_t permitted;

jessica0f0116

{ "apiset entries": [
{ "apiset name": "api-ms-onecoreuap-print-render-l1-1-0", "hosts": "printrenderapihost.dll" },
{ "apiset name": "api-ms-win-appmodel-identity-l1-2-0", "hosts": "kernel.appcore.dll" },
{ "apiset name": "api-ms-win-appmodel-runtime-internal-l1-1-7", "hosts": "kernel.appcore.dll" },
{ "apiset name": "api-ms-win-appmodel-runtime-l1-1-3", "hosts": "kernel.appcore.dll" },
{ "apiset name": "api-ms-win-appmodel-state-l1-1-2", "hosts": "kernel.appcore.dll" },
{ "apiset name": "api-ms-win-appmodel-state-l1-2-0", "hosts": "kernel.appcore.dll" },
{ "apiset name": "api-ms-win-appmodel-unlock-l1-1-0", "hosts": "kernel.appcore.dll" },
{ "apiset name": "api-ms-win-base-bootconfig-l1-1-0", "hosts": "advapi32.dll" },
{ "apiset name": "api-ms-win-base-util-l1-1-0", "hosts": "advapi32.dll" },

uf0o

import random
import sys
import io
from ctypes import windll, POINTER, byref
from ctypes.wintypes import LPVOID, DWORD, LPCSTR, LPSTR, BOOL, HANDLE

DeviceIoControl = windll.kernel32.DeviceIoControl
CreateFileA = windll.kernel32.CreateFileA
CloseHandle = windll.kernel32.CloseHandle

xpn

typedef unsigned int DWORD;
typedef unsigned char BYTE;
typedef unsigned char * PBYTE;
typedef DWORD HRESULT;
typedef unsigned short USHORT;
typedef unsigned int ULONG;
typedef unsigned char UCHAR;
typedef bool BOOL;

static const DWORD kCurrentMajorVersion = 2;

m1ghtym0

#!/usr/bin/env python2
from pwn import *
import sys
import struct

BINARY = './winterpreter.exe'

IS_REMOTE = True
H,P = ('183.107.102.15', 54321)
if not IS_REMOTE:

saelo

|=-----------------------------------------------------------------------=|
|=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=|
|=-----------------------------------------------------------------------=|
|=------------------------------=[ saelo ]=------------------------------=|
|=-----------------------------------------------------------------------=|

The following are some brief notes about the changes that have taken place
since the release of the "Attacking JavaScript Engines" paper [1]. In
general, no big conceptional changes have happened since. Mitigations have
been added to break some of the presented techniques and, as expected, a

icecr4ck

IDAPython cheatsheet

Important links

• Porting IDAPython plugins to IDA 7.4
• Hex-Rays IDAPython official documentation

Basic commands

Get informations on the binary

apogiatzis

import lief
from sys import argv
import colorama

def _color_print(name):
    colorama.init(autoreset=True)
    def color_print(func):
        def wrapper(*args, **kwargs):
            ret = func(*args, **kwargs)
            if ret != False:

chrisdone

Common

export OPT=/opt
export BUILDS=/some/where/mini_linux
mkdir -p $BUILDS

Linux kernel