Skip to content

Instantly share code, notes, and snippets.

View blu3r4y's full-sized avatar
Bringing ideas to life

Mario Kahlhofer blu3r4y

Bringing ideas to life
68 followers · 88 following
View GitHub Profile
@blu3r4y
blu3r4y / googlectf2022_log4j.md
Created July 13, 2022 20:18

Write-Up: Web - Log4j & Log4j2 from Google CTF 2022

This blog post explains three ways to exploit Log4j 2.17.2 from Google CTF 2022:

  • Level 1: Trigger an exception in Log4j that contains the flag
  • Level 2: Guessing the flag with the help of RegEx conversion patterns
  • Bonus: Guessing the flag with a time-based side channel using ReDoS

The bonus was not necessary to solve the challenge but fun to code ;)

@blu3r4y
blu3r4y / setup-poetry.yml
Last active August 29, 2024 09:10
GitHub action to activate a Poetry environment for subsequent steps
name: setup-poetry
on:
push:
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
@blu3r4y
blu3r4y / network_flow_visualization.py
Created May 18, 2021 09:39
Network flow visualization used by Dynatrace - SAL - LIT.AI.JKU in the NAD 2021 challenge
# Copyright 2021
# Dynatrace Research
# SAL Silicon Austria Labs
# LIT Artificial Intelligence Lab
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
@blu3r4y
blu3r4y / grouped_train_test_split.py
Created May 18, 2021 09:38
Grouped train test split used by Dynatrace - SAL - LIT.AI.JKU in the NAD 2021 challenge
# Copyright 2021
# Dynatrace Research
# SAL Silicon Austria Labs
# LIT Artificial Intelligence Lab
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
@blu3r4y
blu3r4y / dt_nad2021_features.py
Created May 18, 2021 09:38
Features used by Dynatrace - SAL - LIT.AI.JKU in the NAD 2021 challenge
# Copyright 2021
# Dynatrace Research
# SAL Silicon Austria Labs
# LIT Artificial Intelligence Lab
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
@blu3r4y
blu3r4y / whatsapp_convert_locale.py
Created May 13, 2021 10:54
Convert the locale of WhatsApp exports from DE to EN
import re, sys
REGEX_ATTACHMENT = {"de": r"\u200E(.*?) \(Datei angehängt\)"}
SUB_ATTACHMENT = r"<attached: \g<1>>"
def convert(file: str, locale="de"):
"""
Convert the locale of attachments to the english one.
The output is written to a file in the same location.
@blu3r4y
blu3r4y / majority_vote.py
Created March 9, 2021 18:54
An efficient tie-breaking, numpy-based function that computes the majority class from multiple predictions
import numpy as np
def majority_vote(*arrays: np.array, n_classes: int = None) -> np.array:
"""
Given an arbitrary number of integer-based, one-dimensional input vectors
that represent class labels, compute a new vector that will take the majority
label of the input vectors. Ties are broken randomly for each observation.
If you omit the `n_classes` argument, it will be inferred by counting
@blu3r4y
blu3r4y / circus_flask.py
Last active April 19, 2021 16:36
Running two flask apps with circus
from circus import get_arbiter
alice = dict(
name="alice",
cmd="python -m flask run --port=81",
env={"FLASK_APP": "flask_alice.py"},
copy_env=True,
copy_path=True,
)
@blu3r4y
blu3r4y / keybase.md
Last active January 5, 2021 17:28
My keybase proof

Keybase proof

I hereby claim:

  • I am blu3r4y on github.
  • I am blu3r4y (https://keybase.io/blu3r4y) on keybase.
  • I have a public key ASAaCd4yddilhaf1QEv9GI40ZdcfMICJMpPkklewor035Ao

To claim this, I am signing this object:

@blu3r4y
blu3r4y / lazysequence.py
Created December 26, 2019 18:32
A sequence object that is backed by a function for retrieving elements
from functools import lru_cache
from typing import Sequence
class LazySequence(Sequence):
"""
A sequence object that is backed by a function for retrieving elements
"""
@lru_cache(maxsize=None)